300-745 Exam Details

  • Exam Code
    :300-745
  • Exam Name
    :Designing Cisco Security Infrastructure (300-745 SDSI) v1.0
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :75 Q&As
  • Last Updated
    :Jul 09, 2026

Cisco 300-745 Online Questions & Answers

  • Question 31:

    An enterprise is redesigning access between campus users and data center applications. The security team wants consistent segmentation rules that follow the user and device identity instead of relying only on VLAN location.

    Which design approach best meets this requirement?

    A. Create additional VLAN trunks between all access switches.
    B. Use Cisco TrustSec security group tags to enforce identity-based policy.
    C. Deploy DNS sinkholing for all internal application names.
    D. Translate all campus subnets with static NAT before they reach the data center.

  • Question 32:

    Refer to the exhibit. A retail company recently deployed a file inspection feature using secure endpoint.

    The file inspection must detect and prevent the execution of malicious files on machines.

    During testing, logs showed that certain malicious files are still being executed despite the presence of the security measure. To understand why the threats are not being blocked, it is essential to investigate the configuration of secure endpoint policies.

    Which configuration is allowing the files to execute?

    A. Files are not malicious.
    B. Policy must block the network connections.
    C. Policy rule is disabled.
    D. Policy rule is in audit mode.

  • Question 33:

    Developers sometimes paste proprietary source code into external generative AI tools while troubleshooting. The organization wants to prevent this data from leaving managed channels.

    Which security control best addresses the requirement?

    A. Data loss prevention policy that blocks sensitive code submissions
    B. QoS marking for development traffic
    C. IPsec tunnel between data centers
    D. Syslog time synchronization

  • Question 34:

    A manufacturing company implemented IoT devices throughout their smart factory and needs a security solution that meets these requirements:

    1. Protect IoT devices from network-based attacks.

    2. Visibility into communication patterns.

    3. Anomaly detection for IoT traffic.

    Which firewall technology or feature should be recommended?

    A. zone-based firewall
    B. transparent firewall
    C. traditional firewall
    D. IPS/IDS

  • Question 35:

    A construction company recently introduced a BYOD policy, where contractors can bring personal devices and connect to the wireless network.

    The network engineer configured a Wi-Fi network with a guest splash page to provide internet access only.

    Although the policy was limited to wireless devices, contractors started bringing devices that needed wired connections without authorization and connecting to the network.

    The network team suggested shutting down ports where unauthorized devices are connected.

    Which technology must be implemented to ensure that wired and wireless devices are granted network access only after successful authentication?

    A. VxLANs
    B. private VLANs
    C. VACLs
    D. 802.1x

  • Question 36:

    Remote users access a bandwidth-heavy SaaS video platform through the corporate VPN, causing congestion. The business wants that trusted SaaS traffic to go directly to the internet while other private application traffic continues through the VPN.

    Which VPN design should be used?

    A. Block the SaaS application for all remote users.
    B. Use split-exclude tunneling for the SaaS application traffic.
    C. Increase VPN password complexity.
    D. Enable dynamic ARP inspection on campus switches.

  • Question 37:

    A company has been facing recurring issues with SQL injection vulnerabilities affecting the products, leading to significant disruptions for customers.

    To address the security concerns proactively, the company wants to integrate a tool into the CI/CD pipeline.

    The tool must be capable of identifying vulnerabilities such as SQL injection early in the development process, which allows developers to rectify issues before the code is deployed.

    Which solution must be implemented to meet the requirement?

    A. Static Application Security Testing tools, such as Checkmarx, Fortify, SonarQube
    B. build log observability tools, such as Splunk, Datadog
    C. workflow automation tools, such as GitHub Actions, Azure
    D. Dynamic Application Security Testing tools, such as OWASP ZAP, Veracode, Burp Suite

  • Question 38:

    Which benefit does AI provide in network security?

    A. It speeds up network data transmission rates.
    B. It replaces comprehensive defense in depth.
    C. It provides complete protection from DDoS attacks.
    D. It identifies vulnerabilities associated with weak TLS algorithms.

  • Question 39:

    A healthcare organization in the United States recently discovered that a highly confidential report name Records ______ that includes patient records name Patient_Medical_Records _____ was accessed by unauthorized personnel internally.

    The breach occurred due to lack of protection measures in place for patient electronic medical records.

    Which regulatory compliance is directly appropriate and must be adopted?

    A. FERPA
    B. HIPAA
    C. PCI DSS
    D. FISMA

  • Question 40:

    A cloud application is packaged as containers and promoted through a CI/CD pipeline. The security team wants to identify vulnerable operating-system packages and libraries before deployment.

    Which control should be added to the build process?

    A. Container image scanning
    B. DHCP snooping
    C. TLS offload
    D. Route redistribution

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-745 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.