nerdexam
Cisco

350-701 · Question #15

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solution

The correct answer is A. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level. Cisco ISE posture policies can check for and enforce the installation of critical patches like MS17-010 to mitigate ransomware vulnerabilities.

Submitted by brentm· Mar 30, 2026Endpoint Protection and Detection

Question

An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

Exhibit

350-701 question #15 exhibit

Options

  • AConfigure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before
  • BSet up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before
  • CConfigure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level
  • DConfigure endpoint firewall policies to stop the exploit traffic from being allowed to run and
  • ESet up a well-defined endpoint patching strategy to ensure that endpoints have critical

How the community answered

(62 responses)
  • A
    81% (50)
  • B
    5% (3)
  • D
    11% (7)
  • E
    3% (2)

Why each option

Cisco ISE posture policies can check for and enforce the installation of critical patches like MS17-010 to mitigate ransomware vulnerabilities.

AConfigure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch beforeCorrect

Cisco Identity Services Engine (ISE) posture policies can be configured not only to detect missing patches like MS17-010 but also to automatically initiate or enforce the installation of these patches, thereby remediating the vulnerability before granting network access.

BSet up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before

Profiling in Cisco ISE identifies and categorizes endpoints based on various attributes but is not used to check for specific patch levels or to initiate patch installation for posture compliance.

CConfigure a posture policy in Cisco Identity Services Engine to check that an endpoint patch levelCorrect

A Cisco Identity Services Engine (ISE) posture policy can be configured to check that an endpoint has the required MS17-010 patch installed as a condition for determining its compliance and eligibility for network access.

DConfigure endpoint firewall policies to stop the exploit traffic from being allowed to run and

While endpoint firewall policies can help prevent the spread or execution of exploit traffic post-compromise, they do not directly address or remediate the root vulnerability of a missing patch.

ESet up a well-defined endpoint patching strategy to ensure that endpoints have critical

Setting up a well-defined endpoint patching strategy is a good overall practice but does not represent a specific, immediate technical solution using Cisco products to mitigate the discovered vulnerability as the other options do.

Concept tested: Cisco ISE Posture Remediation (Patch Management)

Source: https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ISE_admin_guide_27/b_ISE_admin_guide_27_chapter_0100.html

Topics

#ISE posture policy#MS17-010 patch#WannaCry remediation#endpoint compliance

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice