• Home
  • Articles
  • [Full-Version] 2024 New 350-701 Actual Exam Dumps, Cisco Practice Test [Q208-Q227]

[Full-Version] 2024 New 350-701 Actual Exam Dumps, Cisco Practice Test [Q208-Q227]

Share

[Full-Version] 2024 New 350-701 Actual Exam Dumps,  Cisco Practice Test

Study HIGH Quality 350-701 Free Study Guides and Exams Tutorials


Cisco 350-701 certification exam is intended for IT professionals who are looking to enhance their knowledge and skills in the field of cybersecurity. Implementing and Operating Cisco Security Core Technologies certification exam is an excellent way to validate your expertise in the field of cybersecurity and demonstrate your commitment to professional development. Implementing and Operating Cisco Security Core Technologies certification is recognized globally and is highly sought after by IT professionals in the industry.

 

NEW QUESTION # 208
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

  • A. software package variation
  • B. flow insight variation
  • C. process details variation
  • D. interpacket variation

Answer: D

Explanation:
The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc
+ Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.
The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc
+ Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.
Reference:
cisco_nexus_9300_ex_platform_switches_white_paper_uki.pdf
The telemetry information consists of three types of data:
+ Flow information: This information contains details about endpoints, protocols, ports, when the flow started, how long the flow was active, etc.
+ Interpacket variation: This information captures any interpacket variations within the flow. Examples include variation in Time To Live (TTL), IP and TCP flags, payload length, etc
+ Context details: Context information is derived outside the packet header. It includes details about variation in buffer utilization, packet drops within a flow, association with tunnel endpoints, etc.
cisco_nexus_9300_ex_platform_switches_white_paper_uki.pdf


NEW QUESTION # 209
Refer to the exhibit.

What is a result of the configuration?

  • A. Traffic from the DMZ network is redirected
  • B. All TCP traffic is redirected
  • C. Traffic from the inside and DMZ networks is redirected
  • D. Traffic from the inside network is redirected

Answer: C

Explanation:
The purpose of above commands is to redirect traffic that matches the ACL "redirect-acl" to the Cisco FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission. The command "service-policy global_policy global" applies the policy to all of the interfaces. Reference: https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configurefirepower-00.html FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission.
The command "service-policy global_policy global" applies the policy to all of the interfaces.
The purpose of above commands is to redirect traffic that matches the ACL "redirect-acl" to the Cisco FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission. The command "service-policy global_policy global" applies the policy to all of the interfaces. Reference: https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configurefirepower-00.html


NEW QUESTION # 210
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two.)

  • A. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes. and push notifications
  • B. integration with 802.1x security using native Microsoft Windows supplicant
  • C. secure access to on-premises and cloud applications
  • D. single sign-on access to on-premises and cloud applications
  • E. identification and correction of application vulnerabilities before allowing access to resources

Answer: A,D


NEW QUESTION # 211
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

  • A. model-driven telemetry
  • B. SMTP
  • C. SNMP
  • D. syslog

Answer: A

Explanation:
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data. Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc. Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming. Reference: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics.
Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming.
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data. Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc. Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming. Reference: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide


NEW QUESTION # 212
Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

Answer:

Explanation:


NEW QUESTION # 213

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?

  • A. The authentication and authorization requests are grouped in a single packet.
  • B. The authentication request contains only a password
  • C. The authentication request contains only a username
  • D. There are separate authentication and authorization request packets.

Answer: A


NEW QUESTION # 214
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

  • A. Cisco Prime Infrastructure
  • B. Cisco ISE
  • C. Cisco WiSM
  • D. Cisco ESA

Answer: B

Explanation:
ExplanationA posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File.In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware; and we can also configure ISE to update the client with this patch.


NEW QUESTION # 215
What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

  • A. lt configures the pre-shared authentication key
  • B. It configures the local address for the VPN server.
  • C. It defines what data is going to be encrypted via the VPN
  • D. It prevents all IP addresses from connecting to the VPN server.

Answer: A

Explanation:
The function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel is to configure the pre-shared authentication key. This command specifies the key that will be used to authenticate the Internet Key Exchange (IKE) phase 1 negotiation between the IPsec peers. The key is associated with the address 0.0.0.0 0.0.0.0, which means that it will apply to any peer that initiates or responds to the IKE negotiation. This is a common configuration for dynamic IPsec VPN scenarios, such as Dynamic Multipoint VPN (DMVPN) or Easy VPN, where the IP addresses of the peers are not known in advance. However, this is also a less secure configuration, as it exposes the VPN server to potential brute-force attacks from any source. A more secure configuration would be to specify the exact IP address or subnet of the peer, or to use certificates instead of pre-shared keys.
References:
* Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Securing the Cloud, Lesson 2: Site-to-Site VPNs, Topic: IPsec VPN Configuration
* Cisco IOS Security Configuration Guide: Securing User Services, Release 12.4 - Configuring Internet Key Exchange for IPsec VPNs [Support] - Cisco, Configuring IKE Policies, Step 3: crypto isakmp key keystring [address | hostname] [mask | no-xauth] [netmask mask]


NEW QUESTION # 216
Refer to the exhibit.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?

  • A. ip dhcp snooping verify mac-address
  • B. ip dhcp snooping limit 41
  • C. ip dhcp snooping vlan 41
  • D. ip dhcp snooping trust

Answer: D

Explanation:
To understand DHCP snooping we need to learn about DHCP spoofing attack first.
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.
The port connected to a DHCP server should be configured as trusted port with the "ip dhcp snooping trust" command. Other ports connecting to hosts are untrusted ports by default.
In this question, we need to configure the uplink to "trust" (under interface Gi1/0/1) as shown below.


NEW QUESTION # 217
What is the purpose of the My Devices Portal in a Cisco ISE environment?

  • A. to provision userless and agentless systems
  • B. to register new laptops and mobile devices
  • C. to manage and deploy antivirus definitions and patches on systems owned by the end user
  • D. to request a newly provisioned mobile device

Answer: B

Explanation:
Depending on your company policy, you might be able to use your mobile phones, tablets, printers, Internet radios, and other network devices on your company's network. You can use the My Devices portal to register and manage these devices on your company's network.


NEW QUESTION # 218
An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?

  • A. consumption
  • B. editing
  • C. authoring
  • D. sharing

Answer: D

Explanation:
The process that uses STIX and allows uploads and downloads of block lists is sharing. STIX (Structured Threat Information Expression) is a standard language and format for exchanging cyber threat intelligence data. Block lists are collections of observables, such as IP addresses, URLs, or domains, that are associated with malicious activity and can be used to block or monitor network traffic. Cisco Threat Intelligence Director (TID) is a feature that operationalizes threat intelligence data by consuming, normalizing, publishing, and correlating data from various sources, including third-party STIX feeds. TID enables the administrator to upload STIX files from local or remote sources, or download STIX files from the Firepower Management Center (FMC) to share with other systems. TID also allows the administrator to configure actions (such as block or monitor) based on the indicators and observables in the STIX files, and generate incidents and observations when the system detects traffic that matches the threat intelligence data123 References := 1: Firepower Management Center Configuration Guide, Version 6.2.3 - Threat Intelligence Director 2 2: Introduction to STIX - GitHub Pages 4 3: Third-Party Integration of Security Feeds with FMC (Cisco Threat Intelligence Director) - Cisco Community 3


NEW QUESTION # 219
A network engineer is trying to figure out whether FlexVPN or DMVPN would fit better in their environment.
They have a requirement for more stringent security multiple security associations for the connections, more efficient VPN establishment as well consuming less bandwidth. Which solution would be best for this and why?

  • A. DMVPN because it supports IKEv2 and FlexVPN does not
  • B. DMVPN because it uses multiple SAs and FlexVPN does not
  • C. FlexVPN because it supports IKEv2 and DMVPN does not
  • D. FlexVPN because it uses multiple SAs and DMVPN does not

Answer: D

Explanation:
ExplanationFlexVPN supports IKEv2 -> Answer A is not correct.DMVPN supports both IKEv1 & IKEv2 -> Answer B is not correct.FlexVPN support multiple SAs -> Answer D is not correct.


NEW QUESTION # 220
Which type of dashboard does Cisco DNA Center provide for complete control of the network?

  • A. service management
  • B. distributed management
  • C. centralized management
  • D. application management

Answer: C

Explanation:
Cisco's DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass. Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06- dna-center-faq-cte-en.html Cisco's DNA Center is the only centralized network management system to bring all of this functionality into a single pane of glass. Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06- dna-center-faq-cte-en.html


NEW QUESTION # 221
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work?

  • A. SNMP
  • B. NMAP
  • C. DHCP
  • D. NetFlow

Answer: B

Explanation:
Cisco ISE can determine the type of device or endpoint connecting to the network by performing "profiling." Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP ("Network Mapper") is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system
Cisco ISE can determine the type of device or endpoint connecting to the network by performing "profiling." Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP ("Network Mapper") is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system
Reference:
Cisco ISE can determine the type of device or endpoint connecting to the network by performing "profiling." Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint.
NMAP ("Network Mapper") is a popular network scanner which provides a lot of features. One of them is the OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system


NEW QUESTION # 222
Which feature requires that network telemetry be enabled?

  • A. central syslog system
  • B. Layer 2 device discovery
  • C. SNMP trap notification
  • D. per-interface stats

Answer: B

Explanation:
Network telemetry is a technology for gaining network insight and facilitating efficient and automated network management. It encompasses various techniques for remote data generation, collection, correlation, and consumption1. Network telemetry can be used for various purposes, such as network performance monitoring, security analysis, troubleshooting, and optimization. One of the applications of network telemetry is Layer 2 device discovery, which allows network operators to discover and map the physical topology of the network, including switches, routers, hosts, and links. Layer 2 device discovery can be achieved by using protocols such as Link Layer Discovery Protocol (LLDP) or Cisco Discovery Protocol (CDP), which enable network devices to advertise their identity, capabilities, and neighbors to other devices on the same network segment. To enable Layer 2 device discovery, network telemetry must be enabled on the network devices, so that they can send and receive LLDP or CDP packets. This feature requires network telemetry to be enabled, because without it, the network devices would not be able to exchange information about their topology and configuration.
Therefore, the correct answer is C. Layer 2 device discovery.
References: 1: RFC 9232: Network Telemetry Framework - Internet Engineering Task Force


NEW QUESTION # 223
In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?

  • A. when there is a need for traditional anti-malware detection
  • B. when there te no firewall on the network
  • C. when there is no need to have the solution centrally managed
  • D. when there is a need to have more advanced detection capabilities

Answer: D


NEW QUESTION # 224
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?

  • A. security
  • B. orchestration
  • C. CI/CD pipeline
  • D. container

Answer: C


NEW QUESTION # 225
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?

  • A. outbound
  • B. north-south
  • C. inbound
  • D. east-west

Answer: A

Explanation:
DNS tunneling is a technique that encodes data of other programs and protocols in DNS queries, including data payloads that can be used to control a remote server and applications1. DNS exfiltration is a form of DNS tunneling that allows attackers to extract data from a compromised system by sending encoded DNS requests to a domain under their control2. The direction of the data transfer in DNS exfiltration is outbound, meaning from the victim's network to the attacker's network. This is different from inbound, which means from the attacker's network to the victim's network, or north-south and east-west, which are terms used to describe the traffic flow between different network segments or zones3. Outbound DNS requests are often allowed by default in many firewalls and network devices, making them an attractive channel for data exfiltration4. However, DNS exfiltration can be detected and prevented by using security solutions that monitor and analyze DNS traffic for anomalies and malicious patterns5.
References: 1: Improvements to DNS Tunneling & Exfiltration Detection - Cisco Umbrella 2: DNS Exfiltration & Tunneling: How it Works & DNSteal Demo Setup 3: What Is DNS Tunneling? - Palo Alto Networks 4: DNS Data Exfiltration and DNS Tunneling | Vercara 5: DNS Exfiltration: The Light at the End of the DNS Tunnel - site


NEW QUESTION # 226
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?

  • A. Configure the Cisco WSA to receive real-time updates from Talos
  • B. Configure the Cisco WSA to modify policies based on the traffic seen
  • C. Configure the Cisco ESA to modify policies based on the traffic seen
  • D. Configure the Cisco ESA to receive real-time updates from Talos

Answer: C

Explanation:
ExplanationExplanationThe Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it's likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.


NEW QUESTION # 227
......

Get 100% Real Free CCNP Security 350-701 Sample Questions: https://www.actualvce.com/Cisco/350-701-valid-vce-dumps.html

Download Cisco 350-701 Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1cjz3isDnBrdc1eT79uc7BiG7HTt3UBtH

Related Articles

more
Cisco 350-701 Certification Practice Exam