[Nov-2023] 350-701 Dumps are Available for Instant Access using Dumpleader [Q222-Q245]

Rate this post

[Nov-2023] 350-701 Dumps are Available for Instant Access using Dumpleader

350-701 Dumps 2023 – New Cisco 350-701 Exam Questions

Cisco 350-701 exam is a challenging exam that requires candidates to have a solid understanding of security concepts and hands-on experience in implementing and operating Cisco’s security solutions. 350-701 exam is designed to validate the candidate’s ability to implement and operate Cisco’s security solutions in real-world scenarios. Implementing and Operating Cisco Security Core Technologies certification exam is a crucial step for IT professionals who want to advance their careers in network security and demonstrate their competence and expertise in implementing and operating Cisco’s security technologies.

NO.222 Drag and drop the solutions from the left onto the solution’s benefits on the right.

NO.223 What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

Cisco Umbrella

External Threat Feeds

Cisco Threat Grid

Cisco Stealthwatch

NO.224 What provides visibility and awareness into what is currently occurring on the network?

CMX

WMI

Prime Infrastructure

Telemetry

NO.225 What provides visibility and awareness into what is currently occurring on the network?

CMX

WMI

Prime Infrastructure

Telemetry

NO.226 Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

File Analysis

SafeSearch

SSL Decryption

Destination Lists

NO.227 On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

health policy

system policy

correlation policy

access control policy

health awareness policy

NO.228 Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

Encrypted Traffic Analytics

Threat Intelligence Director

Cognitive Threat Analytics

Cisco Talos Intelligence

NO.229 Which solution allows an administrator to provision, monitor, and secure mobile devices on Windows and Mac computers from a centralized dashboard?

Cisco Umbrella

Cisco AMP for Endpoints

Cisco ISE

Cisco Stealthwatch

NO.230 An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

quarantine and alter the subject header with a DLP violation

deliver and add disclaimer text

deliver and send copies to other recipients

quarantine and send a DLP violation notification

NO.231 An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

sending continuous pings

overflowing the buffer’s memory

inserting malicious commands into the database

NO.232 For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

SDP

LDAP

subordinate CA

SCP

HTTP

NO.233 What is a prerequisite when integrating a Cisco ISE server and an AD domain?

Place the Cisco ISE server and the AD server in the same subnet

Configure a common administrator account

Configure a common DNS server

Synchronize the clocks of the Cisco ISE server and the AD server

NO.234 What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?

lf four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt.

After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL

After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL1

If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds.

NO.235 Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

correlation

intrusion

access control

network discovery

NO.236 What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

NO.237 What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)

Create an LDAP authentication realm and disable transparent user identification.

Create NTLM or Kerberos authentication realm and enable transparent user identification.

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

The eDirectory client must be installed on each client workstation.

Deploy a separate eDirectory server; the dent IP address is recorded in this server.

NO.238 What are two benefits of Flexible NetFlow records? (Choose two)

They allow the user to configure flow information to perform customized traffic identification

They provide attack prevention by dropping the traffic

They provide accounting and billing enhancements

They converge multiple accounting technologies into one accounting mechanism

They provide monitoring of a wider range of IP packet information from Layer 2 to 4

NetFlow is typically used for several key customer applications, including the following: … Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/fnffnetflow.html If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields. Reference: https://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/ cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these layers.
…
Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.
Reference:
If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields.
cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these NetFlow is typically used for several key customer applications, including the following: … Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/fnffnetflow.html If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields. Reference: https://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/ cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these layers.

NO.239 Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

NO.240 Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Explanation: Cisco Tetration platform studies the behavior of the various processes and applications in the workload, measuring them against known bad behavior sequences. It also factors in the process hashes it collects. By studying various sets of malwares, the Tetration Analytics engineering team deconstructed it back into its basic building blocks. Therefore, the platform understands clear and crisp definitions of these building blocks and watches for them. The various suspicious patterns for which the Cisco Tetration platform looks in the current release are: + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts. Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods. + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform. Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/whitepaper-c11-740380.html Cisco Tetration platform studies the behavior of the various processes and applications in the workload, measuring them against known bad behavior sequences. It also factors in the process hashes it collects. By studying various sets of malwares, the Tetration Analytics engineering team deconstructed it back into its basic building blocks. Therefore, the platform understands clear and crisp definitions of these building blocks and watches for them.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
Explanation: Cisco Tetration platform studies the behavior of the various processes and applications in the workload, measuring them against known bad behavior sequences. It also factors in the process hashes it collects. By studying various sets of malwares, the Tetration Analytics engineering team deconstructed it back into its basic building blocks. Therefore, the platform understands clear and crisp definitions of these building blocks and watches for them. The various suspicious patterns for which the Cisco Tetration platform looks in the current release are: + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts. Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods. + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform. Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/whitepaper-c11-740380.html

NO.241 Under which two circumstances is a CoA issued? (Choose two.)

A new authentication rule was added to the policy on the Policy Service node.

An endpoint is deleted on the Identity Service Engine server.

A new Identity Source Sequence is created and referenced in the authentication policy.

An endpoint is profiled for the first time.

A new Identity Service Engine server is added to the deployment with the Administration personA.

NO.242 Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

3DES

RSA

DES

AES

NO.243 Drag and drop the descriptions from the left onto the correct protocol versions on the right.

NO.244 An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransom ware infection? (Choose two)

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

NO.245 Which attack is commonly associated with C and C++ programming languages?

cross-site scripting

water holing

DDoS

buffer overflow

Cisco 350-701 Exam Practice Test Questions: https://www.dumpleader.com/350-701_exam.html

Leave a Reply Cancel reply