Cisco 350-701 Online Practice Questions and Exam Preparation

Cisco 350-701 Online Questions & Answers

• Question 281:

  Which two commands are required when configuring a flow-export action on a Cisco ASA? (Choose two.)

  A. flow-export event-type
  B. policy-map
  C. access-list
  D. flow-export template timeout-rate 15
  E. access-group
  A. flow-export event-type
  B. policy-map

  ---

  Explanation

• Question 282:

  Refer to the exhibit.

  

  A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

  A. set the IP address of an interface
  B. complete no configurations
  C. complete all configurations
  D. add subinterfaces
  B. complete no configurations

  ---

  Explanation

  The user "admin5" was configured with privilege level 5. In order to allow configuration (enter globalconfiguration mode), we must type this command:(config)#privilege exec level 5 configure terminalWithout this command, this user cannot do any configuration.Note: Cisco IOS supports privilege levels from 0 to 15, but the privilege levels which are used by default are privilege level 1 (user EXEC) and level privilege 15 (privilege EXEC)

• Question 283:

  Which function is performed by certificate authorities but is a limitation of registration authorities?

  A. accepts enrollment requests
  B. certificate re-enrollment
  C. verifying user identity
  D. CRL publishing
  D. CRL publishing

  ---

  Explanation

• Question 284:

  Which security mechanism is designed to protect against "offline brute-force" attacks?

  A. Token
  B. MFA
  C. Salt
  D. CAPTCHA
  C. Salt

  ---

  Explanation

• Question 285:

  What is a benefit of using Cisco AVC for application control?

  A. dynamic application scanning
  B. management of application sessions
  C. retrospective application analysis
  D. zero-trust approach
  B. management of application sessions

  ---

  Explanation

• Question 286:

  Which threat intelligence standard contains malware hashes?

  A. advanced persistent threat
  B. open command and control
  C. structured threat information expression
  D. trusted automated exchange of indicator information
  C. structured threat information expression

  ---

  Explanation

• Question 287:

  What are two workload security models? (Choose two.)

  A. SaaS
  B. PaaS
  C. off-premises
  D. on-premises
  E. IaaS
  A. SaaS
  D. on-premises

  ---

  Explanation

• Question 288:

  Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

  A. IKEv1
  B. AH
  C. ESP
  D. IKEv2
  C. ESP

  ---

  Explanation

• Question 289:

  A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue?

  A. Resynchronization of NTP is not forced
  B. NTP is not configured to use a working server.
  C. An access list entry for UDP port 123 on the inside interface is missing.
  D. An access list entry for UDP port 123 on the outside interface is missing.
  B. NTP is not configured to use a working server.

  ---

  Explanation

• Question 290:

  Which Cisco ISE feature helps to detect missing patches and helps with remediation?

  A. posture assessment
  B. profiling policy
  C. authentication policy
  D. enabling probes
  A. posture assessment

  ---

  Explanation

  Posture assessment is a feature of Cisco Identity Services Engine (ISE) that helps to detect missing patches and helps with remediation. It assesses the security posture of endpoint devices connecting to the network by checking for compliance with security policies and identifying any vulnerabilities, such as missing patches. Once non-compliant devices are identified, ISE can take appropriate actions, such as quarantining the device or providing instructions for remediation.