350-701 exam

Lead4pass 350-701 dumps consist of 598 up-to-date exam questions and answers specifically designed for the Implementing and Operating Cisco Security Core Technologies (SCOR) exam.

Lead4pass 350-701 dumps are accompanied by lightweight PDF and VCE tools, which enhance the learning experience and facilitate candidates in their preparation.

Visit the latest 350-701 dumps: https://www.leads4pass.com/350-701.html. Guaranteed a 100% pass rate on the CCNP Security Core Certification exam with the included 598 up-to-date exam questions and answers.

Practice some 350-701 dumps exam questions online

FromNumber of exam questionsLast updatedExam name
Lead4Pass15350-701 dumpsImplementing and Operating Cisco Security Core Technologies (SCOR)
Question 1:

Under which two circumstances is a CoA issued? (Choose two)

A. A new authentication rule was added to the policy on the Policy Service node.

B. An endpoint is deleted on the Identity Service Engine server.

C. C. A new Identity Source Sequence is created and referenced in the authentication policy.

D. An endpoint is profiled for the first time.

E. A new Identity Service Engine server is added to the deployment with the Administration persona

Correct Answer: BD

Does the profiling service issue the change of authorization in the following cases:?Endpoint deleted–When an endpoint is deleted from the Endpoints page and the endpoint is disconnected or removed from the network.

An exception action is configured–If you have an exception action configured per profile that leads to an unusual or unacceptable event from that endpoint. The profiling service moves the endpoint to the corresponding static profile by issuing a CoA.

An endpoint is profiled for the first time–When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.+ An endpoint identity group has changed–When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.

The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2- 1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

Question 2:

Which Cisco platform onboards the endpoint and can issue a CA-signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?

A. Cisco ISE

B. Cisco NAC

C. Cisco TACACS+

D. Cisco WSA

Correct Answer: A

Question 3:

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

A. accounting

B. assurance

C. automation

D. authentication

E. encryption

Correct Answer: BC

Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems- management/dna-center/nb-06- cisco-dna-center-aag-cte-en.html

Question 4:

Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?

A. Cisco Endpoint Security Analytics

B. Cisco AMP for Endpoints

C. Endpoint Compliance Scanner

D. Security Posture Assessment Service

Correct Answer: D

Question 5:

Refer to the exhibit.

Latest 350-701 exam questions 5

What does the API key do while working with https://api.amp.cisco.com/v1/computers?

A. displays client ID

B. HTTP authorization

C. Imports requests

D. HTTP authentication

Correct Answer: D

Question 6:

What is the function of the Context Directory Agent?

A. maintains users\’ group memberships

B. relays user authentication requests from Web Security Appliance to Active Directory

C. reads the Active Directory logs to map IP addresses to usernames

D. accepts user authentication requests on behalf of Web Security Appliance for user identification

Correct Answer: C

Reference:

https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_ oveviw.html

Question 7:

An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway.

The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end user to accomplish this goal?

A. third-party

B. self-signed

C. organization owned root

D. SubCA

Correct Answer: C

Question 8:

A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

A. Disable the proxy setting on the browser

B. Disable the HTTPS server and use HTTP instead

C. Use the Cisco FTD IP address as the proxy server setting on the browser

D. Enable the HTTPS server for the device platform policy

Correct Answer: D

Question 9:

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.

The chosen firewalls must provide methods of blocking traffic that includes offering the user the option to bypass the block for certain sites after displaying a warning page and resetting the connection.

Which solution should the organization choose?

A. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not

B. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.

C. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not

D. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

Correct Answer: C

Question 10:

Which security solution is used for posture assessment of the endpoints in a BYOD solution?

A. Cisco FTD

B. Cisco ASA

C. Cisco Umbrella

D. Cisco ISE

Correct Answer: D

Question 11:

An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing a file named abc424952615.exe without quarantining that file.

What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?

A. Advanced Custom Detection

B. Blocked Application

C. Isolation

D. Simple Custom Detection

Correct Answer: B

Question 12:

A company recently discovered an attack propagating throughout their Windows network via a file named abc428565580xyz exe The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise.

What must be performed to ensure the detection of the malicious file?

A. Upload the malicious file to the Blocked Application Control List

B. Use an Advanced Custom Detection List instead of a Simple Custom Detection List

C. Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis

D. Upload the SHA-256 hash for the file to the Simple Custom Detection List

Correct Answer: D

Question 13:

Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?

A. Cisco Advanced Malware Protection

B. Cisco Stealthwatch

C. Cisco Identity Services Engine

D. Cisco AnyConnect

Correct Answer: B

Question 14:

Which security solution protects users leveraging DNS-layer security?

A. Cisco ISE

B. Cisco FTD

C. Cisco Umbrella

D. Cisco ASA

Correct Answer: C

Question 15:

What are two ways that the Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)

A. Allows developers to create code once and deploy it to multiple clouds

B. helps maintain source code for cloud deployments

C. manages Docker containers

D. manages Kubernetes clusters

E. Creates complex tasks for managing code

Correct Answer: AE


Lead4pass 350-701 dumps contain 598 latest exam questions and answers, reviewed by the Cisco professional team to ensure authenticity and effectiveness, welcome to use 350-701 SCOR dumps: https://www.leads4pass.com/350-701.html to ensure Implementing and Operating The Cisco Security Core Technologies (SCOR) certification exam was successfully passed on the first try.

Lead4Pass 350-701 dumps provide candidates with up-to-date and valid exam materials! And with PDF and VCE two learning formats, they both contain the latest exam questions and answers, you can choose arbitrarily!
Download 350-701 dumps with PDF and VCE: https://www.leads4pass.com/350-701.html (521 Q&A), practice test all actual exam questions, and provide difficult problem annotations to help you really master all exams gist, Make sure you pass the exam with ease.

What’s more, Lead4Pass 350-701 dumps share some latest exam practice questions for free:

TypeNumber of exam questionsExam nameExam code
Free15Implementing and Operating Cisco Security Core Technologies (SCOR)350-701
QUESTION 1:

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

A. accounting

B. assurance

C. automation

D. authentication

E. encryption

Correct Answer: BC

Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-cisco-dna-center-aag-cte-en.html

QUESTION 2:

A network engineer is configuring DMVPN and entered the crypto is amp key cisc0380739941 address 0.0.0.0 command on host A The tunnel is not being established to host B.

What action is needed to authenticate the VPN?

A. Enter the same command on host B.

B. Enter the command with a different password on host B.

C. Change isakmp to ikev2 in the command on host A.

D. Change the password on host A to the default password.

Correct Answer: A

QUESTION 3:

Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

A. Time-based one-time passwords

B. Data loss prevention

C. Heuristic-based filtering

D. Geolocation-based filtering

E. NetFlow

Correct Answer: BD

Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-0/user_guide_fs/b_ESA_Admin_Guide_11_0/b_ESA_Admin_Guide_chapter_00.html

QUESTION 4:
latest 350-701 dumps questions 4

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?

A. Group Policy

B. Method

C. SAML Server

D. DHCP Servers

Correct Answer: B

In order to use AAA along with an external token authentication mechanism, set the “Method” as “Both” in the Authentication.

QUESTION 5:

What are two rootkit types? (Choose two)

A. registry

B. virtual

C. bootloader

D. user mode

E. buffer mode

Correct Answer: CD

The term rootkit\\' originally comes from the Unix world, where the wordroot\’ is used to describe a user with the highest possible level of access privileges, similar to a Administrator\\' in Windows. The wordkit\’ refers to thesoftware that grants root-level access to the machine. Put the two together and you get `rootkit\’, a program that gives someone? with legitimate or malicious intentions? privileged access to a computer. There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits, Memory rootkits

QUESTION 6:

Which two descriptions of AES encryption are true? (Choose two)

A. AES is less secure than 3DES.

B. AES is more secure than 3DES.

C. AES can use a 168-bit key for encryption.

D. AES can use a 256-bit key for encryption.

E. AES encrypts and decrypts a key three times in sequence.

Correct Answer: BD

QUESTION 7:

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface.

What is causing this problem?

A. DHCP snooping has not been enabled on all VLANs.

B. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

C. Dynamic ARP Inspection has not been enabled on all VLANs

D. The no ip arp inspection trust command is applied on all user host interfaces

Correct Answer: D

Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.

QUESTION 8:

An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?

A. device flow correlation

B. simple detections

C. application blocking list

D. advanced custom detections

Correct Answer: C

QUESTION 9:

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict.

What is causing this issue?

A. The policy was created to send a message to quarantine instead of drop

B. The file has a reputation score that is above the threshold

C. The file has a reputation score that is below the threshold

D. The policy was created to disable file analysis

Correct Answer: D

Maybe the “newly installed service” in this Qmentions about Advanced Malware Protection (AMP) can be used along with ESA. AMP allows superior protection across the attack continuum.+ File Reputation? captures a fingerprint of each file as it traverses the ESA and sends it to AMP\’s cloud-based intelligence network for a reputation verdict.

Given these results, you can automatically block malicious files and apply an administrator-defined policy.+ File Analysis? provides the ability to analyze unknown files that are traversing the ESA. A highly secure sandbox environment enables AMP to glean precise details about the file\’s behavior and to combine that data with detailed human and machine analysis to determine the file\’s threat level.

This disposition is then fed into AMP cloud-based intelligence network and used to dynamically update and expand the AMP cloud data set for enhanced protection

QUESTION 10:

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability.

What is the connection status in both cases?

A. need to be re-established with stateful failover and preserved with stateless failover

B. preserved with stateful failover and need to be reestablished with stateless failover

C. preserved with both stateful and stateless failover

D. need to be re-established with both stateful and stateless failover

Correct Answer: B

QUESTION 11:

Which two preventive measures are used to control cross-site scripting? (Choose two)

A. Enable client-side scripts on a per-domain basis.

B. Incorporate contextual output encoding/escaping.

C. Disable cookie inspection in the HTML inspection engine.

D. Run untrusted HTML input through an HTML sanitization engine.

E. Same Site cookie attribute should not be used.

Correct Answer: AB

QUESTION 12:

Which type of encryption uses a public key and a private key?

A. Asymmetric

B. Symmetric

C. Linear

D. Nonlinear

Correct Answer: A

QUESTION 13:

Which two services must remain on-premises equipment when a hybrid email solution is deployed? (Choose two)

A. DDoS

B. antispam

C. antivirus

D. encryption

E. DLP

Correct Answer: DE

Reference:
https://www.cisco.com/c/dam/en/us/td/docs/security/ces/overview_guide/Cisco_Cloud_Hyb
rid_Email_Security_Overview_Guide.pdf


PS. Download the latest 350-701 exam practice questions above: https://drive.google.com/file/d/1H7khQ3oU9u9JlTS0T4dxFAPVFsGaHZNX/

Take this practice session to learn some of the latest 350-701 exam facts! Improve your strength!
Now, use 350-701 dumps with PDF and VCE: https://www.leads4pass.com/350-701.html (521 Q&A), to help you pass the exam 100% successfully.