We provide real 350-701 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco 350-701 Exam quickly & easily. The 350-701 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 350-701 dumps pdf and vce product and material, you can easily pass the 350-701 exam.
Online 350-701 free questions and answers of New Version:
NEW QUESTION 1
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
- A. smurf
- B. distributed denial of service
- C. cross-site scripting
- D. rootkit exploit
Answer: C
NEW QUESTION 2
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?
- A. Cisco Prime Infrastructure
- B. Cisco Identity Services Engine
- C. Cisco Stealthwatch
- D. Cisco AMP for Endpoints
Answer: B
NEW QUESTION 3
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
- A. Cisco SDA
- B. Cisco Firepower
- C. Cisco HyperFlex
- D. Cisco Cloudlock
Answer: D
Explanation:
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cloudlock/cisco-cloudlock-cloud-data-security-datasheet.pdf
NEW QUESTION 4
What is the difference between deceptive phishing and spear phishing?
- A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
- B. A spear phishing campaign is aimed at a specific person versus a group of people.
- C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
- D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.
Answer: B
NEW QUESTION 5
Which deployment model is the most secure when considering risks to cloud adoption?
- A. public cloud
- B. hybrid cloud
- C. community cloud
- D. private cloud
Answer: D
NEW QUESTION 6
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)
- A. RADIUS
- B. TACACS+
- C. DHCP
- D. sFlow
- E. SMTP
Answer: AC
Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html
NEW QUESTION 7
What is the primary role of the Cisco Email Security Appliance?
- A. Mail Submission Agent
- B. Mail Transfer Agent
- C. Mail Delivery Agent
- D. Mail User Agent
Answer: B
NEW QUESTION 8
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
- A. File Analysis
- B. SafeSearch
- C. SSL Decryption
- D. Destination Lists
Answer: C
NEW QUESTION 9
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
- A. hypervisor
- B. virtual machine
- C. network
- D. application
Answer: D
Explanation:
Reference: https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-how-to-choose/
NEW QUESTION 10
Which solution combines Cisco IOS and IOS XE components to enable administrators to recognize applications, collect and send network metrics to Cisco Prime and other third-party management tools, and prioritize application traffic?
- A. Cisco Security Intelligence
- B. Cisco Application Visibility and Control
- C. Cisco Model Driven Telemetry
- D. Cisco DNA Center
Answer: B
NEW QUESTION 11
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
- A. It tracks flow-create, flow-teardown, and flow-denied events.
- B. It provides stateless IP flow tracking that exports all records of a specific flow.
- C. It tracks the flow continuously and provides updates every 10 seconds.
- D. Its events match all traffic classes in parallel.
Answer: A
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-nsel.html
NEW QUESTION 12
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?
- A. Port Bounce
- B. CoA Terminate
- C. CoA Reauth
- D. CoA Session Query
Answer: C
NEW QUESTION 13
Which SNMPv3 configuration must be used to support the strongest security possible?
- A. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
- B. asa-host(config)#snmp-server group myv3 v3 noauth asa- host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa- host(config)#snmp-server host inside 10.255.254.1 version 3 andy
- C. asa-host(config)#snmp- server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXXasa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
- D. asa- host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
Answer: D
NEW QUESTION 14
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
- A. RSA SecureID
- B. Internal Database
- C. Active Directory
- D. LDAP
Answer: C
NEW QUESTION 15
Which two capabilities does TAXII support? (Choose two.)
- A. exchange
- B. pull messaging
- C. binding
- D. correlation
- E. mitigating
Answer: BC
NEW QUESTION 16
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)
- A. authentication server: Cisco Identity Service Engine
- B. supplicant: Cisco AnyConnect ISE Posture module
- C. authenticator: Cisco Catalyst switch
- D. authenticator: Cisco Identity Services Engine
- E. authentication server: Cisco Prime Infrastructure
Answer: AC
Explanation:
Reference: https://www.lookingpoint.com/blog/ise-series-802.1x
NEW QUESTION 17
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
- A. security intelligence
- B. impact flags
- C. health monitoring
- D. URL filtering
Answer: A
NEW QUESTION 18
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)
- A. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
- B. Cisco FTDv with one management interface and two traffic interfaces configured
- C. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
- D. Cisco FTDv with two management interfaces and one traffic interface configured
- E. Cisco FTDv configured in routed mode and IPv6 configured
Answer: AC
Explanation:
Reference: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/white-paper-c11-740505.html
NEW QUESTION 19
What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)
- A. blocked ports
- B. simple custom detections
- C. command and control
- D. allowed applications
- E. URL
Answer: BD
Explanation:
Reference: https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf chapter 2
NEW QUESTION 20
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
- A. correlation
- B. intrusion
- C. access control
- D. network discovery
Answer: D
NEW QUESTION 21
......
Thanks for reading the newest 350-701 exam dumps! We recommend you to try the PREMIUM DumpSolutions.com 350-701 dumps in VCE and PDF here: https://www.dumpsolutions.com/350-701-dumps/ (337 Q&As Dumps)