[2024] Pass Key features of 350-701 Course with Updated 630 Questions

350-701 Sample Practice Exam Questions 2024 Updated Verified

Cisco 350-701 certification exam is a comprehensive exam designed to test the skills and knowledge of candidates in implementing and operating Cisco Security Core Technologies. 350-701 exam is intended for IT professionals who are looking to enhance their knowledge and skills in the field of cybersecurity. Implementing and Operating Cisco Security Core Technologies certification is recognized globally and is highly valued by employers in the industry. If you are looking to advance your career in the field of cybersecurity, then the Cisco 350-701 certification exam is a must-have certification.

 

NEW QUESTION # 212
How is ICMP used an exfiltration technique?

• A. by flooding the destination host with unreachable packets
• B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address
• C. by overwhelming a targeted host with ICMP echo-request packets
• D. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

Answer: D

Explanation:
ICMP is a protocol that is used to send diagnostic messages between hosts on a network. It is not designed to carry any data, but it can be abused by attackers to exfiltrate data from a compromised host. By encrypting the payload in an ICMP packet, the attacker can hide the data from network monitoring tools and firewalls that may not inspect ICMP traffic. The attacker can then use another tool to decrypt the data from the ICMP packets on a remote host. This technique is known as ICMP tunneling and it is a form of protocol tunneling (MITRE T1572: Protocol Tunneling1). References:
* 1: https://attack.mitre.org/techniques/T1572/
* 2:
https://www.cynet.com/attack-techniques-hands-on/how-hackers-use-icmp-tunneling-to-own-your-networ
* 3:
https://digital-security.quodagis.fr/ressources/ressource/exfiltration-de-donnees-les-techniques-icmp-et-dns

NEW QUESTION # 213
Which baseline form of telemetry is recommended for network infrastructure devices?

• A. passive taps
• B. SNMP
• C. SDNS
• D. NetFlow

Answer: D

Explanation:
NetFlow is a baseline form of telemetry that is recommended for network infrastructure devices. NetFlow is a technology that collects and exports information about IP traffic flows on enabled interfaces. NetFlow can provide valuable insight into the network performance, utilization, behavior, and security. NetFlow can help identify anomalies, such as DDoS attacks, malware, or misconfigurations, by comparing the current traffic patterns with the normal or baseline ones. NetFlow can also help with capacity planning, troubleshooting, and forensic analysis. NetFlow is supported on various Cisco platforms, such as routers, switches, firewalls, and IPS sensors. NetFlow can export data to different collectors and analyzers, such as Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Traffic Anomaly Detectors and Cisco Guard DDoS Mitigation Appliances, Cisco Network Analysis Module (NAM), and other third-party tools. References:

NEW QUESTION # 214
An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?

• A. Virtual routing and forwarding
• B. Microsegmentation
• C. Virtual LAN
• D. Access control policy

Answer: D

Explanation:
ExplanationZero Trust is a security framework requiring all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location.The Zero Trust model uses microsegmentation - a security technique that involves dividing perimeters into small zones to maintain separate access to every part of the network - to contain attacks.

NEW QUESTION # 215
Refer to the exhibit.

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access.
Most PCs and IP phones can connect and authenticate using their machine certificate credentials. However printer and video cameras cannot base d on the interface configuration provided, what must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?

• A. Change the default policy in Cisco ISE to allow all devices not using machine authentication .
• B. Add mab to the interface configuration.
• C. Enable insecure protocols within Cisco ISE in the allowed protocols configuration.
• D. Configure authentication event fail retry 2 action authorize vlan 41 on the interface

Answer: B

NEW QUESTION # 216
Refer to the exhibit.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?

• A. ip dhcp snooping verify mac-address
• B. ip dhcp snooping vlan 41
• C. ip dhcp snooping limit 41
• D. ip dhcp snooping trust

Answer: D

Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

NEW QUESTION # 217
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?

• A. Cisco Prime Infrastructure
• B. Cisco WiSM
• C. Cisco ESA
• D. Cisco ISE

Answer: D

Explanation:
A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File.
In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware; and we can also configure ISE to update the client with this patch.

NEW QUESTION # 218
How many interfaces per bridge group does an ASA bridge group deployment support?

• A. up to 2
• B. up to 16
• C. up to 4
• D. up to 8

Answer: C

Explanation:
ExplanationEach of the ASAs interfaces need to be grouped into one or more bridge groups. Each of these groups acts as an independent transparent firewall. It is not possible for one bridge group to communicate with another bridge group without assistance from an external router.As of 8.4(1) upto 8 bridge groups are supported with 2-4 interface in each group. Prior to this only one bridge group was supported and only 2 interfaces.Up to 4 interfaces are permitted per bridge-group (inside, outside, DMZ1, DMZ2)

NEW QUESTION # 219
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

• A. DHCP snooping has not been enabled on all VLANs
• B. The no ip arp inspection trust command is applied on all user host interfaces
• C. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users
• D. Dynamic ARP inspection has not been enabled on all VLANs

Answer: B

Explanation:
Explanation/Reference:

NEW QUESTION # 220
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

• A. Certificate Trust List
• B. Endpoint Trust List
• C. Enterprise Proxy Service
• D. Secured Collaboration Proxy

Answer: A

Explanation:
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. This means that the ASA acts as a proxy between the Cisco IP Phone and the Cisco Unified Communications Manager (UCM), decrypting, inspecting, and re-encrypting the voice signaling traffic. To do this, the ASA needs to have the certificates of the devices that the phone trusts, such as the UCM servers and the TFTP servers. These certificates are stored in a Certificate Trust List (CTL) file that the phone downloads from the UCM before registration. Therefore, the ASA must be added to the CTL file on the UCM platform, so that the phone can verify the identity of the ASA as a proxy. The other options are not relevant for this scenario. The Endpoint Trust List is a list of certificates that the UCM trusts for encrypted endpoints. The Enterprise Proxy Service is a feature that allows the UCM to route calls to and from the public switched telephone network (PSTN) through a SIP proxy server. The Secured Collaboration Proxy is a feature that allows the UCM to encrypt the media streams between endpoints using Secure Real-Time Transport Protocol (SRTP). References :=
* Cisco Secure Firewall ASA Unified Communications Guide - TLS Proxy for Encrypted Voice Inspection
* TLS Proxy for Encrypted Voice Inspection - Cisco
* Where must the ASA be added on the Cisco UC Manager platform?

NEW QUESTION # 221
Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

• A. show authentication sessions
• B. show authentication registrations
• C. show authentication method
• D. show dot1x all

Answer: A

Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe-3se-3850-cr-book_chapter_01.html#wp3404908137 Displaying the Summary of All Auth Manager Sessions on the Switch Enter the following:
Switch# show authentication sessions
Interface MAC Address Method Domain Status Session ID
Gi1/48 0015.63b0.f676 dot1x DATA Authz Success 0A3462B1000000102983C05C Gi1/5 000f.23c4.a401 mab DATA Authz Success 0A3462B10000000D24F80B58 Gi1/5 0014.bf5d.d26d dot1x DATA Authz Success 0A3462B10000000E29811B94

NEW QUESTION # 222
How many interfaces per bridge group does an ASA bridge group deployment support?

• A. up to 2
• B. up to 16
• C. up to 4
• D. up to 8

Answer: C

Explanation:
Explanation
Each of the ASAs interfaces need to be grouped into one or more bridge groups. Each of these groups acts as an independent transparent firewall. It is not possible for one bridge group to communicate with another bridge group without assistance from an external router.
As of 8.4(1) upto 8 bridge groups are supported with 2-4 interface in each group. Prior to this only one bridge group was supported and only 2 interfaces.
Up to 4 interfaces are permitted per bridge-group (inside, outside, DMZ1, DMZ2)

NEW QUESTION # 223
What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

• A. Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.
• B. Southbound APIs are used to define how SDN controllers integrate with applications.
• C. Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.
• D. Southbound APIs utilize CLI, SNMP, and RESTCONF.
• E. Southbound interfaces utilize device configurations such as VLANs and IP addresses.

Answer: C,D

Explanation:
Northbound and southbound APIs are two types of interfaces that enable communication between different layers of the SDN architecture. Northbound APIs relay information between the controller and the applications or policy engines, while southbound APIs relay information between the controller and the network devices.
Northbound APIs allow applications to request network services or resources from the controller, such as bandwidth, latency, security, or routing. The controller then translates these requests into network configurations and applies them to the network devices via the southbound APIs. Northbound APIs typically use RESTful API methods such as GET, POST, and DELETE to communicate with the controller.
Southbound APIs allow the controller to program the network devices to perform forwarding and other functions. The controller can use different protocols or standards to communicate with the network devices, depending on their capabilities and vendor-specific features. Some common examples of southbound APIs are CLI, SNMP, RESTCONF, NETCONF, OpenFlow, and OpFlex.
References:
* Software-Defined Networking (SDN) Definition - Cisco
* Software-Defined Networking Security and Network ... - Cisco Press
* Cisco SDN - Software Defined Networking Explained - Study-CCNA
* SDN Network - Cisco Community

NEW QUESTION # 224
Drag and drop the threats from the left onto examples of that threat on the right

Answer:

Explanation:

NEW QUESTION # 225
What is a characteristic of an EDR solution and not of an EPP solution?

• A. retrospective analysis
• B. stops all ransomware attacks
• C. performs signature-based detection
• D. decrypts SSL traffic for better visibility

Answer: A

Explanation:
EDR stands for endpoint detection and response, while EPP stands for endpoint protection platform. EDR and EPP are two types of endpoint security solutions that have different capabilities and objectives. EDR provides real-time visibility into endpoint activities, detects malicious behavior and anomalies, and enables security teams to investigate and respond to threats. EPP prevents, detects, and remediates security threats on endpoints, such as known and unknown malware, ransomware, and zero-day vulnerabilities. EPP solutions may also include EDR capabilities, but not all EDR solutions include EPP capabilities.
One of the key features of EDR is retrospective analysis, which means the ability to look back at historical endpoint data and identify the root cause, scope, and impact of a security incident. Retrospective analysis helps security teams understand how the threat entered the network, what actions it performed, and how to prevent it from happening again. EPP solutions, on the other hand, do not provide retrospective analysis, as they are mainly focused on preventing and remediating threats, rather than investigating and responding to them.
Therefore, the correct answer is B. Retrospective analysis is a characteristic of an EDR solution and not of an EPP solution.
References:
* EPP vs. EDR: Why You Need Both - CrowdStrike
* EDR vs EPP: What is the Difference? - Exabeam
* Understanding MDR, EDR, EPP, and XDR | Netsurion
* EDR vs EPP: Key Features, Differences, and How They Work Together
* Endpoint Security Tools: EPP vs EDR | Prey Blog

NEW QUESTION # 226
An organization is using DNS services for their network and want to help improve the security of the DNS infrastructure. Which action accomplishes this task?

• A. Use DNSSEC between the endpoints and Cisco Umbrella DNS servers.
• B. Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional.
• C. Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.
• D. Modify the Cisco Umbrella configuration to pass queries only to non-DNSSEC capable zones.

Answer: C

Explanation:
DNSSEC (Domain Name System Security Extensions) is a technology that protects DNS from cache poisoning and spoofing attacks by digitally signing DNS data with cryptographic keys. DNSSEC ensures the integrity and authenticity of DNS responses, preventing attackers from redirecting traffic to malicious domains. Cisco Umbrella supports DNSSEC by performing validation on queries sent from Umbrella resolvers to upstream authorities. This means that Umbrella will only accept DNS responses that are signed and verified by the authoritative servers for each domain. To enable DNSSEC validation, the organization needs to configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers. This will ensure that Umbrella resolvers will reject any forged or tampered DNS responses and provide secure DNS resolution for the organization's network. References := Some possible references are:
* Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 2: Network Security, Lesson 2.5: Implement DNS Security
* What is DNSSEC and Why Is It Important? - Cisco Umbrella
* DNSSEC General Availability - Cisco Umbrella

NEW QUESTION # 227
An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively u: of the default policy elements. What else must be done to accomplish this task?

• A. Modify the application settings to allow only applications to connect to required addresses.
• B. Add the specified addresses to the identities list and create a block action.
• C. Create a destination list for addresses to be allowed or blocked.
• D. Use content categories to block or allow specific addresses.

Answer: C

Explanation:
Cisco Umbrella allows you to create custom destination lists that contain specific domains or IP addresses that you want to allow or block. You can then apply these destination lists to your policies to override the default behavior of Umbrella. For example, if you want to block specific addresses using Cisco Umbrella, you can create a destination list with those addresses and set the action to block. Then, you can assign this destination list to the policy that you want to modify. This way, any request to those addresses will be blocked by Umbrella, regardless of the content category or application settings12 References := 1: Manage Policies - Umbrella User Guide 2: Understanding Destination lists supported entries and error messages - Cisco Umbrella

NEW QUESTION # 228
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

• A. web page images
• B. user input validation in a web page or web application
• C. database
• D. Linux and Windows operating systems

Answer: B

Explanation:
SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives ("injects") you an SQL statement that you will unknowingly run on your database. For example:
Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a select string. The variable is fetched from user input (getRequestString):
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
If user enter something like this: "100 OR 1=1" then the SQL statement will look like this:
SELECT * FROM Users WHERE UserId = 100 OR 1=1;
The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE. A hacker might get access to all the user names and passwords in this database.

NEW QUESTION # 229
......

Cisco 350-701 certification exam is designed for professionals who intend to implement and operate Cisco security core technologies. 350-701 exam validates the knowledge and skills required to secure networks, devices, applications, and endpoints. The Cisco 350-701 exam is one of the most in-demand certification exams in the IT industry today.

 

The New 350-701 2024 Updated Verified Study Guides & Best Courses: https://pass4sure.dumptorrent.com/350-701-braindumps-torrent.html