Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?
A. source NAT B. reverse tunnel C. GRE tunnel D. destination NAT
B. reverse tunnel
Explanation
To connect Cisco Secure Workload to external orchestrators at a client site where incoming connections are not allowed, a reverse tunnel must be used. A reverse tunnel initiates the connection from the inside of the client's network out to the external orchestrator, thereby bypassing restrictions on incoming connections and enabling secure communication.
Question 483:
Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?
A. inter-EPG isolation B. inter-VLAN security C. intra-EPG isolation D. placement in separate EPGs
C. intra-EPG isolation
Explanation
C. Intra-EPG
Intra-EPG Isolation for VMware VDS or Microsoft Hyper-V Virtual Switch
Intra-EPG Isolation is an option to prevent physical or virtual endpoint devices that are in the same base EPG or microsegmented (uSeg) EPG from communicating with each other. By default, endpoint devices included in the same EPG are allowed to communicate with one another. However, conditions exist in which total isolation of the endpoint devices from on another within an EPG is desirable. For example, you may want to enforce intra-EPG isolation if the endpoint VMs in the same EPG belong to multiple tenants, or to prevent
Question 484:
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
A. It can handle explicit HTTP requests. B. It requires a PAC file for the client web browser. C. It requires a proxy for the client web browser. D. WCCP v2-enabled devices can automatically redirect traffic destined to port 80. E. Layer 4 switches can automatically redirect traffic destined to port 80.
D. WCCP v2-enabled devices can automatically redirect traffic destined to port 80. E. Layer 4 switches can automatically redirect traffic destined to port 80.
Explanation
Question 485:
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser B. Disable the HTTPS server and use HTTP instead C. Use the Cisco FTD IP address as the proxy server setting on the browser D. Enable the HTTPS server for the device platform policy
D. Enable the HTTPS server for the device platform policy
Explanation
Question 486:
Which feature requires that network telemetry be enabled?
A. per-interface stats B. SNMP trap notification C. Layer 2 device discovery D. central syslog system
A. per-interface stats
Explanation
Question 487:
What is the term for the concept of limiting communication between applications or containers on the same node?
A. container orchestration B. software-defined access C. microservicing D. microsegmentation
D. microsegmentation
Explanation
Question 488:
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval. B. Use EEM to have the ports return to service automatically in less than 300 seconds. C. Enter the shutdown and no shutdown commands on the interfaces. D. Enable the snmp-server enable traps command and wait 300 seconds E. Ensure that interfaces are configured with the error-disable detection and recovery feature
C. Enter the shutdown and no shutdown commands on the interfaces. E. Ensure that interfaces are configured with the error-disable detection and recovery feature
Explanation
You can also bring up the port by using these commands:+ The "shutdown" interface configuration command followed by the "no shutdown" interface configurationcommand restarts the disabled port.+ The "errdisable recovery cause ..." global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.
Question 489:
Which attack is commonly associated with C and C++ programming languages?
A. cross-site scripting B. water holing C. DDoS D. buffer overflow
D. buffer overflow
Explanation
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations. Buffer overflow is a vulnerability in low level codes of C and C++. An attacker can cause the program to crash, make data corrupt, steal some private information or run his/her own code. It basically means to access any buffer outside of it's alloted memory space. This happens quite frequently in the case of arrays.
Question 490:
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?
A. retrospective detection B. indication of compromise C. file trajectory D. elastic search
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 350-701 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.