Cisco 350-701 Online Practice Questions and Exam Preparation

Cisco 350-701 Online Questions & Answers

• Question 421:

  DRAG DROP

  Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

  Select and Place:

  

  

• Question 422:

  A company recently discovered an attack propagating throughout their Windows network via a file named abc428565580xyz.exe. The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list. Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise.

  What must be performed to ensure detection of the malicious file?

  A. Upload the malicious file to the Blocked Application Control List
  B. Use an Advanced Custom Detection List instead of a Simple Custom Detection List
  C. Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis
  D. Upload the SHA-256 hash for the file to the Simple Custom Detection List
  A. Upload the malicious file to the Blocked Application Control List

  ---

  Explanation

• Question 423:

  Which DoS attack uses fragmented packets in an attempt to crash a target machine?

  A. teardrop
  B. smurf
  C. LAND
  D. SYN flood
  A. teardrop

  ---

  Explanation

  A teardrop attack is a type of DoS attack that uses fragmented packets in an attempt to crash a target machine. The attacker sends IP packets that are deliberately malformed, such that the fragments overlap or have invalid offsets. When the target machine tries to reassemble the packets, it encounters an error or a buffer overflow, resulting in a system crash or a denial of service. Teardrop attacks exploit a vulnerability in the TCP/IP fragmentation reassembly process, which is responsible for splitting and recombining large packets that exceed the maximum transmission unit (MTU) size. Teardrop attacks can affect various operating systems, such as Windows, Linux, and BSD, depending on the implementation of the TCP/IP stack. Teardrop attacks are also known as IP fragmentation attacks or overlapping fragment attacks. References:

  Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 5: Securing the Cloud, Lesson 5.2: Cloud Security Threats, Topic 5.2.2:

  DoS Attacks What is an IP Fragmentation Attack (Teardrop ICMP/UDP) Teardrop Attack - Radware What Is a Teardrop Attack? | F5

  https://www.radware.com/security/ddos-knowledge-center/ddospedia/teardrop- attack/

• Question 424:

  Refer to the exhibit.

  

  When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?

  A. Group Policy
  B. Method
  C. SAML Server
  D. DHCP Servers
  B. Method

  ---

  Explanation

  In order to use AAA along with an external token authentication mechanism, set the "Method" as "Both" inthe Authentication.

• Question 425:

  What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?

  A. trusted automated exchange
  B. Indicators of Compromise
  C. The Exploit Database
  D. threat intelligence
  D. threat intelligence

  ---

  Explanation

  The term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems is "threat intelligence." Threat intelligence refers to the knowledge and insights gained from analyzing and understanding potential threats and threat actors, including their tactics, techniques, and procedures (TTPs).

  By leveraging threat intelligence, organizations can better understand the risks they face and take proactive steps to prevent or mitigate potential attacks. Threat intelligence can come from a variety of sources, including open-source intelligence, commercial threat intelligence feeds, and internal security operations.

• Question 426:

  A network administrator needs to find out what assets currently exist on the network. Third- party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

  A. a Network Discovery policy to receive data from the host
  B. a Threat Intelligence policy to download the data from the host
  C. a File Analysis policy to send file data into Cisco Firepower
  D. a Network Analysis policy to receive NetFlow data from the host
  A. a Network Discovery policy to receive data from the host

  ---

  Explanation

  You can configure discovery rules to tailor the discovery of host and application data to your needs.The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map.A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt -> Answer D is not correct.

• Question 427:

  Which security solution uses NetFlow to provide visibility across the network, data center, branch offices, and cloud?

  A. Cisco CTA
  B. Cisco Stealthwatch
  C. Cisco Encrypted Traffic Analytics
  D. Cisco Umbrella
  B. Cisco Stealthwatch

  ---

  Explanation

• Question 428:

  What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?

  A. continuous integration and continuous deployment
  B. cloud application security broker
  C. compile-time instrumentation
  D. container orchestration
  A. continuous integration and continuous deployment

  ---

  Explanation

• Question 429:

  A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?

  A. Implement synchronized system clock on TACACS server that matches the network device.
  B. Install a compatible operating system version on the TACACS server.
  C. Configure the TACACS key on the server to match with the network device.
  D. Apply an access control list on TACACS server to allow communication with the network device.
  C. Configure the TACACS key on the server to match with the network device.

  ---

  Explanation

  For TACACS authentication to work, the key configured on the network device must match the key configured on the TACACS server. If users are unable to authenticate despite the TACACS server being reachable, it is likely due to a mismatch in the keys. Ensuring that both the network device and the TACACS server have the same key configured is crucial for successful authentication.

• Question 430:

  Which algorithm provides encryption and authentication for data plane communication?

  A. AES-GCM
  B. SHA-96
  C. AES-256
  D. SHA-384
  A. AES-GCM

  ---

  Explanation

  https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security- book/ security-overview.html