• Home
  • Articles
  • Free CCNP Security 350-701 Ultimate Study Guide (Updated 630 Questions) [Q187-Q211]

Free CCNP Security 350-701 Ultimate Study Guide (Updated 630 Questions) [Q187-Q211]

Share

Free CCNP Security 350-701 Ultimate Study Guide (Updated 630 Questions)

Get to the Top with 350-701 Practice Exam Questions


Achieving the Cisco 350-701 certification validates a candidate's knowledge and skills in securing their organization's networks and data. It also helps professionals stand out in the job market, increase their earning potential, and advance their career in the field of network security.


Cisco 350-701 exam is a 120-minute test that comprises a variety of question formats, including multiple-choice, drag-and-drop, and simulations. 350-701 exam is conducted in English and can be taken at any Pearson VUE test center worldwide. 350-701 exam fee is $400, and candidates can register for the exam on the Pearson VUE website.

 

NEW QUESTION # 187
When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

  • A. Spero analysis
  • B. sandbox analysis
  • C. malware analysis
  • D. dynamic analysis

Answer: D

Explanation:
Explanation Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guidev60/Reference_a_wrapper_Chapter_topic_here.html -> Spero analysis only uploads the signature of the (executable) files to the AMP cloud. It does not upload the whole file. Dynamic analysis sends files to AMP ThreatGrid. Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit. Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos Security Intelligence and Research Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally. There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a virtual machine.
Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware.
Reference:
-> Spero analysis only uploads the signature of the (executable) files to the AMP cloud. It does not upload the whole file. Dynamic analysis sends files to AMP ThreatGrid.
Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit.
Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos Security Intelligence and Research Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally.
There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a Explanation Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guidev60/Reference_a_wrapper_Chapter_topic_here.html -> Spero analysis only uploads the signature of the (executable) files to the AMP cloud. It does not upload the whole file. Dynamic analysis sends files to AMP ThreatGrid. Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit. Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos Security Intelligence and Research Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally. There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a virtual machine.


NEW QUESTION # 188
What is a difference between GETVPN and IPsec?

  • A. GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices
  • B. GETVPN is based on IKEv2 and does not support IKEv1
  • C. GETVPN provides key management and security association management
  • D. GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

Answer: D


NEW QUESTION # 189
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

  • A. Cisco Cloudlock
  • B. SIEM
  • C. Adaptive MFA
  • D. CASB

Answer: A

Explanation:
+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy.
+ Cloudlock is API-based.
+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).
Reference:
Note:
+ Security information and event management (SIEM) platforms collect log and event data from security systems, networks and computers, and turn it into actionable security insights.
+ An incident is a record of the triggering of an alerting policy. Cloud Monitoring opens an incident when a condition of an alerting policy has been met.


NEW QUESTION # 190
Drag and drop the cloud security assessment components from the left onto the definitions on the right.

Answer:

Explanation:


NEW QUESTION # 191
During a recent security audit a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command The VPN peer is a SOHO router with a dynamically assigned IP address Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn sohoroutercompany.com In addition to the command crypto isakmp key Cisc425007536 hostname vpn.sohoroutercompany.com what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)

  • A. fqdn vpn.sohoroutercompany.com <VPN Peer IP Address>
  • B. ip name-server <DNS Server IP Address>
  • C. Add the dynamic keyword to the existing crypto map command
  • D. ip host vpn.sohoroutercompany.eom <VPN Peer IP Address>
  • E. crypto isakmp identity hostname

Answer: C,E


NEW QUESTION # 192
What is the benefit of integrating Cisco ISE with a MDM solution?

  • A. It provides the ability to add applications to the mobile device through Cisco ISE
  • B. It provides network device administration access
  • C. It provides the ability to update other applications on the mobile device
  • D. It provides compliance checks for access to the network

Answer: D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_interoperab


NEW QUESTION # 193
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

  • A. eastbound API
  • B. southbound API
  • C. westbound AP
  • D. northbound API

Answer: B

Explanation:
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs.


NEW QUESTION # 194
An organization is receiving SPAM emails from a known malicious domain What must be configured in order to prevent the session during the initial TCP communication?

  • A. Configure the Cisco ESA to drop the malicious emails.
  • B. Configure policies to quarantine malicious emails.
  • C. Configure the Cisco ESA to reset the TCP connection.
  • D. Configure policies to stop and reject communication

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118219-configure-esa-00.html


NEW QUESTION # 195
What is managed by Cisco Security Manager?

  • A. access point
  • B. ESA
  • C. ASA
  • D. WSA

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/products/security/security-manager/index.html


NEW QUESTION # 196
Which feature is supported when deploying Cisco ASAv within AWS public cloud?

  • A. IPv6
  • B. multiple context mode
  • C. clustering
  • D. user deployment of Layer 3 networks

Answer: D

Explanation:
The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html
+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.
+ Deployment in the Virtual Private Cloud (VPC)
+ Enhanced networking (SR-IOV) where available
+ Deployment from Amazon Marketplace
+ Maximum of four vCPUs per instance
+ User deployment of L3 networks
+ Routed mode (default)
Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.
The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html


NEW QUESTION # 197
Refer to the exhibit.

The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

  • A. P1, P2, P3, and P4 only
  • B. P5, P6, and P7 only
  • C. P2, P3, and P6 only
  • D. P2 and P3 only

Answer: C


NEW QUESTION # 198
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?

  • A. Cisco NAC
  • B. Cisco ISE
  • C. Cisco TACACS+
  • D. Cisco WSA

Answer: B


NEW QUESTION # 199
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?

  • A. NMAP
  • B. NetFlow
  • C. DHCP
  • D. SNMP

Answer: A

Explanation:
Cisco ISE can determine the type of device or endpoint connecting to the network by performing "profiling." Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP ("Network Mapper") is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system


NEW QUESTION # 200
Refer to the exhibit.

What is the result of this Python script of the Cisco DNA Center API?

  • A. deletes a switch from Cisco DNA Center
  • B. receives information about a switch
  • C. adds a switch to Cisco DNA Center
  • D. adds authentication to a switch

Answer: C


NEW QUESTION # 201
What is the primary role of the Cisco Email Security Appliance?

  • A. Mail Transfer Agent
  • B. Mail Delivery Agent
  • C. Mail User Agent
  • D. Mail Submission Agent

Answer: A

Explanation:
Explanation Cisco Email Security Appliance (ESA) protects the email infrastructure and employees who use email at work by filtering unsolicited and malicious email before it reaches the user. Cisco ESA easily integrates into existing email infrastructures with a high degree of flexibility. It does this by acting as a Mail Transfer Agent (MTA) within the email-delivery chain. Another name for an MTA is a mail relay. Reference: https://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/February2013/ Cisco_SBA_BN_EmailSecurityUsingCiscoESADeploymentGuide-Feb2013.pdf Cisco Email Security Appliance (ESA) protects the email infrastructure and employees who use email at work by filtering unsolicited and malicious email before it reaches the user. Cisco ESA easily integrates into existing email infrastructures with a high degree of flexibility. It does this by acting as a Mail Transfer Agent (MTA) within the email-delivery chain. Another name for an MTA is a mail relay.
Reference:
Explanation Cisco Email Security Appliance (ESA) protects the email infrastructure and employees who use email at work by filtering unsolicited and malicious email before it reaches the user. Cisco ESA easily integrates into existing email infrastructures with a high degree of flexibility. It does this by acting as a Mail Transfer Agent (MTA) within the email-delivery chain. Another name for an MTA is a mail relay. Reference: https://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/February2013/ Cisco_SBA_BN_EmailSecurityUsingCiscoESADeploymentGuide-Feb2013.pdf


NEW QUESTION # 202
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Answer:

Explanation:


NEW QUESTION # 203
Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

  • A. uses a static algorithm to determine malicious
  • B. blocks malicious websites and adds them to a block list
  • C. provides a defense for on-premises email deployments
  • D. does a real-time user web browsing behavior analysis
  • E. determines if the email messages are malicious

Answer: D,E

Explanation:
Cisco Advanced Phishing Protection (AAP) is a solution that helps organizations protect against fraudulent senders and identity deception-based attacks, such as business email compromise (BEC) and spear phishing. AAP uses advanced machine learning techniques, real-time behavior analytics, relationship modeling, and telemetry to perform two main functions12:
* It determines if the email messages are malicious by assessing the threat posture of the sender and the content of the message. It also validates the reputation and authenticity of the sender by checking various indicators, such as the domain, the IP address, the SPF, DKIM, and DMARC records, the display name, the reply-to address, and the header information. AAP assigns a risk score to each email message and provides a verdict of clean, malicious, or suspicious. It also adds a banner to the email message to inform the recipient of the risk level and the recommended action.
* It does a real-time user web browsing behavior analysis by monitoring the user's interaction with the email message and the links embedded in it. It tracks the user's clicks, mouse movements, dwell time, and other indicators to detect any signs of hesitation, confusion, or curiosity. It also analyzes the destination URL of the links and compares it with the known malicious websites. If AAP detects any anomalous or risky behavior, it intervenes with a warning message or a redirect page to educate the user and prevent them from falling victim to the phishing attack. References := 1: Cisco's Security Innovations to Protect the Endpoint and Email 2: Cisco Advanced Phishing Protection - Cisco Video Portal


NEW QUESTION # 204
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

  • A. Intrusion
  • B. Network Discovery
  • C. Access Control
  • D. Correlation

Answer: B

Explanation:
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.
You can configure your network discovery policy to perform host and application detection.


NEW QUESTION # 205
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server's authentication key?

  • A. ntp server 1.1.1.1 key 1
  • B. ntp peer 1.1.1.1 key 1
  • C. ntp peer 1.1.1.2 key 1
  • D. ntp server 1.1.1.2 key 1

Answer: A

Explanation:
Explanation
To configure an NTP enabled router to require authentication when other devices connect to it, use the following commands:
NTP_Server(config)#ntp authentication-key 2 md5 securitytut
NTP_Server(config)#ntp authenticate
NTP_Server(config)#ntp trusted-key 2
Then you must configure the same authentication-key on the client router:
NTP_Client(config)#ntp authentication-key 2 md5 securitytut
NTP_Client(config)#ntp authenticate
NTP_Client(config)#ntp trusted-key 2
NTP_Client(config)#ntp server 10.10.10.1 key 2
Note: To configure a Cisco device as a NTP client, use the command ntp server <IP address>. For example:
Router(config)#ntp server 10.10.10.1. This command will instruct the router to query 10.10.10.1 for the time.


NEW QUESTION # 206
Refer to the exhibit.

What does the number 15 represent in this configuration?

  • A. privilege level for an authorized user to this router
  • B. number of possible failed attempts until the SNMPv3 user is locked out
  • C. interval in seconds between SNMPv3 authentication attempts
  • D. access list that identifies the SNMP devices that can access the router

Answer: D

Explanation:
ExplanationThe syntax of this command is shown below:snmp-server group [group-name {v1 | v2c | v3
[auth | noauth | priv]}] [read read-view] [write write-view] [notify notify-view] [access access-list]The command above restricts which IP source addresses are allowed to access SNMP functions on the router. You could restrict SNMP access by simply applying an interface ACL to block incoming SNMP packets that don't come from trusted servers. However, this would not be as effective as using the global SNMP commands shown in this recipe. Because you can apply this method once for the whole router, it is much simpler than applying ACLs to block SNMP on all interfaces separately. Also, using interface ACLs would block not only SNMP packets intended for this router, but also may stop SNMP packets that just happened to be passing through on their way to some other destination device.


NEW QUESTION # 207
Which parameter is required when configuring a Netflow exporter on a Cisco Router?

  • A. DSCP value
  • B. Exporter name
  • C. Exporter description
  • D. Source interface

Answer: B

Explanation:
An example of configuring a NetFlow exporter is shown below:
flow exporter Exporter
destination 192.168.100.22
transport udp 2055


NEW QUESTION # 208
Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

  • A. show authentication registrations
  • B. show dot1x all
  • C. show authentication sessions
  • D. show authentication method

Answer: D


NEW QUESTION # 209
Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

  • A. dot1x pae authenticator
  • B. dotlx reauthentication
  • C. cisp enable
  • D. authentication open

Answer: A


NEW QUESTION # 210
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443 The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users What must be done on the Cisco WSA to support these requirements?

  • A. Configure transparent traffic redirection using WCCP in the Osco WSA and on the network device
  • B. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA
  • C. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device
  • D. Configure active traffic redirection using WPAD m the Cisco WSA and on the network device

Answer: A


NEW QUESTION # 211
......


Cisco 350-701 exam is a comprehensive test that validates the candidate's ability to implement and operate core security technologies. Implementing and Operating Cisco Security Core Technologies certification exam consists of 90-110 multiple-choice questions, and the candidates have 120 minutes to complete it. 350-701 exam is available in English and Japanese and can be taken at any Pearson VUE test center worldwide. By passing the Cisco 350-701 exam, candidates can demonstrate their proficiency in the latest security technologies and gain recognition in the industry.

 

Pass Cisco 350-701 exam - questions - convert Tets Engine to PDF: https://prep4sure.real4prep.com/350-701-exam.html

Related Articles

more
Cisco 350-701 Certification Practice Exam