Cisco CCNP 350-701 Questions & Answers

• Question 31:

  An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?

  A. service password-encryption

  B. username privilege 15 password

  C. service password-recovery

  D. username < username> password

  Correct Answer: A

• Question 32:

  Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers and can be stopped by Cisco Umbrella?

  A. DNS tunneling

  B. DNS flood attack

  C. cache poisoning

  D. DNS hijacking

  Correct Answer: A

• Question 33:

  Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)

  A. NTLMSSP

  B. Kerberos

  C. CHAP

  D. TACACS+

  E. RADIUS

  Correct Answer: AB

  Neither RADIUS or TACACS+ authenticates the user. They facilitate communication to the authentication server. Kerberos and NTLMSSP do authenticate the user.

• Question 34:

  Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

  A. blocks malicious websites and adds them to a block list

  B. does a real-time user web browsing behavior analysis

  C. provides a defense for on-premises email deployments

  D. uses a static algorithm to determine malicious

  E. determines if the email messages are malicious

  Correct Answer: CE

• Question 35:

  What is the purpose of the Cisco Endpoint loC feature?

  A. It provides stealth threat prevention.

  B. lt is a signature-based engine.

  C. lt is an incident response tool

  D. It provides precompromise detection.

  Correct Answer: C

  The Endpoint Indication of Compromise (IOC) feature is a powerful incident response tool for scanning of post-compromise indicators across multiple computers.

  https://www.cisco.com/c/dam/en_us/about/doing_business/legal/service_descriptions/docs/ Cisco_Secure_Managed_Endpoint.pdf

• Question 36:

  Which attribute has the ability to change during the RADIUS CoA?

  A. NTP

  B. Authorization

  C. Accessibility

  D. Membership

  Correct Answer: B

  Reference: https://www.cisco.com/c/en/us/td/docs/ios- xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html

• Question 37:

  Which two capabilities of Integration APIs are utilized with Cisco DNA center? (Choose two)

  A. Automatically deploy new virtual routers

  B. Upgrade software on switches and routers

  C. Application monitors for power utilization of devices and IoT sensors

  D. Connect to Information Technology Service Management Platforms

  E. Create new SSIDs on a wireless LAN controller

  Correct Answer: CD

• Question 38:

  What is a description of microsegmentation?

  A. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate

  B. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery

  C. Environments implement private VLAN segmentation to group servers with similar applications.

  D. Environments deploy centrally managed host-based firewall rules on each server or container

  Correct Answer: D

• Question 39:

  Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?

  A. buffer overflow

  B. browser WGET

  C. SQL injection

  D. cross-site scripting

  Correct Answer: D

• Question 40:

  Refer to the exhibit.

  

  The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

  A. P2 and P3 only

  B. P5, P6, and P7 only

  C. P1, P2, P3, and P4 only

  D. P2, P3, and P6 only

  Correct Answer: D