• Home
  • Articles
  • New 2022 Guaranteed Success with 2Pass4sure 350-701 Dumps Cisco PDF Questions [Q24-Q44]

New 2022 Guaranteed Success with 2Pass4sure 350-701 Dumps Cisco PDF Questions [Q24-Q44]

Share

New 2022 Guaranteed Success with 2Pass4sure 350-701 Dumps Cisco PDF Questions

Exceptional Practice To Implementing and Operating Cisco Security Core Technologies Pass the First Time

NEW QUESTION 24
In an IaaS cloud services model, which security function is the provider responsible for managing?

  • A. Internet proxy
  • B. firewalling virtual machines
  • C. CASB
  • D. hypervisor OS hardening

Answer: B

Explanation:
In this IaaS model, cloud providers offer resources to users/machines that include computers as virtual machines, raw (block) storage, firewalls, load balancers, and network devices.
Note: Cloud access security broker (CASB) provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware such as ransomware.

 

NEW QUESTION 25
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

  • A. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud
  • B. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud
  • C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud
  • D. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

Answer: C

Explanation:
Explanation The Stealthwatch Cloud Private Network Monitoring (PNM) Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems. Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf The Stealthwatch Cloud Private Network Monitoring (PNM) Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems.
Explanation The Stealthwatch Cloud Private Network Monitoring (PNM) Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems. Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf

 

NEW QUESTION 26
Which feature is supported when deploying Cisco ASAv within AWS public cloud?

  • A. IPv6
  • B. multiple context mode
  • C. clustering
  • D. user deployment of Layer 3 networks

Answer: D

Explanation:
The ASAv on AWS supports the following features:
+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.
+ Deployment in the Virtual Private Cloud (VPC)
+ Enhanced networking (SR-IOV) where available
+ Deployment from Amazon Marketplace
+ Maximum of four vCPUs per instance
+ User deployment of L3 networks
+ Routed mode (default)
Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.
It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html The ASAv on AWS supports the following features:
+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.
+ Deployment in the Virtual Private Cloud (VPC)
+ Enhanced networking (SR-IOV) where available
+ Deployment from Amazon Marketplace
+ Maximum of four vCPUs per instance
+ User deployment of L3 networks
+ Routed mode (default)
Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.
The ASAv on AWS supports the following features:
+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.
+ Deployment in the Virtual Private Cloud (VPC)
+ Enhanced networking (SR-IOV) where available
+ Deployment from Amazon Marketplace
+ Maximum of four vCPUs per instance
+ User deployment of L3 networks
+ Routed mode (default)
Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.
It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html

 

NEW QUESTION 27
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

  • A. authenticator: Cisco Identity Services Engine
  • B. supplicant: Cisco AnyConnect ISE Posture module
  • C. authentication server: Cisco Prime Infrastructure
  • D. authentication server: Cisco Identity Service Engine
  • E. authenticator: Cisco Catalyst switch

Answer: D,E

 

NEW QUESTION 28
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

  • A. Client computers do not have the Cisco Umbrella Root CA certificate installed.
  • B. IP-Layer Enforcement is not configured.
  • C. Intelligent proxy and SSL decryption is disabled in the policy.
  • D. Client computers do not have an SSL certificate deployed from an internal CA server.

Answer: A

Explanation:
Explanation
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-Intelligent-Proxy

 

NEW QUESTION 29
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0383320506 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

  • A. snmp-server host inside 10.255.254.1 version 3 myv3
  • B. snmp-server host inside 10.255.254.1 version 3 andy
  • C. snmp-server host inside 10.255.254.1 snmpv3 myv3
  • D. snmp-server host inside 10.255.254.1 snmpv3 andy

Answer: A

Explanation:
Explanation/Reference: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/sm/snmp-server- host.html

 

NEW QUESTION 30
Refer to the exhibit. What does this python script accomplish?

  • A. It lists the LDAP users from the external identity store configured on Cisco ISE
  • B. It authenticates to a Cisco ISE server using the username of ersad
  • C. It authenticates to a Cisco ISE with an SSH connection
  • D. It allows authentication with TLSv1 SSL protocol

Answer: D

 

NEW QUESTION 31
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

  • A. The file has a reputation score that is below the threshold
  • B. The file has a reputation score that is above the threshold
  • C. The policy was created to disable file analysis
  • D. The policy was created to send a message to quarantine instead of drop

Answer: C

Explanation:
Maybe the "newly installed service" in this Qmentions about Advanced Malware Protection (AMP) which can be used along with ESA. AMP allows superior protection across the attack continuum.
+ File Reputation - captures a fingerprint of each file as it traverses the ESA and sends it to AMP's cloudbased intelligence network for a reputation verdict. Given these results, you can automatically block malicious files and apply administrator-defined policy.
+ File Analysis - provides the ability to analyze unknown files that are traversing the ESA. A highly secure sandbox environment enables AMP to glean precise details about the file's behavior and to combine that data with detailed human and machine analysis to determine the file's threat level. This disposition is then fed into AMP cloud-based intelligence network and used to dynamically update and expand the AMP cloud data set for enhanced protection

 

NEW QUESTION 32
Which two descriptions of AES encryption are true? (Choose two.)

  • A. AES can use a 168-bit key for encryption.
  • B. AES can use a 256-bit key for encryption.
  • C. AES is less secure than 3DES.
  • D. AES is more secure than 3DES.
  • E. AES encrypts and decrypts a key three times in sequence.

Answer: B,D

Explanation:
Explanation/Reference: https://gpdb.docs.pivotal.io/43190/admin_guide/topics/ipsec.html

 

NEW QUESTION 33
Which form of attack is launched using botnets?

  • A. TCP flood
  • B. DDOS
  • C. EIDDOS
  • D. virus

Answer: C

 

NEW QUESTION 34
Drag and drop the common security threats from left onto the definitions on the right.

Answer:

Explanation:

 

NEW QUESTION 35
Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

Answer:

Explanation:

 

NEW QUESTION 36
In which two ways does Easy Connect help control network access when used with Casco TrustSec? Choose two.)

  • A. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.
  • B. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).
  • C. It integrates with third-party products to provide better visibility throughout the network.
  • D. It allows multiple security products to share information and work together to enhance security posture in the network.
  • E. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

Answer: A,B

 

NEW QUESTION 37
Refer to the exhibit.

What does the number 15 represent in this configuration?

  • A. access list that identifies the SNMP devices that can access the router
  • B. privilege level for an authorized user to this router
  • C. interval in seconds between SNMPv3 authentication attempts
  • D. number of possible failed attempts until the SNMPv3 user is locked out

Answer: A

Explanation:
Explanation
The syntax of this command is shown below:
snmp-server group [group-name {v1 | v2c | v3 [auth | noauth | priv]}] [read read-view] [write write-view] [notify notify-view] [access access-list] The command above restricts which IP source addresses are allowed to access SNMP functions on the router. You could restrict SNMP access by simply applying an interface ACL to block incoming SNMP packets that don't come from trusted servers. However, this would not be as effective as using the global SNMP commands shown in this recipe. Because you can apply this method once for the whole router, it is much simpler than applying ACLs to block SNMP on all interfaces separately. Also, using interface ACLs would block not only SNMP packets intended for this router, but also may stop SNMP packets that just happened to be passing through on their way to some other destination device.

 

NEW QUESTION 38
What is provided by the Secure Hash Algorithm in a VPN?

  • A. encryption
  • B. integrity
  • C. key exchange
  • D. authentication

Answer: B

Explanation:
Explanation The HMAC-SHA-1-96 (also known as HMAC-SHA-1) encryption technique is used by IPSec to ensure that a message has not been altered. (-> Therefore answer "integrity" is the best choice). HMAC-SHA-1 uses the SHA-1 specified in FIPS-190-1, combined with HMAC (as per RFC 2104), and is described in RFC 2404. Reference: https://www.ciscopress.com/articles/article.asp?p=24833&seqNum=4 The HMAC-SHA-1-96 (also known as HMAC-SHA-1) encryption technique is used by IPSec to ensure that a message has not been altered. (-> Therefore answer "integrity" is the best choice). HMAC-SHA-1 uses the SHA-1 specified in FIPS-190-1, combined with HMAC (as per RFC 2104), and is described in RFC 2404.
Explanation The HMAC-SHA-1-96 (also known as HMAC-SHA-1) encryption technique is used by IPSec to ensure that a message has not been altered. (-> Therefore answer "integrity" is the best choice). HMAC-SHA-1 uses the SHA-1 specified in FIPS-190-1, combined with HMAC (as per RFC 2104), and is described in RFC 2404. Reference: https://www.ciscopress.com/articles/article.asp?p=24833&seqNum=4

 

NEW QUESTION 39
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

  • A. Bypass LDAP access queries in the recipient access table.
  • B. Configure Directory Harvest Attack Prevention
  • C. Use Bounce Verification
  • D. Configure incoming content filters.

Answer: B

Explanation:
Explanation

 

NEW QUESTION 40
How does Cisco Stealthwatch Cloud provide security for cloud environments?

  • A. It assigns Internet-based DNS protection for clients and servers.
  • B. It prevents exfiltration of sensitive datA.
  • C. It delivers visibility and threat detection.
  • D. It facilitates secure connectivity between public and private networks.

Answer: C

 

NEW QUESTION 41
What is the function of SDN southbound API protocols?

  • A. to enable the controller to use REST
  • B. to allow for the dynamic configuration of control plane applications
  • C. to allow for the static configuration of control plane applications
  • D. to enable the controller to make changes

Answer: B

Explanation:
Explanation

 

NEW QUESTION 42
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?

  • A. Cisco Model Driven Telemetry
  • B. Cisco DNA Center
  • C. Cisco Security Intelligence
  • D. Cisco Application Visibility and Control

Answer: D

Explanation:
The Cisco Application Visibility and Control (AVC) solution leverages multiple technologies to recognize, analyze, and control over 1000 applications, including voice and video, email, file sharing, gaming, peer-to-peer (P2P), and cloud-based applications. AVC combines several Cisco IOS/IOS XE components, as well as communicating with external tools, to integrate the following functions into a powerful solution...
The Cisco Application Visibility and Control (AVC) solution leverages multiple technologies to recognize, analyze, and control over 1000 applications, including voice and video, email, file sharing, gaming, peer-to-peer (P2P), and cloud-based applications. AVC combines several Cisco IOS/IOS XE components, as well as communicating with external tools, to integrate the following functions into a powerful solution...
The Cisco Application Visibility and Control (AVC) solution leverages multiple technologies to recognize, analyze, and control over 1000 applications, including voice and video, email, file sharing, gaming, peer-to-peer (P2P), and cloud-based applications. AVC combines several Cisco IOS/IOS XE components, as well as communicating with external tools, to integrate the following functions into a powerful solution...
Reference:
avc_tech_overview.html
avc_tech_overview.html

 

NEW QUESTION 43
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine?
(Choose two.)

  • A. SMTP
  • B. DHCP
  • C. sFlow
  • D. RADIUS
  • E. TACACS+

Answer: B,D

 

NEW QUESTION 44
......

350-701 EXAM DUMPS WITH GUARANTEED SUCCESS: https://endexam.2pass4sure.com/CCNPSecurity/350-701-actual-exam-braindumps.html

Related Articles

more
Cisco 350-701 Certification Practice Exam