Cisco 350-701 Dumps Questions [2023] Pass for 350-701 Exam [Q32-Q48]

Rate this post

Cisco 350-701 Dumps Questions [2023] Pass for 350-701 Exam

Updated Cisco Study Guide 350-701 Dumps Questions

Cisco 350-701 exam is an essential certification for IT professionals who want to validate their expertise in implementing and operating Cisco Security Core Technologies. It provides a solid foundation for individuals who are responsible for securing Cisco networks, devices, and applications. By passing 350-701 exam, candidates can demonstrate their proficiency in implementing and operating secure network infrastructure, endpoint protection and detection, and secure network access. Implementing and Operating Cisco Security Core Technologies certification can help IT professionals advance their careers and increase their job opportunities in the cybersecurity field.

QUESTION 32
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

QUESTION 33
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements?

Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

QUESTION 34
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?

NetFlow

NMAP

SNMP

DHCP

Cisco ISE can determine the type of device or endpoint connecting to the network by performing “profiling.” Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP (“Network Mapper”) is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system
Cisco ISE can determine the type of device or endpoint connecting to the network by performing “profiling.” Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP (“Network Mapper”) is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system
Reference:
Cisco ISE can determine the type of device or endpoint connecting to the network by performing “profiling.” Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP (“Network Mapper”) is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system

QUESTION 35
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two.)

It can handle explicit HTTP requests.

It requires a PAC file for the client web browser.

It requires a proxy for the client web browser.

WCCP v2-enabled devices can automatically redirect traffic destined to port 80.

Layer 4 switches can automatically redirect traffic destined to port 80.

QUESTION 36
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection?

Cisco Tetration

Cisco ISE?

Cisco AMP for Network

Cisco AnyConnect

QUESTION 37
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?

sniffing the packets between the two hosts

sending continuous pings

overflowing the buffer’s memory

inserting malicious commands into the database

QUESTION 38
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

posture assessment

CoA

external identity source

SNMP probe

QUESTION 39
Refer to the exhibit.

What is the result of this Python script of the Cisco DNA Center API?

adds authentication to a switch

receives information about a switch

adds a switch to Cisco DNA Center

QUESTION 40
A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?

SYN flood

slowloris

pharming

phishing

QUESTION 41
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

to ensure that assets are secure from malicious links on and off the corporate network

to protect the endpoint against malicious file transfers

to establish secure VPN connectivity to the corporate network

to enforce posture compliance and mandatory software

QUESTION 42
Which feature is supported when deploying Cisco ASA within AWS public cloud?

multiple context mode

user deployment of Layer 3 networks

IPv6

clustering

QUESTION 43
Drag and drop the capabilities from the left onto the correct technologies on the right.

QUESTION 44
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.
Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network.

Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

QUESTION 45
How does Cisco Advanced Phishing Protection protect users?

It validates the sender by using DKIM.

It determines which identities are perceived by the sender

It utilizes sensors that send messages securely.

It uses machine learning and real-time behavior analytics.

QUESTION 46
What will happen when the Python script is executed?

The hostname will be translated to an IP address and printed.

The hostname will be printed for the client in the client ID field.

The script will pull all computer hostnames and print them.

The script will translate the IP address to FODN and print it

QUESTION 47
Refer to the exhibit.

A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?