ºèðÀÂÛÌ 350-701vce

SCOR_350-701_September_2020-v1.
1_formatted
Number: 350-701
Passing Score: 850
Time Limit: 120 min
File Version: 2.0
Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)
Number: 350-701
Passing Score: 825
Time Limit: 120 min
File Version: 1.1
Exam Name: Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Exam Code:
350-701
Sections
Sections
1. Section 1
2. Section 2
3. Section 3 with DnD
Exam A
QUESTION 1
Which attack is commonly associated with C and C++ programming languages?
A. cross-site scripting
B. DDoS
C. buffer overflow
D. water holing
Correct Answer: C
Section: Section 1
Explanation
Explanation/Reference:
Section: Section 1
Explanation
QUESTION 2
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
protocol?
A. SMTP
B. pxGrid
C. STIX
D. XMPP
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 3
Which two preventive measures are used to control cross-site scripting? (Choose two)
A. Disable cookie inspection in the HTML inspection engine.

B. Incorporate contextual output encoding/escaping
C. Enable client-side scripts on a per-domain basis
D. Run untrusted HTML input through an HTML sanitization engine.
E. Same Site cookie attribute should not be used.
Correct Answer: BC
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 4
Which two mechanisms are used to control phishing attacks? (Choose two)
A. Use antispyware software

B. Implement email filtering techniques.
C. Revoke expired CRL of the websites.
D. Enable browser alerts for fraudulent websites.
E. Define security group memberships.
Correct Answer: BD
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 5
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
A. rootkit exploit
B. Smurf
C. distributed denial of service
D. cross-site scripting
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 6
Which two behavioral patterns characterize a ping of death attack? (Choose two)
A. Malformed packets are used to crash systems.

B. The attack is fragmented into groups of 8 octets before transmission.
C. The attack is fragmented into groups of 16 octets before transmission.
D. Publicly accessible DNS servers are typically used to execute the attack.
E. Short synchronized bursts of traffic are used to disrupt TCP connections.
Correct Answer: AB
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 7
What is the difference between deceptive phishing and spear phishing?
A. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false
webpage.
B. A spear phishing campaign is aimed at a specific person versus a group of people.
C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
D. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
Correct Answer: B
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 8
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social
engineering attacks? (Choose two)
A. Patch for cross-site scripting.

B. Perform backups to the private cloud.
C. Protect systems with an up-to-date antimalware program.
D. Protect against input validation and character escapes in the endpoint.
E. Install a spam and virus email filter.
Correct Answer: CE
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 9
Which two capabilities does TAXII support? (Choose two)
A. Binding
B. Exchange
C. Mitigating
D. Pull messaging
E. Correlation
Correct Answer: AD
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 10
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
A. web page images

B. database
C. Linux and Windows operating systems
D. user input validation in a web page or web application
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 11
Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)
A. Secure the connection between the web and the app tier.
B. Use prepared statements and parameterized queries.
C. Check integer, float, or Boolean string parameters to ensure accurate values.
D. Block SQL code execution in the web application database login.
E. Write SQL code instead of using object-relational mapping libraries.
Correct Answer: BC
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 12
Which form of attack is launched using botnets?
A. DDOS
B. EIDDOS
C. TCP flood
D. virus
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 13
Which type of attack is social engineering?
A. trojan
B. malware
C. phishing
D. MITM
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 14
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also
provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. profile
B. url
C. terminal
D. selfsigned
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 15
Which two risks is a company vulnerable to if it does not have a well-established patching solution for
endpoints? (Choose two)
A. ARP spoofing
B. exploits
C. malware
D. eavesdropping
E. denial-of-service attacks
Correct Answer: BC
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 16
What are two rootkit types? (Choose two)
A. bootloader
B. buffer mode
C. registry
D. virtual
E. user mode
Correct Answer: AE
Section: Section 1
Explanation
Section: Section 1
Explanation
Boot loader Level (Bootkit) Rootkits: Boot loader Level (Bootkit) Rootkits replaces or modifies the legitimate
boot loader with another one thus enabling the Boot loader Level (Bootkit) to be activated even before the
operating system is started. Boot loader Level (Bootkit) Rootkits are serious threat to security because they can
be used to hack the encryption keys and passwords.
Hypervisor (Virtualized) Level Rootkits: Hypervisor (Virtualized) Level Rootkits are created by exploiting
hardware features such as Intel VT or AMD-V (Hardware assisted virtualization technologies). Hypervisor level
rootkits hosts the target operating system as a virtual machine and therefore they can intercept all hardware
calls made by the target operating system.
Kernel Level Rootkits: Kernel is the core of the Operating System and Kernel Level Rootkits are created by
adding additional code or replacing portions of the core operating system, with modified code via device drivers
(in Windows) or Loadable Kernel Modules (Linux). Kernel Level Rootkits can have a serious effect on the
stability of the system if the kit’s code contains bugs. Kernel rootkits are difficult to detect because they have
the same privileges of the Operating System, and therefore they can intercept or subvert operating system
operations.
Hardware/Firmware Rootkits: Hardware/Firmware rootkits hide itself in hardware such a network card, system
BIOS etc.
Application Level Rootkits: Application level rootkits operate inside the victim computer by changing standard
application files with rootkit files, or changing the behavior of present applications with patches, injected code
etc.
https://www.omnisecu.com/security/rootkits.php
QUESTION 17
Which threat involves software being used to gain unauthorized access to a computer system?
A. ping of death
B. HTTP flood
C. virus
D. NTP amplification
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 18
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current
encryption technology?
A. 3DES
B. DES
C. RSA
D. AES
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 19
Which two descriptions of AES encryption are true? (Choose two)
A. AES is more secure than 3DES.

B. AES can use a 168-bit key for encryption.
C. AES can use a 256-bit key for encryption.
D. AES encrypts and decrypts a key three times in sequence.
E. AES is less secure than 3DES.
Correct Answer: AC
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 20
Which algorithm provides encryption and authentication for data plane communication?
A. SHA-96
B. SHA-384
C. AES-GCM
D. AES-256
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 21
Which two key and block sizes are valid for AES? (Choose two)
A. 128-bit block size, 192-bit key length

B. 128-bit block size, 256-bit key length
C. 64-bit block size, 168-bit key length
D. 192-bit block size, 256-bit key length
E. 64-bit block size, 112-bit key length
Correct Answer: AB
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 22
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
Correct Answer: B
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 23
Which technology must be used to implement secure VPN connectivity among company branches over a
private IP cloud with any-to-any scalable connectivity?
A. DMVPN
B. FlexVPN
C. IPsec DVTI
D. GET VPN
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 24
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the
IPsec configuration is copied automatically
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same
type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device
D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;
the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the
same type of device.
Correct Answer: CE
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 25
Which VPN technology can support a multivendor environment and secure traffic between sites?
A. SSL VPN
B. GET VPN
C. FlexVPN
D. DMVPN
Correct Answer: B
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 26
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0
command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the
VPN?
A. Change isakmp to ikev2 in the command on host A.
B. Enter the command with a different password on hos tB.
C. Enter the same command on host B.
D. Change the password on host A to the default password.
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 27
Refer to the exhibit.
A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are
unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa
command to track VPN status. What is the problem according to this command output?
A. hashing algorithm mismatch
B. encryption algorithm mismatch
C. authentication key mismatch
D. interesting traffic was not applied
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 28
What is a difference between FlexVPN and DMVPN?
A. DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

B. DMVPN uses only IKEv1 FlexVPN uses only IKEv2
C. FlexVPN uses IKEv2, DMVPN uses IKEv1 or IKEv2
D. FlexVPN uses IKEv1 or IKEv2, DMVPN uses only IKEv2
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
FlexVPN is a newer "solution" for deployment of VPNs and for this you must have newer hardware to support
the versions of IOS code which offer FlexVPN features. DMVPN is an option on almost every Cisco router,
provided you are running a version of code which came out in the last decade. For the platforms supported by
Cisco Flex VPN, please check Table 1 on the link below:
FlexVPN is based on these same fundamental technologies:
IPsec: Unlike default in DMVPN, IKEv2 is used instead of IKEv1 to negotiate IPsec SAs. IKEv2 offers
improvements over IKEv1, starting with resiliency and ending with how many messages are needed to establish
a protected data channel.
GRE: Unlike DMVPN, static and dynamic point to point interfaces are used, and not only one static multpoint
GRE interface. This configuration allows added flexibility, especially for per-spoke/per-hub behavior.
NHRP: In FlexVPN NHRP is primarily used to establish spoke to spoke communication. Spokes do not register
to hub.
Routing: Because spokes do not perform NHRP registration to hub, you need to rely on other mechanisms to
make sure hub and spokes can communicate bi-directionally. Simliar to DMVPN, dynamic routing protocols can
be used. However, FlexVPN allows you to use IPsec to introduce routing information. The default is to introduce
as /32 route for the IP address on the other side of the tun
QUESTION 29
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
A. TLSv1.2
B. TLSv1.1
C. BJTLSv1
D. DTLSv1
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 30
What is a commonality between DMVPN and FlexVPN technologies?
A. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
B. FlexVPN and DMVPN use the new key management protocol
C. FlexVPN and DMVPN use the same hashing algorithms
D. IOS routers run the same NHRP code for DMVPN and FlexVPN
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 31
Which functions of an SDN architecture require southbound APIs to enable communication?
A. management console and the cloud

B. management console and the SDN controller
C. SDN controller and the cloud
D. SDN controller and the network elements
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
Southbound APIs allows the end-user to gain better control over the network and promotes the efficiency level
of the SDN controller to evolve based on real-time demands and needs. In addition, the interface is an industry
standard that justifies the ideal approach the SDN controller should communicate with the forwarding plane to
modify the networks that would let it progressively move along with the advancing enterprise needs. To
compose a more responsive network layer to real-time traffic demands, the administrators can add or remove
entries to the internal flow-table of network switches and routers.
Some of the popular southbound APIs are OpenFlow, Cisco, and OpFlex and other switch and router vendors
that support OpenFlow include IBM, Dell, Juniper, Arista and more.
https://www.webwerks.in/blogs/southbound-vs-northbound-sdn-what-are-differences
QUESTION 32
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
A. accounting
B. encryption
C. assurance
D. automation
E. authentication
Correct Answer: CD
Section: Section 1
Explanation
Section: Section 1
Explanation
Automation
Automate deployment and management of network devices and integration of security solutions, to promote
consistency across configurations, reduce errors, and save time.
Assurance
Analytics and AI/ML combined with Cisco best practices help to optimize your network's performance, reduce
troubleshooting time, and lower the cost of network operations.
Security
Discover rogue devices and configuration inconsistencies through extended integrations with Cisco ISE,
Stealthwatch, Umbrella, and third-party NAC/NAS.
Policy
Translate business intent into zero-trust network policies. Identify all endpoints and optimize user experience
based on business requirements.
https://www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/index.html
QUESTION 33
The main function of northbound APIs in the SDN architecture is to enable communication between which two
areas of a network?
A. SDN controller and the cloud
B. management console and the cloud
C. management console and the SDN controller
D. SDN controller and the management solution
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
Northbound SDN
Contradictory to southbound API, northbound interfaces allows communication among the higher-level
components. While the traditional networks use firewall or load balancer to control data plane behavior , SDN
installs applications that uses the controller and these applications communicate with the controller through its
northbound interface. So the function of
https://www.webwerks.in/blogs/southbound-vs-northbound-sdn-what-are-differences
QUESTION 34
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)
A. push
B. options
C. connect
D. put
E. get
Correct Answer: DE
Section: Section 1
Explanation
Section: Section 1
Explanation
Available request methods are:
GET – Retrieves data from the specified object.

PUT – Adds the supplied information to the specified object; returns a 404 Resource Not Found error if the
object does not exist.
POST – Creates the object with the supplied information.
DELETE – Deletes the specified object.
PATCH – Applies partial modifications to the specified object.
https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html
QUESTION 35
What does the API do when connected to a Cisco security appliance?
A. create an SNMP pull mechanism for managing AMP

B. gather network telemetry information from AMP for endpoints
C. get the process and PID information from the computers in the network
D. gather the network interface information about the computers AMP sees
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 36
What is the result of this Python script of the Cisco DNA Center API?
A. adds a switch to Cisco DNA Center

B. adds authentication to a switch
C. receives information about a switch
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 37
Which API is used for Content Security?
A. OpenVuln API
B. IOS XR API
C. NX-OS API
D. AsyncOS API
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 38
Which option is the main function of Cisco Firepower impact flags?
A. They alert administrators when critical events occur.

B. They identify data that the ASA sends to the Firepower module.
C. They correlate data about intrusions and vulnerability.
D. They highlight known and suspected malicious IP addresses in reports.
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 39
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)
A. Cisco FTDv configured in routed mode and IPv6 configured

B. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
C. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
D. Cisco FTDv with two management interfaces and one traffic interface configured
E. Cisco FTDv with one management interface and two traffic interfaces configured
Correct Answer: BC
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 40
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the
ASA be added on the Cisco UC Manager platform?
A. Endpoint Trust List

B. Secured Collaboration Proxy
C. Certificate Trust List
D. Enterprise Proxy Service
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 41
Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)
A. routed mode
B. active mode
C. transparent mode
D. inline mode
E. passive monitor-only mode
Correct Answer: AC
Section: Section 1
Explanation
Section: Section 1
Explanation
2. Deploy the ASA FirePOWER Module in Your Network
Routed Mode
ASA 5585-X (Hardware Module) in Routed Mode
ASA 5506-X (Software Module) in Routed Mode (9.7 to 9.9)
ASA 5506-X (9.6 and Earlier) through ASA 5555-X (Software Module) in Routed Mode
Transparent Mode
ASA 5585-X (Hardware Module) in Transparent Mode
ASA 5506-X through ASA 5555-X, ISA 3000 (Software Module) in Transparent Mode
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
QUESTION 42
Which feature is configured for managed devices in the device platform settings of the Firepower Management
Center?
A. time synchronization
B. network address translations
C. quality of service
D. intrusion policy
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 43
Which information is required when adding a device to Firepower Management Center?
A. encryption method
B. username and password
C. device serial number
D. registration key
Correct Answer: D
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 44
Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)
A. Protocol
B. Source
C. Port
D. Application
E. Rule
Correct Answer: BE
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 45
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention
System?
A. Security Intelligence
B. URL Filtering
C. Impact Flags
D. Health Monitoring
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 46
Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion
Prevention System?
A. protect
B. malware
C. URL filtering
D. control
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 47
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed
devices?
A. health policy
B. correlation policy
C. system policy
D. health awareness policy
E. access control policy
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 48
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
A. Its events match all traffic classes in parallel.

B. It tracks the flow continuously and provides updates every 10 seconds.
C. It tracks flow-create, flow-teardown, and flow-denied events.
D. It provides stateless IP flow tracking that exports all records of a specific flow.
Correct Answer: C
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 49
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention
System? (Choose two)
A. SSL
B. packet decoder
C. SIP
D. modbus
E. inline normalization
Correct Answer: AC
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 50
Which feature is supported when deploying Cisco ASAv within AWS public cloud?
A. user deployment of Layer 3 networks

B. multiple context mode
C. clustering
D. IPv6
Correct Answer: A
Section: Section 1
Explanation
Section: Section 1
Explanation
QUESTION 51
A mall provides security services to customers with a shared appliance. The mall wants separation of
management on the shared appliance. Which ASA deployment mode meets these needs?
A. routed mode
B. transparent mode
C. multiple zone mode
D. multiple context mode
Correct Answer: D
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 52
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)
A. Define a NetFlow collector by using the flow-export command.

B. Enable NetFlow Version 9.
C. Create an ACL to allow UDP traffic on port 9996.
D. Create a class map to match interesting traffic.
E. Apply NetFlow Exporter to the outside interface in the inbound direction.
Correct Answer: AE
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 53
How many interfaces per bridge group does an ASA bridge group deployment support?
A. up to 8
B. up to 4
C. up to 16
D. up to 2
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 54
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention
System?
A. Intrusion
B. Correlation
C. Access Control
D. Network Discovery
Correct Answer: D
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 55
Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?
A. It inspects hosts that meet the profile with more intrusion rules.
B. It defines a traffic baseline for traffic anomaly deduction.
C. It allows traffic if it does not meet the profile.
D. It blocks traffic if it does not meet the profile.
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 56
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
A. To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
B. A flow-export event type must be defined under a policy.
C. NSEL can be used without a collector configured.
D. A sysopt command can be used to enable NSEL on a specific interface.
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 57
Which ASA deployment mode can provide separation of management on a shared appliance?
A. transparent firewall mode

B. routed mode
C. multiple context mode
D. DMZ multiple zone mode
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 58
Which policy represents a shared set of features or parameters that define the aspects of a managed device
that are likely to be similar to other managed devices in a deployment?
A. Device Management Policy

B. Group Policy
C. Platform Service Policy
D. Access Control Policy
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 59
Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?
A. configure manager <key> add host

B. configure system add <host><key>
C. configure manager add <host><key>
D. configure manager delete
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 60
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA
command must be used?
A. ip flow monitor input

B. flow-export destination inside 1.1.1.1 2055
C. flow exporter
D. ip flow-export destination 1.1.1.1 2055
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 61
Refer to the exhibit. What is a result of the configuration?
A. Traffic from the inside network is redirected

B. Traffic from the inside and DMZ networks is redirected
C. All TCP traffic is redirected
D. Traffic from the DMZ network is redirected
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 62
Which statement about IOS zone-based firewalls is true?
A. An unassigned interface can communicate with assigned interfaces

B. An interface can be assigned to multiple zones.
C. An interface can be assigned only to one zone.
D. Only one interface can be assigned to a zone.
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 63
What is a characteristic of Firepower NGIPS inline deployment mode?
A. It must have inline interface pairs configured.

B. ASA with Firepower module cannot be deployed.
C. It is out-of-band from traffic.
D. It cannot take actions such as blocking traffic.
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 64
Which technology is used to improve web traffic performance by proxy caching?
A. FireSIGHT
B. WSA
C. ASA
D. Firepower
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 65
What is the primary benefit of deploying an ESA in hybrid mode?
A. You can fine-tune its settings to provide the optimum balance between security and performance for your
environment
B. It provides the lowest total cost of ownership by reducing the need for physical appliances
C. It provides email security while supporting the transition to the cloud
D. It provides maximum protection and control of outbound messages
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 66
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?
A. redirection
B. forward
C. transparent
D. proxy gateway
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 67
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
A. It alerts users when the WSA decrypts their traffic.

B. It provides enhanced HTTPS application detection for AsyncOS.
C. It decrypts HTTPS application traffic for unauthenticated users.
D. It decrypts HTTPS application traffic for authenticated users.
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 68
What is the primary role of the Cisco Email Security Appliance?
A. Mail Submission Agent

B. Mail User Agent
C. Mail Transfer Agent
D. Mail Delivery Agent
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 69
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?
(Choose two)
A. RAT
B. white list
C. Sophos engine
D. outbreak filters
E. DLP
Correct Answer: CD
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 70
Which action controls the amount of URI text that is stored in Cisco WSA logs files?
A. Configure the advanced proxy config command with the HTTPS subcommand
B. Configure a maximum packet size.
C. Configure a small log-entry size.
D. Configure the data security config command
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 71
Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)
A. NetFlow
B. Data loss prevention
C. Time-based one-time passwords
D. Heuristic-based filtering
E. Geolocation-based filtering
Correct Answer: BE
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 72
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?
(Choose two)
A. reference a Proxy Auto Config file

B. configure policy-based routing on the network infrastructure
C. use Web Cache Communication Protocol
D. configure the proxy IP address in the web-browser settings
E. configure Active Directory Group Policies to push proxy settings
Correct Answer: AC
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 73
After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.
Which task can you perform to determine where each message was lost?
A. Perform a trace.
B. Configure the tracking config command to enable message tracking.
C. Review the log files.
D. Generate a system report.
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 74
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
A. It can handle explicit HTTP requests.

B. It requires a proxy for the client web browser.
C. Layer 4 switches can automatically redirect traffic destined to port 80.
D. It requires a PAC file for the client web browser.
E. WCCP v2-enabled devices can automatically redirect traffic destined to port 80.
Correct Answer: CE
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 75
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a
recipient address. Which list contains the allowed recipient addresses?
A. RAT
B. HAT
C. SAT
D. BAT
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 76
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose
two)
A. antispam
B. DDoS
C. encryption
D. antivirus
E. DLP
Correct Answer: CE
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 77
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
A. AMP Reputation Center

B. IP Blacklist Center
C. IP and Domain Reputation Center
D. File Reputation Center
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 78
Why would a user choose an on-premises ESA versus the CES solution?
A. Demand is unpredictable.
B. ESA is deployed inline.
C. Sensitive data must remain onsite.
D. The server team wants to outsource this service.
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 79
Which deployment model is the most secure when considering risks to cloud adoption?
A. Public Cloud
B. Community Cloud
C. Private Cloud
D. Hybrid Cloud
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 80
Which technology reduces data loss by identifying sensitive information stored in public computing
environments?
A. Cisco HyperFlex
B. Cisco Cloudlock
C. Cisco Firepower
D. Cisco SDA
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 81
On which part of the IT environment does DevSecOps focus?
A. application development
B. perimeter network
C. data center
D. wireless network
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 82
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
A. Tetration
B. Firepower
C. Nexus
D. Stealthwatch
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 83
In which cloud services model is the tenant responsible for virtual machine OS patching?
A. SaaS
B. PaaS
C. UCaaS
D. IaaS
Correct Answer: D
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 84
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
A. XaaS
B. PaaS
C. SaaS
D. IaaS
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 85
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
A. virtual machine
B. hypervisor
C. application
D. network
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 86
What is the function of Cisco Cloudlock for data security?
A. user and entity behavior analytics

B. controls malicious cloud apps
C. detects anomalies
D. data loss prevention
Correct Answer: D
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 87
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
A. It sends the application information to an administrator to act on.

B. It discovers and controls cloud apps that are connected to a company's corporate environment.
C. It allows the administrator to quarantine malicious files so that the application can function, just not
maliciously.
D. It deletes any application that does not belong in the network.
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 88
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the
corporate network. The endpoints must have the corporate antivirus application installed and be running the
latest build of Windows 10. What must the administrator implement to ensure that all devices are compliant
before they are allowed on the network?
A. Cisco Identity Services Engine with PxGrid services enabled

B. Cisco Identity Services Engine and AnyConnect Posture module
C. Cisco ASA firewall with Dynamic Access Policies configured
D. Cisco Stealthwatch and Cisco Identity Services Engine integration
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 89
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco
ISE?
A. It allows the endpoint to authenticate with 802.1x or MAB.

B. It allows CoA to be applied if the endpoint status is compliant.
C. It adds endpoints to identity groups dynamically.
D. It verifies that the endpoint has the latest Microsoft security patches installed.
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
The question is what are the benefits of the posture policy ensuring that the endpoint is compliant:
- the endpoint reauthenticates with a CoA if the device is compliant
CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide chapter 5
QUESTION 90
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?
(Choose two)
A. single sign-on
B. local web auth
C. multiple factor auth
D. central web auth
E. TACACS+
Correct Answer: BD
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 91
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline
posture node?
A. RADIUS Change of Authorization

B. DHCP snooping
C. device tracking
D. VLAN hopping
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 92
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)
A. Windows service
B. computer identity
C. default browser
D. Windows firewall
E. user identity
Correct Answer: AD
Section: Section 2
Explanation
Section: Section 2
Explanation
https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-
p/3680273#toc-hId-1968229706
QUESTION 93
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services
Engine? (Choose two)
A. sFlow
B. TACACS+
C. DHCP
D. SMTP
E. RADIUS
Correct Answer: CE
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 94
Which compliance status is shown when a configured posture policy requirement is not met?
A. noncompliant
B. authorized
C. unknown
D. compliant
Correct Answer: A
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 95
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch
was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate
the risk of this ransom ware infection? (Choose two)
A. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate
throughout the network.
B. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities
patched in a timely fashion.
C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met
before allowing access on the network.
D. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing
access on the network.
E. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing
access on the network.
Correct Answer: CD
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 96
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the
endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?
A. Port Bounce
B. CoA Reauth
C. CoA Session Query
D. CoA Terminate
Correct Answer: B
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 97
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
A. Internal Database
B. RSA SecureID
C. LDAP
D. Active Directory
Correct Answer: D
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 98
What is a characteristic of Dynamic ARP Inspection?
A. DAI intercepts all ARP requests and responses on trusted ports only.
B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are
untrusted
C. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP
snooping binding database.
D. DAI associates a trust state with each switch.
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 99
A malicious user gained network access by spoofing printer connections that were authorized using MAB on
four different switch ports at the same time. What two catalyst switch security features will prevent further
violations? (Choose two)
A. Dynamic ARP inspection

B. 802.1AE MacSec
C. Private VLANs
D. DHCP Snooping
E. Port security
F. IP Device track
Correct Answer: AD
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 100
Which command enables 802.1X globally on a Cisco switch?
A. dot1x pae authenticator

B. authentication port-control aut
C. dot1x system-auth-control
D. aaa new-model
Correct Answer: C
Section: Section 2
Explanation
Section: Section 2
Explanation
QUESTION 101
What is a characteristic of traffic storm control behavior?
A. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within
the interval.
B. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
C. Traffic storm control cannot determine if the packet is unicast or broadcast.
D. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is
unicast or broadcast.
Correct Answer: A
Section: Section 3 with DnD
Explanation
Explanation
QUESTION 102
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is
applied, all users on that switch are unable to communicate with any destination. The network administrator
checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this
problem?
A. The no ip arp inspection trust command is applied on all user host interfaces
B. Dynamic ARP Inspection has not been enabled on all VLANs
C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
D. DHCP snooping has not been enabled on all VLANs.
Correct Answer: A
Explanation
Explanation
QUESTION 103
An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port
configuration is missing?
A. dotlx reauthentication
B. dot1x pae authenticator
C. authentication open
D. cisp enable
Correct Answer: B
Explanation
Explanation
QUESTION 104
Which IPS engine detects ARP spoofing?
A. AIC Engine
B. Atomic ARP Engine
C. Service Generic Engine
D. ARP Inspection Engine
Correct Answer: B
Explanation
Explanation
QUESTION 105
Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?
A. 2
B. 6
C. 1
D. 31
Correct Answer: B
Explanation
Explanation
QUESTION 106
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941
command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this
goal?
A. snmp-server host inside 10.255.254.1 version 3 andy

B. snmp-server host inside 10.255.254.1 version 3 myv3
C. snmp-server host inside 10.255.254.1 snmpv3 andy
D. snmp-server host inside 10.255.254.1 snmpv3 myv3
Correct Answer: A
Explanation
Explanation
QUESTION 107
Refer to the exhibit. Which command was used to generate this output and to show which ports are
authenticating with dot1x or mab?
A. show authentication sessions
B. show authentication registrations
C. show dot1x all
D. show authentication method
Correct Answer: D
Explanation
Explanation
"methods" can be used to specify the order of authentication methods. If authentication service is not available
from the first method, second method is used and so on. The available methods are enable (enable password/
secret), group(server-group), krb5 (Kerberos authentication), line (line console or line vty passwords), local
(local username database), none (no authentication, means that you can enter without any authentication
check)
QUESTION 108
Which SNMPv3 configuration must be used to support the strongest security possible?
A. asa-host(config)#snmpserver group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX
asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
B. asa-host(config)#snmp-server group myv3 v3 noauth

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
C. asa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX
D. sa-host(config)#snmp-server group myv3 v3 priv

asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX
Correct Answer: D
Explanation
Explanation
QUESTION 109
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and
payload length?
A. process details variation

B. software package variation
C. flow insight variation
D. interpacket variation
Correct Answer: D
Explanation
Explanation
QUESTION 110
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
A. show authorization status

B. show ver gi0/1
C. show authen sess int gi0/1
D. show connection status gi0/1
Correct Answer: C
Explanation
Explanation
QUESTION 111
A network administrator configures command authorization for the admin5 user. What is the admin5 user able
to do on HQ_Router after this configuration?
A. set the IP address of an interface

B. complete no configurations
C. complete all configurations
D. add subinterfaces
Correct Answer: B
Explanation
Explanation
QUESTION 112
Refer to the exhibit. What does the number 15 represent in this configuration?
A. privilege level for an authorized user to this router

B. access list that identifies the SNMP devices that can access the router
C. interval in seconds between SNMPv3 authentication attempts
D. number of possible failed attempts until the SNMPv3 user is locked out
Correct Answer: B
Explanation
Explanation
QUESTION 113
Under which two circumstances is a CoA issued? (Choose two)
A. A new authentication rule was added to the policy on the Policy Service node.
B. An endpoint is profiled for the first time.
C. A new Identity Service Engine server is added to the deployment with the Administration persona
D. A new Identity Source Sequence is created and referenced in the authentication policy.
E. An endpoint is deleted on the Identity Service Engine server.
Correct Answer: BE
Explanation
Explanation
QUESTION 114
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
A. DNSSEC
B. DNS tunneling
C. DNS security
D. DNSCrypt
Correct Answer: B
Explanation
Explanation
QUESTION 115
How is ICMP used an exfiltration technique?
A. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast
address
B. by overwhelming a targeted host with ICMP echo-request packets
C. by flooding the destination host with unreachable packets
D. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised
host
Correct Answer: D
Explanation
Explanation
QUESTION 116
How is DNS tunneling used to exfiltrate data out of a corporate network?
A. It encodes the payload with random characters that are broken into short strings and the DNS server
rebuilds the exfiltrated data.
B. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or
start other attacks.
C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage
and theft on the network.
D. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.
Correct Answer: A
Explanation
Explanation
QUESTION 117
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
(Choose two)
A. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

B. An exposed API for the messaging platform is used to send large amounts of data.
C. Outgoing traffic is allowed so users can communicate with outside organizations.
D. Malware infects the messenger application on the user endpoint to send company data.
E. Messenger applications cannot be segmented with standard network controls.
Correct Answer: AE
Explanation
Explanation
QUESTION 118
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
A. URL
B. allowed applications
C. simple custom detections
D. command and control
E. blocked ports
Correct Answer: BC
Explanation
Explanation
QUESTION 119
Which function is the primary function of Cisco AMP threat Grid?
A. monitoring network traffic

B. automated malware analysis
C. applying a real-time URI blacklist
D. automated email encryption
Correct Answer: B
Explanation
Explanation
QUESTION 120
Which Cisco AMP file disposition valid?
A. malware
B. non malicious
C. pristine
D. dirty
Correct Answer: A
Explanation
Explanation
QUESTION 121
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data
within a network perimeter?
A. public cloud
B. private cloud
C. cloud web services
D. network AMP
Correct Answer: B
Explanation
Explanation
QUESTION 122
Which capability is exclusive to a Cisco AMP public cloud instance as compared to a private cloud instance?
A. TETRA detection engine
B. ETHOS detection engine
C. RBAC
D. SPERO detection engine
Correct Answer: B
Explanation
Explanation
QUESTION 123
When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?
A. Spero analysis
B. sandbox analysis
C. dynamic analysis
D. malware analysis
Correct Answer: C
Explanation
Explanation
QUESTION 124
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
A. Activate SSL decryption.

B. Activate the Advanced Malware Protection license
C. Enable IP Layer enforcement.
D. Enable Intelligent Proxy.
Correct Answer: D
Explanation
Explanation
QUESTION 125
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak
control method is used to accomplish this task?
A. device flow correlation

B. simple detections
C. application blocking list
D. advanced custom detections
Correct Answer: C
Explanation
Explanation
QUESTION 126
When wired 802.1X authentication is implemented, which two components are required? (Choose two)
A. authentication server: Cisco Identity Service Engine

B. authenticator: Cisco Identity Services Engine
C. authenticator: Cisco Catalyst switch
D. authentication server: Cisco Prime Infrastructure
E. supplicant: Cisco AnyConnect ISE Posture module
Correct Answer: AC
Explanation
Explanation
QUESTION 127
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported
on the device?
A. aaa new-model
B. auth-type all
C. ip device-tracking
D. aaa server radius dynamic-author
Correct Answer: A
Explanation
Explanation
QUESTION 128
Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?
A. There are separate authentication and authorization request packets
B. The authentication request contains only a username
C. The authentication request contains only a password
D. The authentication and authorization requests are grouped in a single packet
Correct Answer: D
Explanation
Explanation
QUESTION 129
Refer to the exhibit. Which command was used to display this output?
A. show dot1x
B. show dot1x all summary
C. show dot1x interface gi1/0/12
D. show dot1x all
Correct Answer: D
Explanation
Explanation
please review this video if you do not have access or configured a switch to display this output
https://www.youtube.com/watch?v=sLytTiUAfb0
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-
xe-3se-3850-book/config-ieee-802x-pba.html
QUESTION 130
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The
engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use
802.1X, MAB, or WebAuth. Which product meets all of these requirements?
A. Cisco Identity Services Engine

B. Cisco AMP for Endpoints
C. Cisco Stealthwatch
D. Cisco Prime Infrastructure
Correct Answer: A
Explanation
Explanation
QUESTION 131
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the
deployment?
A. NGFW
B. WSA
C. AMP
D. ESA
Correct Answer: C
Explanation
Explanation
QUESTION 132
An MDM provides which two advantages to an organization with regards to device management? (Choose two)
A. Active Directory group policy management

B. network device management
C. allowed application management
D. critical device management
E. asset inventory management
Correct Answer: CE
Explanation
Explanation
QUESTION 133
Which benefit does endpoint security provide the overall security posture of an organization?
A. It allows the organization to detect and respond to threats at the edge of the network.
B. It streamlines the incident response process to automatically perform digital forensics on the endpoint.
C. It allows the organization to mitigate web-based attacks as long as the user is active in the domain.
D. It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.
Correct Answer: D
Explanation
Explanation
QUESTION 134
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which
probe must be enabled for this type of profiling to work?
A. DHCP
B. NMAP
C. NetFlow
D. SNMP
Correct Answer: B
Explanation
Explanation
QUESTION 135
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an
organization? (Choose two)
A. secure access to on-premises and cloud applications

B. identification and correction of application vulnerabilities before allowing access to resources
C. single sign-on access to on-premises and cloud applications
D. integration with 802.1x security using native Microsoft Windows supplicant
E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
Correct Answer: AE
Explanation
Explanation
QUESTION 136
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and
Response?
A. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.
B. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
C. EPP focuses on network security, and EDR focuses on device security.
D. EDR focuses on network security, and EPP focuses on device security.
Correct Answer: B
Explanation
Explanation
QUESTION 137
Which two kinds of attacks are prevented by multifactor authentication? (Choose two)
A. phishing
B. teardrop
C. DDOS
D. brute force
E. man-in-the-middle
Correct Answer: DE
Explanation
Explanation
QUESTION 138
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
A. encryption factor
B. time factor
C. confidentiality factor
D. knowledge factor
E. biometric factor
Correct Answer: DE
Explanation
Explanation
A form of multi-factor authentication, two-factor authentication uses two of the following: something you know,
something you have and something you are.
Some examples of “something you know”:
Password/passphrase
Answer to a security question
PIN
Some examples of “something you have”:
SMS: Have you received SMS text messages containing a verification code? This is a form of multi-factor
authentication! Whilst there are limitations on the security of this option, remember the car examples. It’s better
than no second piece.
App: There are many options out there, both paid (DuoSec for example) and free (Authy). These apps give
you two options after password entry: first, you can use them to generate a verification code for a synced
account; and second, you can request a push notification, at which point you can ‘approve’ or ‘decline’ sign-in.
Physical token: if you have ever heard of Yubikey, it’s one of those most well-known forms of physical- or
hardware token-based authentication. Using this option, you enter a password and then plug in the device (or
touch it to something) to authenticate yourself. Usually, your account has an additional option approved, such
as app or SMS, in case you lose the token.
Device: Apple and Google both provide options to ‘approve’ or ‘decline’ sign-in from devices already enrolled
to do so after you have entered the password.
A few examples of “something you are”:
Fingerprint ID
Face ID
Voice ID
https://www.tripwire.com/state-of-security/security-data-protection/multi-factor-authentication-and-you/
QUESTION 139
How is Cisco Umbrella configured to log only security events?
A. per policy
B. per network in the Deployments section
C. in the Reporting settings
D. in the Security Settings section
Correct Answer: A
Explanation
Explanation
Advanced Settings
Expand Advanced Settings to configure the intelligent proxy and related features, SafeSearch, Allow-Only
mode, and logging.
https://docs.umbrella.com/deployment-umbrella/docs/create-and-apply-policies
QUESTION 140
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
A. SSL Decryption
B. Destination Lists
C. SafeSearch
D. File Analysis
Correct Answer: A
Explanation
Explanation
The Policy wizard includes many and varied access control and security-related components for you to consider
when defining policies for your identities.
Security Settings—Allows you to select which security threat categories Umbrella blocks. For example,
malware.
Content Categories—Allows you to block access to categories of websites—groupings of sites with similarly-
themed content. For example, sports, gambling, or astrology.
Application Settings—Allows you to block access to specific applications. For example, Netflix, Facebook, or
Amazon.
Destination Lists—Allows you to create a unique list of destinations (for example, domain name or URL) to
which you can block or allow access.
Block Pages—Allows you to configure the web page users see when an attempt is made to reach a blocked
destination
.
Note: Depending on the policy type (DNS or Web), some destination types may or may not be supported by
the policy.
File Inspection—Scan and inspect files for malicious content hosted on risky domains before those files are
downloaded.
https://docs.umbrella.com/deployment-umbrella/docs/customize-your-policies-1
QUESTION 141
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A. destination lists
B. security settings
C. content categories
D. application settings
Correct Answer: A
Explanation
Explanation
malware.
Amazon.
destination
.
the policy.
downloaded.
:
QUESTION 142
How does Cisco Umbrella archive logs to an enterprise owned storage?
A. by sending logs via syslog to an on-premises or cloud-based syslog server

B. by using the Application Programming Interface to fetch the logs
C. by being configured to send logs to a self-managed AWS S3 bucket
D. by the system administrator downloading the logs from the Cisco Umbrella web portal
Correct Answer: C
Explanation
Explanation
QUESTION 143
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are
blocked when they host malware, command and control, phishing, and more threats?
A. File Analysis
B. Security Category Blocking
C. Application Control
D. Content Category Blocking
Correct Answer: B
Explanation
Explanation
malware.
Amazon.
destination
.
the policy.
downloaded.
QUESTION 144
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed
through the Cisco Umbrella network. Which action tests the routing?
A. Add the public IP address that the client computers are behind to a Core Identity.
B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
C. Ensure that the client computers are pointing to the on-premises DNS servers.
D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
Correct Answer: D
Explanation
Explanation
QUESTION 145
Which Cisco security solution protects remote users against phishing attacks when they are not connected to
the VPN?
A. Cisco Firepower
B. NGIPS
C. Cisco Umbrella
D. Cisco Stealthwatch
Correct Answer: C
Explanation
Explanation
The Umbrella roaming client is a very lightweight DNS client that runs on your Windows or macOS computers.
It is not a VPN client or a local anti-virus engine. It allows Umbrella security and policy-based protection,
including our intelligent proxy, to be enforced no matter the network to which you are connected. Whether
you're at the office, your hotel, a coffee shop, or using a mobile hotspot, the Umbrella roaming client enforces
policies set by you in Umbrella. It includes the ability to deliver granular policy enforcement and reporting
information about the specific computer identity or even the logged-in Active Directory user.
https://docs.umbrella.com/deployment-umbrella/docs/1-introduction-1
QUESTION 146
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
A. AMP
B. DynDNS
C. AnyConnect
D. Talos
Correct Answer: D
Explanation
Explanation
Advanced Settings are:
Enable Intelligent Proxy—When enabled, Umbrella uses the Cisco Talos web reputation and other third-party
feeds to determine if a URL is malicious. The intelligent proxy also uses anti-virus (AV) engines and Cisco
Advanced Malware Protection (AMP) to inspect files before they are downloaded. When disabled, File Analysis
is also disabled. For more information about the intelligent proxy, see Manage the Intelligent Proxy.
https://docs.umbrella.com/umbrella-user-guide/docs/add-a-dns-policy#part-one--set-up-the-policy-wizard
QUESTION 147
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,
which allows the SOC to proactively automate responses to those threats?
A. Cisco Threat Grid

B. Cisco Umbrella
C. External Threat Feeds
D. Cisco Stealthwatch
Correct Answer: A
Explanation
Explanation
QUESTION 148
What must be used to share data between multiple security products?
A. Cisco Rapid Threat Containment

B. Cisco Platform Exchange Grid
C. Cisco Stealthwatch Cloud
D. Cisco Advanced Malware Protection
Correct Answer: B
Explanation
Explanation
QUESTION 149
Which two activities can be done using Cisco DNA Center? (Choose two)
A. Design
B. Provision
C. DHCP
D. DNS
E. Accounting
Correct Answer: AB
Explanation
Explanation
QUESTION 150
What provides visibility and awareness into what is currently occurring on the network?
A. Prime Infrastructure
B. Telemetry
C. CMX
D. WMI
Correct Answer: A
Explanation
Explanation
Cisco Prime Infrastructure: Offers comprehensive lifecycle management of wired/wireless access, campus, and
branch networks, rich visibility into end-user connectivity, and application performance assurance
https://www.cisco.com/c/en/us/products/cloud-systems-management/prime.html
QUESTION 151
What is the function of the Context Directory Agent?
A. reads the Active Directory logs to map IP addresses to usernames

B. accepts user authentication requests on behalf of Web Security Appliance for user identification
C. relays user authentication requests from Web Security Appliance to Active Directory
D. maintains users' group memberships
Correct Answer: A
Explanation
Explanation
Cisco Context Directory Agent (CDA) is a mechanism that maps IP Addresses to usernames in order to allow
security gateways to understand which user is using which IP Address in the network, so those security
gateways can now make decisions based on those users (or the groups to which the users belong to).
https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_oveviw.html
QUESTION 152
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from
Cisco and other vendors to share data and interoperate with each other?
A. Advanced Malware Protection

B. Platform Exchange Grid
C. Multifactor Platform Integration
D. Firepower Threat Defense
Correct Answer: B
Explanation
Explanation
QUESTION 153
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)
A. command and control communication

B. snort
C. data exfiltration
D. intelligent proxy
E. URL categorization
Correct Answer: AC
Explanation
Explanation
https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-a-glance-c45-
736555.pdf
QUESTION 154
How does Cisco Stealthwatch Cloud provide security for cloud environments?
A. It delivers visibility and threat detection.

B. It assigns Internet-based DNS protection for clients and servers.
C. It facilitates secure connectivity between public and private networks.
D. It prevents exfiltration of sensitive data.
Correct Answer: A
Explanation
Explanation
Why Cisco Stealthwatch Cloud?
Increasingly, businesses are migrating their workloads to the public cloud. For effective cloud security,
businesses must deploy cloud monitoring tools that are easy to use and manage, and make security teams
more efficient.
Cisco Stealthwatch Cloud uses entity modeling to provide unparalleled visibility and threat detection. With
advanced security analytics, businesses can identify complex threats and workload dependencies. In addition,
Stealthwatch Cloud integrates with third-party cloud solutions like Amazon Web Services (AWS) and Google
Cloud Platform.
AWS monitoring and Google cloud security are crucial concerns for an IT department in a hybrid cloud
environment. With Cisco Stealthwatch Cloud, businesses can deploy one tool for both public and private
network monitoring.
https://www.cisco.com/c/en_ca/products/security/stealthwatch-cloud/index.html#~stickynav=3
QUESTION 155
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view
of activity?
A. SNMP
B. model-driven telemetry
C. SMTP
D. syslog
Correct Answer: B
Explanation
Explanation
QUESTION 156
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize
applications, collect and send network metrics to Cisco Prime and other third-party management tools, and
prioritize application traffic?
A. Cisco Security Intelligence

B. Cisco Application Visibility and Control
C. Cisco DNA Center
D. Cisco Model Driven Telemetry
Correct Answer: B
Explanation
Explanation
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/avc/guide/avc-user-guide/avc_tech_overview.html
QUESTION 157
What is a feature of the open platform capabilities of Cisco DNA Center?
A. domain integration
B. application adapters
C. intent-based APIs
D. automation adapters
Correct Answer: C
Explanation
Explanation
Cisco DNA Center offers 360-degree extensibility (Figure 1) through four distinct types of platform capabilities:
● Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the
network and to reap network analytics and insights for IT and business innovation.
● Process adapters, built on integration APIs, allow integration with other IT and network systems to
streamline IT operations and processes.
● Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data
center, WAN, and security to deliver a consistent intent-based infrastructure across the entire IT environment.
● SDKs allow management to be extended to third-party vendor’s network devices to offer support for
diverse environments.
https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-cent-
platf-aag-cte-en.html?oid=aagen016868
QUESTION 158
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an
EC2 instance in Amazon Web Services.
Select and Place:
Select and Place:
Correct Answer:

Explanation
QUESTION 159
Question:
Drag and drop the capabilities from the left onto the correct technologies on the right.
Select and Place:

Correct Answer:

Explanation
QUESTION 160
Questions:
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Select and Place:

Correct Answer:

Explanation
QUESTION 161
Questions:
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the
correct definitions on the right.
Select and Place:

Correct Answer:

Explanation

ºèðÀÂÛÌ 350-701vce

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ºèðÀÂÛÌ 350-701vce

Uploaded by

Copyright:

Available Formats

SCOR_350-701_September_2020-v1.

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

A. Disable cookie inspection in the HTML inspection engine.

A. Use antispyware software

A. Malformed packets are used to crash systems.

A. Patch for cross-site scripting.

A. web page images

A. AES is more secure than 3DES.

A. 128-bit block size, 192-bit key length

A. DMVPN uses IKEv1 or IKEv2, FlexVPN only uses IKEv1

FlexVPN is based on these same fundamental technologies:

A. management console and the cloud

Available request methods are:

GET – Retrieves data from the specified object.

A. create an SNMP pull mechanism for managing AMP

A. adds a switch to Cisco DNA Center

A. They alert administrators when critical events occur.

A. Cisco FTDv configured in routed mode and IPv6 configured

A. Endpoint Trust List

2. Deploy the ASA FirePOWER Module in Your Network

ASA 5585-X (Hardware Module) in Routed Mode

ASA 5506-X (Software Module) in Routed Mode (9.7 to 9.9)

ASA 5585-X (Hardware Module) in Transparent Mode

A. Its events match all traffic classes in parallel.

A. user deployment of Layer 3 networks

A. Define a NetFlow collector by using the flow-export command.

A. transparent firewall mode

A. Device Management Policy

A. configure manager <key> add host

A. ip flow monitor input

A. Traffic from the inside network is redirected

A. An unassigned interface can communicate with assigned interfaces

A. It must have inline interface pairs configured.

A. It alerts users when the WSA decrypts their traffic.

A. Mail Submission Agent

A. reference a Proxy Auto Config file

A. It can handle explicit HTTP requests.

A. AMP Reputation Center

A. user and entity behavior analytics

A. It sends the application information to an administrator to act on.

A. Cisco Identity Services Engine with PxGrid services enabled

A. It allows the endpoint to authenticate with 802.1x or MAB.

A. RADIUS Change of Authorization

A. Dynamic ARP inspection

A. dot1x pae authenticator

A. snmp-server host inside 10.255.254.1 version 3 andy

A. asa-host(config)#snmpserver group myv3 v3 noauth

B. asa-host(config)#snmp-server group myv3 v3 noauth

C. asa-host(config)#snmp-server group myv3 v3 priv

D. sa-host(config)#snmp-server group myv3 v3 priv

A. process details variation

A. show authorization status

A. set the IP address of an interface

A. privilege level for an authorized user to this router

A. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.

A. monitoring network traffic

A. Activate SSL decryption.

A. device flow correlation

A. authentication server: Cisco Identity Service Engine

A. Cisco Identity Services Engine

A. Active Directory group policy management

A. secure access to on-premises and cloud applications

Some examples of “something you know”: