This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Tue May 21 6:03:30 2024 / +0000 GMT ___________________________________________________ Title: [March-2021]Braindump2go 350-701 Exam PDF and VCE 350-701 279 for 100% Passing 350-701 Exam[Q236-Q256] --------------------------------------------------- March/2021 Latest Braindump2go 350-701 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 350-701 Real Exam Questions!QUESTION 236What is a function of 3DES in reference to cryptography?A. It encrypts traffic.B. It creates one-time use passwords.C. It hashes files.D. It generates private keys.Answer: AQUESTION 237What are two DDoS attack categories? (Choose two.)A. protocolB. source-basedC. databaseD. sequentialE. volume-basedAnswer: AEQUESTION 238Which risk is created when using an Internet browser to access cloud-based service?A. misconfiguration of Infra, which allows unauthorized accessB. intermittent connection to the cloud connectorsC. vulnerabilities within protocolD. insecure implementation of APIAnswer: CQUESTION 239A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?A. The policy was created to send a message to quarantine instead of dropB. The file has a reputation score that is above the thresholdC. The file has a reputation score that is below the thresholdD. The policy was created to disable file analysisAnswer: DExplanation:Maybe the "newly installed service" in this question mentions about Advanced Malware Protection (AMP) which can be used along with ESA. AMP allows superior protection across the attack continuum.+ File Reputation - captures a fingerprint of each file as it traverses the ESA and sends it to AMP's cloudbasedintelligence network for a reputation verdict. Given these results, you can automatically block malicious files and apply administrator-defined policy.+ File Analysis - provides the ability to analyze unknown files that are traversing the ESA. A highly secure sandbox environment enables AMP to glean precise details about the file's behavior and to combine that data with detailed human and machine analysis to determine the file's threat level. This disposition is then fed into AMP cloud-based intelligence network and used to dynamically update and expand the AMP cloud data set for enhanced protection.QUESTION 240An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?A. NetFlowB. Packet TracerC. Network DiscoveryD. Access ControlAnswer: AQUESTION 241Which attack is preventable by Cisco ESA but not by the Cisco WSA?A. buffer overflowB. DoSC. SQL injectionD. phishingAnswer: DExplanation:The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email SecurityGateway:Prevents the following:+ Attacks that use compromised accounts and social engineering.+ Phishing, ransomware, zero-day attacks and spoofing.+ BEC with no malicious payload or URL.Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5/user_guide/b_ESA_Admin_Guide_13-5/m_advanced_phishing_protection.htmlQUESTION 242A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)A. Use outbreak filters from SenderBaseB. Enable a message tracking serviceC. Configure a recipient access tableD. Deploy the Cisco ESA in the DMZE. Scan quarantined emails using AntiVirus signatures.Answer: AEExplanation:We should scan emails using AntiVirus signatures to make sure there are no viruses attached in emails.Note: A virus signature is the fingerprint of a virus. It is a set of unique data, or bits of code, that allow it to be identified. Antivirus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine, and remove the virus.SenderBase is an email reputation service designed to help email administrators research senders, identify legitimate sources of email, and block spammers. When the Cisco ESA receives messages from known or highly reputable senders, it delivers them directly to the end user without any content scanning.However, when the Cisco ESA receives email messages from unknown or less reputable senders, it performs antispam and antivirus scanning.Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0100100.htmlQUESTION 243Which type of dashboard does Cisco DNA Center provide for complete control of the network?A. service managementB. centralized managementC. application managementD. distributed managementAnswer: BExplanation:Cisco's DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass.Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-faq-cte-en.htmlQUESTION 244In an IaaS cloud services model, which security function is the provider responsible for managing?A. Internet proxyB. firewalling virtual machinesC. CASBD. hypervisor OS hardeningAnswer: DExplanation:Infrastructure as a Service (IaaS) in cloud computing is one of the most significant and fastest growing field. In this service model, cloud providers offer resources to users/machines that include computers as virtual machines, raw (block) storage, firewalls, load balancers, and network devices.QUESTION 245A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in orderto securely connect this device to the network?A. Use MAB with profilingB. Use MAB with posture assessment.C. Use 802.1X with posture assessment.D. Use 802.1X with profiling.Answer: AExplanation:As the new device does not have a supplicant, we cannot use 802.1X. MAC Authentication Bypass (MAB) is a fallback option for devices that don't support 802.1x. It is virtuallyalways used in deployments in some way shape or form. MAB works by having the authenticator take the connecting device's MAC address and send it to the authentication server as its username and password. The authentication server will check its policies and send back an Access-Accept or Access-Reject just like it would with 802.1x.Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles.These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles. Once classified, endpoints can be authorized to the network and granted access based on their profile. For example, endpoints that match the IP phone profile can be placed into a voice VLAN using MAC Authentication Bypass (MAB) as the authentication method. Another example is to provide differentiated network access to users based on the device used. For example, employees can get full access when accessing the network from their corporate workstation but be granted limited network access when accessing the network from their personal iPhone.Reference: https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456QUESTION 246An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server's authentication key?A. ntp peer 1.1.1.1 key 1B. ntp server 1.1.1.1 key 1C. ntp server 1.1.1.2 key 1D. ntp peer 1.1.1.2 key 1Answer: BExplanation:To configure an NTP enabled router to require authentication when other devices connect to it, use the following commands:NTP_Server(config)#ntp authentication-key 2 md5 securitytutNTP_Server(config)#ntp authenticateNTP_Server(config)#ntp trusted-key 2Then you must configure the same authentication-key on the client router:NTP_Client(config)#ntp authentication-key 2 md5 securitytutNTP_Client(config)#ntp authenticateNTP_Client(config)#ntp trusted-key 2NTP_Client(config)#ntp server 10.10.10.1 key 2Note: To configure a Cisco device as a NTP client, use the command ntp server <IP address>. For example:Router(config)#ntp server 10.10.10.1. This command will instruct the router to query 10.10.10.1 for the time.QUESTION 247What is the role of an endpoint in protecting a user from a phishing attack?A. Use Cisco Stealthwatch and Cisco ISE Integration.B. Utilize 802.1X network security to ensure unauthorized access to resources.C. Use machine learning models to help identify anomalies and determine expected sending behavior.D. Ensure that antivirus and anti malware software is up to date.Answer: CQUESTION 248An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?A. Set content settings to HighB. Configure the intelligent proxy.C. Use destination block lists.D. Configure application block lists.Answer: BExplanation:Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control. The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else. Reference: https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxyQUESTION 249With which components does a southbound API within a software-defined network architecture communicate?A. controllers within the networkB. applicationsC. appliancesD. devices such as routers and switchesAnswer: DQUESTION 250A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?A. a Network Discovery policy to receive data from the hostB. a Threat Intelligence policy to download the data from the hostC. a File Analysis policy to send file data into Cisco FirepowerD. a Network Analysis policy to receive NetFlow data from the hostAnswer: AExplanation:You can configure discovery rules to tailor the discovery of host and application data to your needs. The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map. A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attemptQUESTION 251When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?A. The key server that is managing the keys for the connection will be at 1.2.3.4B. The remote connection will only be allowed from 1.2.3.4C. The address that will be used as the crypto validation authorityD. All IP addresses other than 1.2.3.4 will be allowedAnswer: BExplanation:The command crypto isakmp key cisco address 1.2.3.4 authenticates the IP address of the 1.2.3.4 peer by using the key cisco. The address of "0.0.0.0" will authenticate any address with this key.QUESTION 252Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?A. file access from a different userB. interesting file accessC. user login suspicious behaviorD. privilege escalationAnswer: CExplanation:The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:+ Shell code execution: Looks for the patterns used by shell code.+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/whitepaper-c11-740380.htmlQUESTION 253Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.B. Use EEM to have the ports return to service automatically in less than 300 seconds.C. Enter the shutdown and no shutdown commands on the interfaces.D. Enable the snmp-server enable traps command and wait 300 secondsE. Ensure that interfaces are configured with the error-disable detection and recovery featureAnswer: CEExplanation:You can also bring up the port by using these commands:+ The "shutdown" interface configuration command followed by the "no shutdown" interface configuration command restarts the disabled port.+ The "errdisable recovery cause ..." global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.QUESTION 254What is the difference between Cross-site Scripting and SQL Injection, attacks?A. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.B. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.C. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.D. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.Answer: AQUESTION 255A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?A. Adaptive Network Control Policy ListB. Context VisibilityC. Accounting ReportsD. RADIUS Live LogsAnswer: DExplanation:How To Troubleshoot ISE Failed Authentications & Authorizations Check the ISE Live LogsLogin to the primary ISE Policy Administration Node (PAN).Go to Operations > RADIUS > Live Logs(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports > Endpoints and Users > RADIUS AuthenticationsCheck for Any Failed Authentication Attempts in the LogReference: https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-failedauthentications-amp/ta-p/3630960QUESTION 256What is a prerequisite when integrating a Cisco ISE server and an AD domain?A. Place the Cisco ISE server and the AD server in the same subnetB. Configure a common administrator accountC. Configure a common DNS serverD. Synchronize the clocks of the Cisco ISE server and the AD serverAnswer: DExplanation:The following are the prerequisites to integrate Active Directory with Cisco ISE. + Use the Network Time Protocol (NTP) server settings to synchronize the time between the Cisco ISE server and Active Directory. You can configure NTP settings from Cisco ISE CLI. + If your Active Directory structure has multidomain forest or is divided into multiple forests, ensure thattrust relationships exist between the domain to which Cisco ISE is connected and the other domains that have user and machine information to which you need access. For more information on establishing trust relationships, refer to Microsoft Active Directory documentation. + You must have at least one global catalog server operational and accessible by Cisco ISE, in the domain towhich you are joining Cisco ISE.Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_2x.html#reference_8DC463597A644A5C9CF5D582B77BB24FResources From:1.2021 Latest Braindump2go 350-701 Exam Dumps (PDF & VCE) Free Share:https://www.braindump2go.com/350-701.html2.2021 Latest Braindump2go 350-701 PDF and 350-701 VCE Dumps Free Share:https://drive.google.com/drive/folders/1Fz2rtzfDdCvomlIPqv3RZzNAkMIepErv?usp=sharing3.2021 Free Braindump2go 350-701 Exam Questions Download:https://www.braindump2go.com/free-online-pdf/350-701-PDF-Dumps(257-279).pdfhttps://www.braindump2go.com/free-online-pdf/350-701-VCE-Dumps(236-256).pdfFree Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams! --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2021-03-30 02:01:00 Post date GMT: 2021-03-30 02:01:00 Post modified date: 2021-03-30 02:01:00 Post modified date GMT: 2021-03-30 02:01:00 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com