Pass Cisco 350-701 PDF Dumps Recently Updated 630 Questions [Q206-Q229]

March 19, 2025 admin 0 Comments

Rate this post

Pass Cisco 350-701 PDF Dumps | Recently Updated 630 Questions

Updated Test Engine to Practice 350-701 Dumps & Practice Exam

Understanding functional and technical aspects of Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Securing the Cloud

The following will be discussed in CISCO 350-701 exam dumps:

Compare the customer vs. provider security responsibility for the different cloud service models
Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
Security assessment in the cloud
Configure cloud logging and monitoring methodologies
Implement application and data security in cloud environments
Identify security capabilities, deployment models, and policy management to secure the cloud
Identify security solutions for cloud environments
Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
Describe application and workload security concepts
Public, private, hybrid, and community clouds

NEW QUESTION 206
Which form of attack is launched using botnets?

virus

EIDDOS

TCP flood

DDOS

NEW QUESTION 207
How does Cisco Stealthwatch Cloud provide security for cloud environments?

It delivers visibility and threat detection.

It prevents exfiltration of sensitive data.

It assigns Internet-based DNS protection for clients and servers.

It facilitates secure connectivity between public and private networks.

Cisco Stealthwatch Cloud: Available as an SaaS product offer to provide visibility and threat detection within public cloud infrastructures such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

NEW QUESTION 208
What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

blocks traffic from URL categories that are known to contain malicious content

decrypts SSL traffic to monitor for malicious content

monitors suspicious traffic across all the TCP/UDP ports

prevents data exfiltration by searching all the network traffic for specified sensitive information

NEW QUESTION 209
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) The eDirectory client must be installed on each client workstation.

Create NTLM or Kerberos authentication realm and enable transparent user identification

Deploy a separate Active Directory agent such as Cisco Context Directory Agent.

Create an LDAP authentication realm and disable transparent user identification.

Deploy a separate eDirectory server: the client IP address is recorded in this server

* Transparently identify users with authentication realms – This option is available when one or more authentication realms are configured to support transparent identification using one of the following authentication servers:
* Active Directory – Create an NTLM or Kerberos authentication realm and enable transparent user identification. In addition, you must deploy a separate Active Directory agent such as Cisco’s Context Directory Agent. For more information, see Transparent User Identification with Active Directory.
* LDAP – Create an LDAP authentication realm configured as an eDirectory, and enable transparent user identification. For more information, see Transparent User Identification with LDAP.
Details:
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuid

NEW QUESTION 210
Refer to the exhibit.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

configure manager add DONTRESOLVE kregistration key>

configure manager add <FMC IP address> <registration key> 16

configure manager add DONTRESOLVE <registration key> FTD123

configure manager add <FMC IP address> <registration key>

Reference: https://cyruslab.net/2019/09/03/ciscocisco-firepower-lab-setup/

NEW QUESTION 211
Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?
(Choose two)

URLs

protocol IDs

IP addresses

MAC addresses

port numbers

Security Intelligence Sources
…
Custom Block lists or feeds (or objects or groups)
Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.) For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.
Security Intelligence Sources
…
Custom Block lists or feeds (or objects or groups)
Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.) For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.
Reference:
Security Intelligence Sources
…
Custom Block lists or feeds (or objects or groups)
Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.) For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.

NEW QUESTION 212
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?

Cisco Cloud Orchestrator

Cisco ASAV

Cisco WSAV

Cisco Stealthwatch Cloud

NEW QUESTION 213
What is a feature of NetFlow Secure Event Logging?

It exports only records that indicate significant events in a flow.

It filters NSEL events based on the traffic and event type through RSVP.

It delivers data records to NSEL collectors through NetFlow over TCP only.

It supports v5 and v8 templates.

NetFlow Secure Event Logging (NSEL) is a security logging mechanism that is built on NetFlow Version 9 technology. It provides a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow, such as flow-create, flow-teardown, and flow-denied. NSEL events are triggered by the event that caused the state change in the flow. This reduces the amount of data that is exported and provides more relevant information for security analysis. NSEL also supports periodic flow-update events, which provide byte counters over the duration of the flow. These events are usually time-driven, but may also be triggered by state changes in the flow. NSEL uses templates to describe the format of the data records that are exported through NetFlow. Each event has several record formats or templates associated with it. NSEL delivers templates and data records to configured NSEL collectors through NetFlow over UDP only. NSEL also allows filtering of NSEL events based on the traffic and event type through Modular Policy Framework, and then sends records to different collectors. The supported event types are flow-create, flow-denied, flow-teardown, flow-update, and all. References := Some possible references are:
* NetFlow Secure Event Logging (NSEL) – Cisco
* NetFlow Secure Event Logging (NSEL) – Cisco
* Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (source book)

NEW QUESTION 214
Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?

inter-EPG isolation

inter-VLAN security

intra-EPG isolation

placement in separate EPGs

NEW QUESTION 215
Which two capabilities does TAXII support? (Choose two)

Exchange

Pull messaging

Binding

Correlation

Mitigating

The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for exchanging structured cyber threat information between parties over the network.
TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat information.
TAXII Capabilities are the highest level at which TAXII actions can be described. There are three capabilities that this version of TAXII supports: push messaging, pull messaging, and discovery.
Although there is no “binding” capability in the list but it is the best answer here.

NEW QUESTION 216
Drag and drop the cloud security assessment components from the left onto the definitions on the right.

NEW QUESTION 217
Which technology reduces data loss by identifying sensitive information stored in public computing environments?

Cisco SDA

Cisco Firepower

Cisco HyperFlex

Cisco Cloudlock

Cisco Cloudlock is a cloud-native security platform that provides data loss prevention (DLP) capabilities for public cloud environments, such as SaaS, IaaS, and PaaS. Cisco Cloudlock can discover, classify, and protect sensitive data stored in cloud applications, such as Office 365, Google Workspace, Salesforce, Dropbox, and AWS. Cisco Cloudlock uses advanced techniques, such as regular expressions, keywords, dictionaries, and machine learning, to identify and monitor data based on predefined or custom policies. Cisco Cloudlock can also enforce actions, such as encryption, quarantine, deletion, or notification, to prevent data leakage or exposure12. References := 1: Cisco Cloudlock Data Sheet 2: Cloud Data Loss Prevention (Cloud DLP) Overview

NEW QUESTION 218
A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

Transport mode

Forward file

PAC file

Bridge mode

ExplanationA Proxy Auto-Configuration (PAC) file is a JavaScript function definition that determines whether web browserrequests (HTTP, HTTPS, and FTP) go direct to the destination or are forwarded to a web proxy server.PAC files are used to support explicit proxy deployments in which client browsers are explicitly configured tosend traffic to the web proxy. The big advantage of PAC files is that they are usually relatively easy to createand maintain.

NEW QUESTION 219
Drag and drop the solutions from the left onto the solution’s benefits on the right.

NEW QUESTION 220
Which DoS attack uses fragmented packets in an attempt to crash a target machine?

teardrop

smurf

LAND

SYN flood

Reference: https://www.radware.com/security/ddos-knowledge-center/ddospedia/teardrop-attack/

NEW QUESTION 221
What is a benefit of using Cisco Tetration?

It collects telemetry data from servers and then uses software sensors to analyze flow information.

It collects policy compliance data and process details.

It collects enforcement data from servers and collects interpacket variation.

It collects near-real time data from servers and inventories the software packages that exist on servers.

Cisco Tetration is a hybrid-cloud workload protection platform that secures compute instances in both the on-premises data center and the public cloud1. One of the benefits of using Cisco Tetration is that it collects telemetry data from servers and then uses software sensors to analyze flow information2. This allows Cisco Tetration to provide comprehensive visibility into every workload interaction and powerful AI/ML driven automation2. By analyzing the flow information, Cisco Tetration can also generate microsegmentation policies, detect workload behavior anomalies, identify software vulnerabilities, and monitor policy compliance23. References: 1: Cisco Secure Workload (formerly Tetration) FAQ 2: Cisco Secure Workload Platform Data Sheet 3: Cisco Tetration Platform – Cisco

NEW QUESTION 222
Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

get the process and PID information from the computers in the network

create an SNMP pull mechanism for managing AMP

gather network telemetry information from AMP for endpoints

gather the network interface information about the computers AMP sees

The call to API of “https://api.amp.cisco.com/v1/computers” allows us to fetch list of computers across your organization that Advanced Malware Protection (AMP) sees. Reference: https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1% 2Fcomputers&api_host=api.apjc.amp.cisco.com&api_resource=Computer&api_version=v1 Reference:
The call to API of “https://api.amp.cisco.com/v1/computers” allows us to fetch list of computers across your organization that Advanced Malware Protection (AMP) sees. Reference: https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1% 2Fcomputers&api_host=api.apjc.amp.cisco.com&api_resource=Computer&api_version=v1

NEW QUESTION 223
Which SNMPv3 configuration must be used to support the strongest security possible?

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmpserver group myv3 v3 noauth
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

asa-host(config)#snmp-server group myv3 v3 priv
asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

The strongest security possible for SNMPv3 requires both authentication and encryption, which is achieved by using the priv security level. Authentication ensures that the message is from a valid source, and encryption scrambles the content of the packet to prevent it from being learned by an unauthorized source. The auth sha and priv aes 256 parameters specify the algorithms used for authentication and encryption, respectively.
SHA is more secure than MD5, and AES 256 is more secure than DES or 3DES. Therefore, option D is the correct answer, as it uses the priv security level, the SHA algorithm for authentication, and the AES 256 algorithm for encryption. The other options either use a lower security level (noauth or authNoPriv), a weaker encryption algorithm (des or 3des), or no encryption at all. References :=
* SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) – SNMP Version 3
* Configuration Template for SNMPv3 – Cisco Community
* SNMP Version 3 – Cisco

NEW QUESTION 224
Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.

NEW QUESTION 225
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

Ethos Engine to perform fuzzy fingerprinting

Tetra Engine to detect malware when me endpoint is connected to the cloud

Clam AV Engine to perform email scanning

Spero Engine with machine learning to perform dynamic analysis

ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
Reference:
ETHOS = Fuzzy Fingerprinting using static/passive heuristics

NEW QUESTION 226
Which category includes Dos Attacks?

virus attacks

trojan attacks

flood attacks

phishing attacks

NEW QUESTION 227
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? {Choose two.)

virtualization

middleware

operating systems

applications

data

Explanation
https://apprenda.com/library/paas/iaas-paas-saas-explained-compared/

NEW QUESTION 228
Which two cryptographic algorithms are used with IPsec? {Choose two.)

AES-BAC

AES-ABC

HMAC-SHA1/SHA2

Triple AMC-CBC

AES-CBC

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-mt/sec-sec-for-vpns-w-ipsec-15-mt-book/sec-cfg-vpn-ipsec.html

NEW QUESTION 229
What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

Southbound APIs are used to define how SDN controllers integrate with applications.

Southbound interfaces utilize device configurations such as VLANs and IP addresses.

Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.

Southbound APIs utilize CLI, SNMP, and RESTCONF.

Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.

Loading …

Cisco 350-701 Dumps Cover Real Exam Questions: https://www.topexamcollection.com/350-701-vce-collection.html

350-701 Practice Tests

[Feb 07, 2024] 350-701 Dumps Full Questions – Exam Study Guide [Q222-Q236]
Pass Cisco 350-701 PDF Dumps Recently Updated 630 Questions [Q206-Q229]

Related Certifications

200-201
500-444
500-442
300-730
100-890
200-301
700-651
300-410
300-440
300-715