Cisco 350-701 Online Practice Questions and Exam Preparation

Cisco 350-701 Online Questions & Answers

• Question 561:

  Which policy does a Cisco Secure Web Appliance use to block or monitor URL requests based on the reputation score?

  A. Encryption
  B. Enforcement Security
  C. Cisco Data Security
  D. Outbound Malware Scanning
  B. Enforcement Security

  ---

  Explanation

• Question 562:

  Why is it important to patch endpoints consistently?

  A. Patching reduces the attack surface of the infrastructure.
  B. Patching helps to mitigate vulnerabilities.
  C. Patching is required per the vendor contract.
  D. Patching allows for creating a honeypot.
  B. Patching helps to mitigate vulnerabilities.

  ---

  Explanation

• Question 563:

  An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

  A. Virtual routing and forwarding
  B. Microsegmentation
  C. Access control policy
  D. Virtual LAN
  C. Access control policy

  ---

  Explanation

  Microsegmentation is NOT for posturing checking. All the requirements criteria is met by Access Control Policies where you can define in ISE, Authentication, Authorization (Assign SGT in this part, which is the microsegmentation), then use Access List to deny or allow traffic

• Question 564:

  An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway.

  The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?

  A. third-party
  B. self-signed
  C. organization owned root
  D. SubCA
  C. organization owned root

  ---

  Explanation

• Question 565:

  What provides visibility and awareness into what is currently occurring on the network?

  A. CMX
  B. WMI
  C. Prime Infrastructure
  D. Telemetry
  D. Telemetry

  ---

  Explanation

  https://www.cisco.com/c/dam/en_us/about/doing_business/legal/service_descriptions/docs/ activethreat-analytics-premier.pdf

• Question 566:

  A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?

  A. Change isakmp to ikev2 in the command on hostA.
  B. Enter the command with a different password on hostB.
  C. Enter the same command on hostB.
  D. Change the password on hostA to the default password.
  C. Enter the same command on hostB.

  ---

  Explanation

• Question 567:

  Refer to the exhibit.

  

  What does the API do when connected to a Cisco security appliance?

  A. get the process and PID information from the computers in the network
  B. create an SNMP pull mechanism for managing AMP
  C. gather network telemetry information from AMP for endpoints
  D. gather the network interface information about the computers AMP sees
  D. gather the network interface information about the computers AMP sees

  ---

  Explanation

  https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1%2Fcomputersandapi_host =api.apjc.amp.cisco.comandapi_resource=Computerandapi_version=v1

• Question 568:

  What is a difference between a zone-based firewall and a Cisco Adaptive Security Appliance firewall?

  A. Zone-based firewalls provide static routing based on interfaces, and Cisco Adaptive Security Appliance firewalls provide dynamic routing.
  B. Zone-based firewalls support virtual tunnel interfaces across different locations, and Cisco Adaptive Security Appliance firewalls support DMVPN.
  C. Zone-based firewalls have a default allow-all policy between interfaces in the same zone, and Cisco Adaptive Security Appliance firewalls have a deny-all policy.
  D. Zone-based firewalls are used in large deployments with multiple areas, and Cisco Adaptive Security Appliance firewalls are used in small deployments.
  C. Zone-based firewalls have a default allow-all policy between interfaces in the same zone, and Cisco Adaptive Security Appliance firewalls have a deny-all policy.

  ---

  Explanation

• Question 569:

  A web hosting company must upgrade its older, unsupported on-premises servers.

  The company wants a cloud solution in which the cloud provider is responsible for:

  1. Server patching 2. Application maintenance 3. Data center security 4. Disaster recovery

  Which type of cloud meets the requirements?

  A. Hybrid
  B. IaaS
  C. SaaS
  D. PaaS
  C. SaaS

  ---

  Explanation

• Question 570:

  What are two list types within AMP for Endpoints Outbreak Control? (Choose two)

  A. blocked ports
  B. simple custom detections
  C. command and control
  D. allowed applications
  E. URL
  B. simple custom detections
  D. allowed applications

  ---

  Explanation

  Advanced Malware Protection (AMP) for Endpoints offers a variety of lists, referred to as Outbreak Control, that allow you to customize it to your needs. The main lists are: Simple Custom Detections, Blocked Applications, Allowed Applications, Advanced Custom Detections, and IP Blocked and Allowed Lists.A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect andquarantine.Allowed applications lists are for files you never want to convict. Some examples are a custom application that is detected by a generic engine or a standard image that you use throughout the company Reference:

  https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf