This page was exported from Top Exam Collection [ http://blog.topexamcollection.com ] Export date:Mon Mar 31 22:32:05 2025 / +0000 GMT ___________________________________________________ Title: Pass Cisco 350-701 PDF Dumps Recently Updated 630 Questions [Q206-Q229] --------------------------------------------------- Pass Cisco 350-701 PDF Dumps | Recently Updated 630 Questions Updated Test Engine to Practice 350-701 Dumps & Practice Exam Understanding functional and technical aspects of Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Securing the Cloud The following will be discussed in CISCO 350-701 exam dumps: Compare the customer vs. provider security responsibility for the different cloud service modelsCloud service models: SaaS, PaaS, IaaS (NIST 800-145)Security assessment in the cloudConfigure cloud logging and monitoring methodologiesImplement application and data security in cloud environmentsIdentify security capabilities, deployment models, and policy management to secure the cloudIdentify security solutions for cloud environmentsDescribe the concept of DevSecOps (CI/CD pipeline, container orchestration, and securityDescribe application and workload security conceptsPublic, private, hybrid, and community clouds   NEW QUESTION 206Which form of attack is launched using botnets?  virus  EIDDOS  TCP flood  DDOS NEW QUESTION 207How does Cisco Stealthwatch Cloud provide security for cloud environments?  It delivers visibility and threat detection.  It prevents exfiltration of sensitive data.  It assigns Internet-based DNS protection for clients and servers.  It facilitates secure connectivity between public and private networks. Cisco Stealthwatch Cloud: Available as an SaaS product offer to provide visibility and threat detection within public cloud infrastructures such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).NEW QUESTION 208What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?  blocks traffic from URL categories that are known to contain malicious content  decrypts SSL traffic to monitor for malicious content  monitors suspicious traffic across all the TCP/UDP ports  prevents data exfiltration by searching all the network traffic for specified sensitive information NEW QUESTION 209What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.) The eDirectory client must be installed on each client workstation.  Create NTLM or Kerberos authentication realm and enable transparent user identification  Deploy a separate Active Directory agent such as Cisco Context Directory Agent.  Create an LDAP authentication realm and disable transparent user identification.  Deploy a separate eDirectory server: the client IP address is recorded in this server * Transparently identify users with authentication realms – This option is available when one or more authentication realms are configured to support transparent identification using one of the following authentication servers:* Active Directory – Create an NTLM or Kerberos authentication realm and enable transparent user identification. In addition, you must deploy a separate Active Directory agent such as Cisco’s Context Directory Agent. For more information, see Transparent User Identification with Active Directory.* LDAP – Create an LDAP authentication realm configured as an eDirectory, and enable transparent user identification. For more information, see Transparent User Identification with LDAP.Details:https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuidNEW QUESTION 210Refer to the exhibit.An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?  configure manager add DONTRESOLVE kregistration key>  configure manager add <FMC IP address> <registration key> 16  configure manager add DONTRESOLVE <registration key> FTD123  configure manager add <FMC IP address> <registration key> Reference: https://cyruslab.net/2019/09/03/ciscocisco-firepower-lab-setup/NEW QUESTION 211Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?(Choose two)  URLs  protocol IDs  IP addresses  MAC addresses  port numbers Security Intelligence Sources…Custom Block lists or feeds (or objects or groups)Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.) For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.Security Intelligence Sources…Custom Block lists or feeds (or objects or groups)Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.) For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.Reference:Security Intelligence Sources…Custom Block lists or feeds (or objects or groups)Block specific IP addresses, URLs, or domain names using a manually-created list or feed (for IP addresses, you can also use network objects or groups.) For example, if you become aware of malicious sites or addresses that are not yet blocked by a feed, add these sites to a custom Security Intelligence list and add this custom list to the Block list in the Security Intelligence tab of your access control policy.NEW QUESTION 212A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?  Cisco Cloud Orchestrator  Cisco ASAV  Cisco WSAV  Cisco Stealthwatch Cloud NEW QUESTION 213What is a feature of NetFlow Secure Event Logging?  It exports only records that indicate significant events in a flow.  It filters NSEL events based on the traffic and event type through RSVP.  It delivers data records to NSEL collectors through NetFlow over TCP only.  It supports v5 and v8 templates. NetFlow Secure Event Logging (NSEL) is a security logging mechanism that is built on NetFlow Version 9 technology. It provides a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow, such as flow-create, flow-teardown, and flow-denied. NSEL events are triggered by the event that caused the state change in the flow. This reduces the amount of data that is exported and provides more relevant information for security analysis. NSEL also supports periodic flow-update events, which provide byte counters over the duration of the flow. These events are usually time-driven, but may also be triggered by state changes in the flow. NSEL uses templates to describe the format of the data records that are exported through NetFlow. Each event has several record formats or templates associated with it. NSEL delivers templates and data records to configured NSEL collectors through NetFlow over UDP only. NSEL also allows filtering of NSEL events based on the traffic and event type through Modular Policy Framework, and then sends records to different collectors. The supported event types are flow-create, flow-denied, flow-teardown, flow-update, and all. References := Some possible references are:* NetFlow Secure Event Logging (NSEL) – Cisco* NetFlow Secure Event Logging (NSEL) – Cisco* Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (source book)NEW QUESTION 214Which configuration method provides the options to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with Vmware VDS or Microsoft vSwitch?  inter-EPG isolation  inter-VLAN security  intra-EPG isolation  placement in separate EPGs NEW QUESTION 215Which two capabilities does TAXII support? (Choose two)  Exchange  Pull messaging  Binding  Correlation  Mitigating The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for exchanging structured cyber threat information between parties over the network.TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat information.TAXII Capabilities are the highest level at which TAXII actions can be described. There are three capabilities that this version of TAXII supports: push messaging, pull messaging, and discovery.Although there is no “binding” capability in the list but it is the best answer here.NEW QUESTION 216Drag and drop the cloud security assessment components from the left onto the definitions on the right. NEW QUESTION 217Which technology reduces data loss by identifying sensitive information stored in public computing environments?  Cisco SDA  Cisco Firepower  Cisco HyperFlex  Cisco Cloudlock Cisco Cloudlock is a cloud-native security platform that provides data loss prevention (DLP) capabilities for public cloud environments, such as SaaS, IaaS, and PaaS. Cisco Cloudlock can discover, classify, and protect sensitive data stored in cloud applications, such as Office 365, Google Workspace, Salesforce, Dropbox, and AWS. Cisco Cloudlock uses advanced techniques, such as regular expressions, keywords, dictionaries, and machine learning, to identify and monitor data based on predefined or custom policies. Cisco Cloudlock can also enforce actions, such as encryption, quarantine, deletion, or notification, to prevent data leakage or exposure12. References := 1: Cisco Cloudlock Data Sheet 2: Cloud Data Loss Prevention (Cloud DLP) OverviewNEW QUESTION 218A customer has various external HTTP resources available including Intranet Extranet and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?  Transport mode  Forward file  PAC file  Bridge mode ExplanationA Proxy Auto-Configuration (PAC) file is a JavaScript function definition that determines whether web browserrequests (HTTP, HTTPS, and FTP) go direct to the destination or are forwarded to a web proxy server.PAC files are used to support explicit proxy deployments in which client browsers are explicitly configured tosend traffic to the web proxy. The big advantage of PAC files is that they are usually relatively easy to createand maintain.NEW QUESTION 219Drag and drop the solutions from the left onto the solution’s benefits on the right. NEW QUESTION 220Which DoS attack uses fragmented packets in an attempt to crash a target machine?  teardrop  smurf  LAND  SYN flood Reference: https://www.radware.com/security/ddos-knowledge-center/ddospedia/teardrop-attack/NEW QUESTION 221What is a benefit of using Cisco Tetration?  It collects telemetry data from servers and then uses software sensors to analyze flow information.  It collects policy compliance data and process details.  It collects enforcement data from servers and collects interpacket variation.  It collects near-real time data from servers and inventories the software packages that exist on servers. Cisco Tetration is a hybrid-cloud workload protection platform that secures compute instances in both the on-premises data center and the public cloud1. One of the benefits of using Cisco Tetration is that it collects telemetry data from servers and then uses software sensors to analyze flow information2. This allows Cisco Tetration to provide comprehensive visibility into every workload interaction and powerful AI/ML driven automation2. By analyzing the flow information, Cisco Tetration can also generate microsegmentation policies, detect workload behavior anomalies, identify software vulnerabilities, and monitor policy compliance23. References: 1: Cisco Secure Workload (formerly Tetration) FAQ 2: Cisco Secure Workload Platform Data Sheet 3: Cisco Tetration Platform – CiscoNEW QUESTION 222Refer to the exhibit.What does the API do when connected to a Cisco security appliance?  get the process and PID information from the computers in the network  create an SNMP pull mechanism for managing AMP  gather network telemetry information from AMP for endpoints  gather the network interface information about the computers AMP sees The call to API of “https://api.amp.cisco.com/v1/computers” allows us to fetch list of computers across your organization that Advanced Malware Protection (AMP) sees. Reference: https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1% 2Fcomputers&api_host=api.apjc.amp.cisco.com&api_resource=Computer&api_version=v1 Reference:The call to API of “https://api.amp.cisco.com/v1/computers” allows us to fetch list of computers across your organization that Advanced Malware Protection (AMP) sees. Reference: https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1% 2Fcomputers&api_host=api.apjc.amp.cisco.com&api_resource=Computer&api_version=v1NEW QUESTION 223Which SNMPv3 configuration must be used to support the strongest security possible?  asa-host(config)#snmp-server group myv3 v3 privasa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy  asa-host(config)#snmp-server group myv3 v3 noauthasa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy  asa-host(config)#snmpserver group myv3 v3 noauthasa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy  asa-host(config)#snmp-server group myv3 v3 privasa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy The strongest security possible for SNMPv3 requires both authentication and encryption, which is achieved by using the priv security level. Authentication ensures that the message is from a valid source, and encryption scrambles the content of the packet to prevent it from being learned by an unauthorized source. The auth sha and priv aes 256 parameters specify the algorithms used for authentication and encryption, respectively.SHA is more secure than MD5, and AES 256 is more secure than DES or 3DES. Therefore, option D is the correct answer, as it uses the priv security level, the SHA algorithm for authentication, and the AES 256 algorithm for encryption. The other options either use a lower security level (noauth or authNoPriv), a weaker encryption algorithm (des or 3des), or no encryption at all. References :=* SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) – SNMP Version 3* Configuration Template for SNMPv3 – Cisco Community* SNMP Version 3 – CiscoNEW QUESTION 224Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right. NEW QUESTION 225What does Cisco AMP for Endpoints use to help an organization detect different families of malware?  Ethos Engine to perform fuzzy fingerprinting  Tetra Engine to detect malware when me endpoint is connected to the cloud  Clam AV Engine to perform email scanning  Spero Engine with machine learning to perform dynamic analysis ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.Reference:ETHOS = Fuzzy Fingerprinting using static/passive heuristicsNEW QUESTION 226Which category includes Dos Attacks?  virus attacks  trojan attacks  flood attacks  phishing attacks NEW QUESTION 227Which two aspects of the cloud PaaS model are managed by the customer but not the provider? {Choose two.)  virtualization  middleware  operating systems  applications  data Explanationhttps://apprenda.com/library/paas/iaas-paas-saas-explained-compared/NEW QUESTION 228Which two cryptographic algorithms are used with IPsec? {Choose two.)  AES-BAC  AES-ABC  HMAC-SHA1/SHA2  Triple AMC-CBC  AES-CBC https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-mt/sec-sec-for-vpns-w-ipsec-15-mt-book/sec-cfg-vpn-ipsec.htmlNEW QUESTION 229What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)  Southbound APIs are used to define how SDN controllers integrate with applications.  Southbound interfaces utilize device configurations such as VLANs and IP addresses.  Northbound APIs utilize RESTful API methods such as GET, POST, and DELETE.  Southbound APIs utilize CLI, SNMP, and RESTCONF.  Northbound interfaces utilize OpenFlow and OpFlex to integrate with network devices.  Loading … Cisco 350-701 Dumps Cover Real Exam Questions: https://www.topexamcollection.com/350-701-vce-collection.html --------------------------------------------------- Images: https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2025-03-19 11:00:52 Post date GMT: 2025-03-19 11:00:52 Post modified date: 2025-03-19 11:00:52 Post modified date GMT: 2025-03-19 11:00:52