• Home
  • Articles
  • Get Started 350-701 Exam [2024] Dumps Cisco PDF Questions [Q334-Q355]

Get Started 350-701 Exam [2024] Dumps Cisco PDF Questions [Q334-Q355]

Share

Get Started: 350-701 Exam [2024] Dumps Cisco PDF Questions

350-701 Premium Exam Engine pdf Download


Cisco Certified Specialist-Security Core

Finally, the Cisco Certified Specialist-Security Core is a deserved recognition for passing the CCNP Security core exam. This is in line with the current exam guidelines, which state that all candidates who pass a professional-level test will gain a specialist title within the chosen field. This title is awarded to mid-level IT specialists who demonstrate knowledge of core security technologies such as endpoint protection, content security, and cloud security.

 

NEW QUESTION # 334
Drag and drop the VPN functions from the left onto the description on the right.

Answer:

Explanation:


NEW QUESTION # 335
A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?

  • A. Use 802.1X with profiling.
  • B. Use 802.1X with posture assessment.
  • C. Use MAB with profiling
  • D. Use MAB with posture assessment.

Answer: C

Explanation:
As the new device does not have a supplicant, we cannot use 802.1X. MAC Authentication Bypass (MAB) is a fallback option for devices that don't support 802.1x. It is virtually always used in deployments in some way shape or form. MAB works by having the authenticator take the connecting device's MAC address and send it to the authentication server as its username and password. The authentication server will check its policies and send back an Access-Accept or Access-Reject just like it would with 802.1x. Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles. These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles. Once classified, endpoints can be authorized to the network and granted access based on their profile. For example, endpoints that match the IP phone profile can be placed into a voice VLAN using MAC Authentication Bypass (MAB) as the authentication method. Another example is to provide differentiated network access to users based on the device used. For example, employees can get full access when accessing the network from their corporate workstation but be granted limited network access when accessing the network from their personal iPhone. Reference: https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456 MAC Authentication Bypass (MAB) is a fallback option for devices that don't support 802.1x. It is virtually always used in deployments in some way shape or form. MAB works by having the authenticator take the connecting device's MAC address and send it to the authentication server as its username and password. The authentication server will check its policies and send back an Access-Accept or Access-Reject just like it would with 802.1x.
Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles. These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles.
Once classified, endpoints can be authorized to the network and granted access based on their profile. For example, endpoints that match the IP phone profile can be placed into a voice VLAN using MAC Authentication Bypass (MAB) as the authentication method. Another example is to provide differentiated network access to users based on the device used. For example, employees can get full access when accessing the network from their corporate workstation but be granted limited network access when accessing the network from their personal iPhone.
As the new device does not have a supplicant, we cannot use 802.1X. MAC Authentication Bypass (MAB) is a fallback option for devices that don't support 802.1x. It is virtually always used in deployments in some way shape or form. MAB works by having the authenticator take the connecting device's MAC address and send it to the authentication server as its username and password. The authentication server will check its policies and send back an Access-Accept or Access-Reject just like it would with 802.1x. Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles. These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles. Once classified, endpoints can be authorized to the network and granted access based on their profile. For example, endpoints that match the IP phone profile can be placed into a voice VLAN using MAC Authentication Bypass (MAB) as the authentication method. Another example is to provide differentiated network access to users based on the device used. For example, employees can get full access when accessing the network from their corporate workstation but be granted limited network access when accessing the network from their personal iPhone. Reference: https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456


NEW QUESTION # 336
What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

  • A. Advanced NetFlow v9 templates and legacy v5 formatting are supported
  • B. Flow-create events are delayed
  • C. Secure NetFlow connections are optimized for Cisco Prime Infrastructure
  • D. Multiple NetFlow collectors are supported

Answer: A

Explanation:
The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide the following major functions: ... - Delays the export of flow-create events. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/ monitor-nsel.pdf
...
- Delays the export of flow-create events.
The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide the following major functions: ... - Delays the export of flow-create events. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/ monitor-nsel.pdf


NEW QUESTION # 337
Which two cryptographic algorithms are used with IPsec? {Choose two.)

  • A. Triple AMC-CBC
  • B. AES-CBC
  • C. AES-BAC
  • D. AES-ABC
  • E. HMAC-SHA1/SHA2

Answer: B,E

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-mt/sec-sec-for-vpns-w-ips


NEW QUESTION # 338
Where are individual sites specified to be blacklisted in Cisco Umbrella?

  • A. application settings
  • B. security settings
  • C. destination lists
  • D. content categories

Answer: C

Explanation:
Explanation A destination list is a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization. A destination is an IP address (IPv4), URL, or fully qualified domain name. You can add a destination list to Umbrella at any time; however, a destination list does not come into use until it is added to a policy. Reference: https://docs.umbrella.com/deployment-umbrella/docs/working-with-destination-lists A destination list is a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization. A destination is an IP address (IPv4), URL, or fully qualified domain name. You can add a destination list to Umbrella at any time; however, a destination list does not come into use until it is added to a policy.
Explanation A destination list is a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization. A destination is an IP address (IPv4), URL, or fully qualified domain name. You can add a destination list to Umbrella at any time; however, a destination list does not come into use until it is added to a policy. Reference: https://docs.umbrella.com/deployment-umbrella/docs/working-with-destination-lists


NEW QUESTION # 339
Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

  • A. configure manager add DONTRESOLVE <registration key> FTD123
  • B. configure manager add <FMC IP address> <registration key>
  • C. configure manager add DONTRESOLVE kregistration key>
  • D. configure manager add <FMC IP address> <registration key> 16

Answer: B

Explanation:
Explanation : Explanation : To let FMC manages FTD, first we need to add manager from the FTD and assign a register key of your choice. The command configure manager add 1.1.1.2 the_registration_key_you_want, where 1.1.1.2 is the IP address of the FMC, you need to use the same registration key in FMC when adding this FTD as a managed device. Reference: https://cyruslab.net/2019/09/03/ciscocisco-firepower-lab-setup/ Explanation:
To let FMC manages FTD, first we need to add manager from the FTD and assign a register key of your choice. The command configure manager add 1.1.1.2 the_registration_key_you_want, where 1.1.1.2 is the IP address of the FMC, you need to use the same registration key in FMC when adding this FTD as a managed device.
Explanation : Explanation : To let FMC manages FTD, first we need to add manager from the FTD and assign a register key of your choice. The command configure manager add 1.1.1.2 the_registration_key_you_want, where 1.1.1.2 is the IP address of the FMC, you need to use the same registration key in FMC when adding this FTD as a managed device. Reference: https://cyruslab.net/2019/09/03/ciscocisco-firepower-lab-setup/


NEW QUESTION # 340
What is a prerequisite when integrating a Cisco ISE server and an AD domain?

  • A. Configure a common DNS server
  • B. Place the Cisco ISE server and the AD server in the same subnet
  • C. Synchronize the clocks of the Cisco ISE server and the AD server
    The following are the prerequisites to integrate Active Directory with Cisco ISE.
    + Use the Network Time Protocol (NTP) server settings to synchronize the time between the Cisco ISE server and Active Directory. You can configure NTP settings from Cisco ISE CLI.
    + If your Active Directory structure has multidomain forest or is divided into multiple forests, ensure that trust relationships exist between the domain to which Cisco ISE is connected and the other domains that have user and machine information to which you need access. For more information on establishing trust relationships, refer to Microsoft Active Directory documentation.
    + You must have at least one global catalog server operational and accessible by Cisco ISE, in the domain to which you are joining Cisco ISE.
  • D. Configure a common administrator account

Answer: C

Explanation:
Reference:
/b_ISE_AD_integration_2x.html#reference_8DC463597A644A5C9CF5D582B77BB24F


NEW QUESTION # 341
An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not. What should the administrator do to address this issue?

  • A. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE
  • B. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE
  • C. Configure the device sensor feature within the switch to send the appropriate protocol information Explanation Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly, information collected by Device Sensor can come from the following protocols: + Cisco Discovery Protocol (CDP) + Link Layer Discovery Protocol (LLDP) + Dynamic Host Configuration Protocol (DHCP) Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-ConfigureDevice-Sensor-for-ISE-Profilin.html
  • D. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect

Answer: C

Explanation:
Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly, information collected by Device Sensor can come from the following protocols:
+ Cisco Discovery Protocol (CDP)
+ Link Layer Discovery Protocol (LLDP)
+ Dynamic Host Configuration Protocol (DHCP)
Explanation Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly, information collected by Device Sensor can come from the following protocols: + Cisco Discovery Protocol (CDP) + Link Layer Discovery Protocol (LLDP) + Dynamic Host Configuration Protocol (DHCP) Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-ConfigureDevice-Sensor-for-ISE-Profilin.html


NEW QUESTION # 342
What is the difference between Cross-site Scripting and SQL Injection, attacks?

  • A. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
  • B. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
  • C. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.
  • D. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Answer: C

Explanation:
Explanation
Answer B is not correct because Cross-site Scripting (XSS) is not a brute force attack.
Answer C is not correct because the statement "Cross-site Scripting is when executives in a corporation are attacked" is not true. XSS is a client-side vulnerability that targets other application users.
Answer D is not correct because the statement "Cross-site Scripting is an attack where code is executed from the server side". In fact, XSS is a method that exploits website vulnerability by injecting scripts that will run at client's side.
Therefore only answer A is left. In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them. In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.
Note: The main difference between a SQL and XSS injection attack is that SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.


NEW QUESTION # 343
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?

  • A. man-in-the-middle
  • B. cross-site scripting
  • C. insecure API
  • D. LDAP injection

Answer: A

Explanation:
Explanation


NEW QUESTION # 344
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

  • A. eastbound API
  • B. southbound API
  • C. northbound API
  • D. westbound AP

Answer: B

Explanation:
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs.


NEW QUESTION # 345
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

  • A. Contiv
  • B. Lambda
  • C. SDLC
  • D. Docker

Answer: D


NEW QUESTION # 346
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform. What should be used to meet these requirements?

  • A. Cisco Umbrella
  • B. Cisco NGFW
  • C. Cisco Cloud Email Security
  • D. Cisco Cloudlock

Answer: D

Explanation:
Explanation Explanation Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform. Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/at-a-glance-c45- 738565.pdf Explanation Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.
Explanation Explanation Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform. Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/at-a-glance-c45- 738565.pdf


NEW QUESTION # 347
Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.)

  • A. eavesdropping
  • B. exploits
  • C. denial-of-service attacks
  • D. ARP spoofing
  • E. malware

Answer: D,E


NEW QUESTION # 348
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

  • A. file access from a different user
  • B. user login suspicious behavior
  • C. privilege escalation
  • D. interesting file access

Answer: B

Explanation:
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are: + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts. Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods. + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform. Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/whitepaper-c11-740380.html
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are: + Shell code execution: Looks for the patterns used by shell code. + Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree. + Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts. Using these, it can detect Meltdown, Spectre, and other cache-timing attacks. + Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping). + User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods. + Interesting file access: Cisco Tetration platform can be armed to look at sensitive files. + File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user. + Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform. Reference: https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/whitepaper-c11-740380.html


NEW QUESTION # 349
An organization is implementing URL blocking using Cisco Umbrell
a. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

  • A. Intelligent proxy and SSL decryption is disabled in the policy.
  • B. Client computers do not have an SSL certificate deployed from an internal CA server.
  • C. Client computers do not have the Cisco Umbrella Root CA certificate installed.
  • D. IP-Layer Enforcement is not configured.

Answer: C

Explanation:
Reference:
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-Intelligent-Proxy


NEW QUESTION # 350
Drag and drop the cloud security assessment components from the left onto the definitions on the right.

Answer:

Explanation:


NEW QUESTION # 351
Refer to the exhibit.

A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

  • A. interesting traffic was not applied
  • B. hashing algorithm mismatch
  • C. authentication key mismatch
  • D. encryption algorithm mismatch

Answer: C


NEW QUESTION # 352
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

  • A. Talos
  • B. AMP
  • C. AnyConnect
  • D. DynDNS

Answer: A

Explanation:
Explanation
Explanation
When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious or risky - meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively. Risky requests are routed to our cloud-based proxy for deeper inspection. The Umbrella proxy uses Cisco Talos web reputation and other third-party feeds to determine if a URL is malicious.


NEW QUESTION # 353
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

  • A. a File Analysis policy to send file data into Cisco Firepower
  • B. a Network Discovery policy to receive data from the host
  • C. a Network Analysis policy to receive NetFlow data from the host
  • D. a Threat Intelligence policy to download the data from the host

Answer: B

Explanation:
Explanation
Explanation
You can configure discovery rules to tailor the discovery of host and application data to your needs.
The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map.
A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt -> Answer D is not correct.


NEW QUESTION # 354
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)

  • A. Protect systems with an up-to-date antimalware program.
  • B. Perform backups to the private cloud.
  • C. Protect against input validation and character escapes in the endpoint.
  • D. Install a spam and virus email filter.
  • E. Patch for cross-site scripting.

Answer: A,C


NEW QUESTION # 355
......

Pass Your Cisco Exam with 350-701 Exam Dumps: https://examcollection.actualcollection.com/350-701-exam-questions.html

Related Articles

more
Cisco 350-701 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy