350-701 Exam Questions
916 real 350-701 exam questions with expert-verified answers and explanations. Page 18 of 19.
- Question #853
A network engineering team wants to configure web reputation URL filtering in Cisco vManage by setting the web reputation to Moderate Risk. Which reputation score must be configure...
Cisco vManageWeb reputation filteringURL filteringSecurity policy configuration - Question #854
A security engineer must configure logging to the cloud on Cisco Secure Firewall Threat Defense. What is required if logs are sent via syslog?
Cisco FTDCloud loggingSyslogSecurity Service Exchange - Question #855Visibility and Enforcement
An engineer must monitor the behavior of devices on an on-premises network and send the data to the Cisco Secure Cloud Analytics platform for analysis. The engineer will perform th...
Cisco Secure Cloud AnalyticsNetwork MonitoringPNM sensorOn-premises data collection - Question #856Content Security
Refer to the exhibit. An engineer deploys a Cisco Secure Web Appliance using the explicit proxy Which two configurations must be created to meet the requirement? (Choose two.)
Cisco SWAExplicit ProxyURL FilteringContent Filtering Policies - Question #857
Which feature does Cisco Umbrella use to protect all communications between a DNS client and a DNS resolver against DNS attacks?
Cisco UmbrellaDNS protectionDNSCrypt - Question #858
Refer to the exhibit. An engineer must configure an incoming mail policy so that each email sent from [email protected] to a domain of @cisco.com is scanned for antispam and advan...
Email Security PolicyAnti-SpamAdvanced Malware Protection - Question #859Configure and manage logging and monitoring on Cisco Secure Web Appliance, including secure file transfer of log data using SCP with SSH key-based authentication
Drag and Drop Question An engineer must configure AsyncOS for Cisco Secure Web Appliance to push log files to a syslog server using the SCP retrieval method. Drag and drop the step...
Cisco Secure Web ApplianceAsyncOS Log SubscriptionSCP ConfigurationSSH Key Exchange - Question #860
Which endpoint security solution capability reduces the effectiveness of spear phishing attacks?
endpoint securityspear phishingbehavioral analytics - Question #861Endpoint Security
What is the purpose of deploying the latest patch to an endpoint?
patch managementvulnerability managementendpoint security - Question #862Infrastructure Security - Configure and verify device access control using AAA with TACACS+ for network device management (CCNA/CCNP Security Domain: Implementing Secure Network Access)
Drag and Drop Question Refer to the exhibit. An engineer must configure a Cisco switch to use a TACACS+ server at IP address 20.20.20.1 with key Cisco123! for all Telnet connection...
AAATACACS+Switch SecurityVTY Line Configuration - Question #863
Refer to the exhibit. A network engineer is implementing a new security solution and is configuring the existing infrastructure for device management. The engineer must retrieve in...
Cisco IOSCDPShow commandsDevice management - Question #864
A network engineer must configure a Cisco router to use a RADIUS server for AAA. The engineer establishes a network connection between the router and the RADIUS server and configur...
Cisco AAARADIUS configurationAAA server groupsRouter authentication - Question #865
An engineer has configured TACACS to perform user authentication on Cisco Catalyst switch. The authentication must fall back to the local user database of the switch using the user...
Cisco AAA authenticationTACACS+ configurationAuthentication method listsLocal authentication fallback - Question #866Secure Network Access, Visibility, and Enforcement
A networking team must harden an organization's core switch against man-in-the-middle attacks. The team must use Dynamic ARP Inspection on the switch to meet the requirement. The t...
Dynamic ARP InspectionLayer 2 securityARP securitySwitch security configuration - Question #867Infrastructure Security – Configuring AAA (Authentication, Authorization, and Accounting) with TACACS+ on Cisco IOS devices for centralized network device management
Drag and Drop Question A network engineer must configure switches to support TACACS+ to manage multiple switches from a single management service. Drag and drop the code snippets f...
TACACS+AAA ConfigurationCisco IOS CLINetwork Security Management - Question #868Threats and Vulnerabilities
What is a difference between software bugs and path traversal?
Software vulnerabilitiesPath traversal attackWeb security - Question #869
Refer to the exhibit. Which task is the Python script performing by using the Cisco Secure Firewall API?
Python scriptingCisco Secure Firewall APINetwork automationREST API - Question #870
An engineer must implement a backup solution between a branch office and the headquarters of a company. The solution must use a protocol that meets these requirements: - Be connect...
SFTPFile Transfer ProtocolsNetwork SecurityProtocol Features - Question #871
A network engineer must configure an access control policy on top of an existing Cisco Secure Firewall Threat Defense access control policy. The policy must contain IP addresses an...
Cisco FTDFTD Access ControlPrefilter PolicyNetwork Filtering - Question #872Automation and Programmability - Use NETCONF to configure network devices and understand the structure of NETCONF operations and attributes as defined in RFC 6241
Refer to the exhibit. A network engineer must delete part of a Cisco router configuration using the NETCONF API. The engineer uses a Python script to automate the activity. Which c...
NETCONFNetwork AutomationXMLPython Scripting - Question #873
What are two capabilities of Cisco Umbrella? (Choose two.)
Cisco UmbrellaDNS securityCloud security - Question #874
Which two phases are part of the Data Security Lifecycle? (Choose two.)
Data Security LifecycleData ProtectionData Governance - Question #875
Which Cisco Secure Endpoint for Email Security capability protects users from phishing attacks?
Cisco Secure EmailPhishing ProtectionEmail SecuritySecurity Awareness - Question #876Content Security
What is a capability of Cisco Secure Email Gateway compared to Cisco Secure Email Cloud Gateway?
Cisco Secure Email GatewayCisco Secure Email Cloud GatewayEmail SecurityManaged Security Services - Question #877
A growing software development company recently acquired a smaller start-up social media company. The web security controls for the enterprise must now be configured to allow the n...
Cisco Secure Web ApplianceWeb proxy policiesSubnet-based access controlOutbound web security - Question #878Content Security
An engineer must establish and maintain the redirection of selected types of traffic flowing through a group of routers for a new deployment of Secure Web Appliance by using WCCP....
WCCPCisco Secure Web ApplianceProxy modesTraffic redirection - Question #879Endpoint Security
What is the goal of an endpoint patching strategy?
Endpoint PatchingPatch Management - Question #880
Refer to the exhibit. A network security engineer must enable and configure port security on a Cisco Catalyst switch. Up to 20 secure MAC addresses must be supported per port. In c...
Cisco Port SecurityPort Security Violation ModesLayer 2 SecuritySwitch Configuration - Question #881
What is an advantage of Cisco Secure Client when compared to IPsec?
Cisco Secure ClientIPsecVPN protocolsSSL VPN - Question #882
An administrator wants to ensure that the organization's remote access VPN devices can connect to the VPN without the user logging into the devices. Which action accomplishes this...
Cisco Secure ClientRemote Access VPNStart Before Logon - Question #883
Refer to the exhibit. A security engineer has configured a Cisco Catalyst Switch with 802.1X for wired authentication. During testing an endpoint with MAC address 11:22:33:44:55:77...
802.1XCisco Switch SecurityWired Authenticationdot1x configuration - Question #884
Refer to the exhibit. An engineer must ensure that SSH and console logins to a Cisco ASA device with an IP address of 192.168.10.100 are performed using an AAA server that has an I...
Cisco ASA AAAAAA local fallbackSSH/Console authentication - Question #885
Which technology will an engineer recommend to improve security during data transmission for
X.509 certificatesSecure communicationPKI - Question #886
Which type of DDoS attack masks an attacker's identity?
DDoS attacksReflection attacks - Question #887Network Security
What is a capability of Cisco Talos?
Cisco TalosIntrusion PoliciesThreat IntelligenceCisco Secure Firewall - Question #888Network Security
A network engineer must establish a site-to-site VPN between two Cisco routers using IPsec. The engineer creates an extended access control list to permit the traffic, configures p...
Cisco IPsec VPNCrypto mapSite-to-site VPNVPN configuration - Question #889
What is a difference between Cisco Group Encrypted Transport VPN and Cisco FlexVPN?
GET VPNFlexVPNVPN types - Question #890Network Security
A network engineer must monitor the logs from multiple Cisco routers by using a syslog to forward the logs to a syslog server. TLS must be used when transmitting the logs. The engi...
Cisco syslogSyslog over TLSSecure logging - Question #891
What is a traffic flow capability of an out-of-band deployed IDS?
IDSOut-of-band IDSTraffic monitoring - Question #892
What are two components of Cisco Umbrella? (Choose two.)
Cisco UmbrellaSecure Web GatewayDNS-layer security - Question #893
An organization needs a cloud solution that meets these requirements: - must be provisioned for exclusive use - must be owned and managed by a third-party partner - partner organiz...
Cloud deployment modelsPrivate cloud characteristics - Question #894
A company named ABC wants to migrate to the cloud to reduce operational costs. The company requires a cloud solution where the cloud provider is responsible for: - Virtualization u...
Cloud service modelsIaaSShared responsibility model - Question #895
Which AWS platform does Cisco Container Platform integrate with for cluster provisioning on- premises and on the cloud through a single management user interface?
Cisco Container PlatformAWS EKSKubernetes integrationCluster provisioning - Question #896
A security engineer configures a Cisco Secure Email Gateway to ensure that quarantined email messages are virus-free before the messages are delivered. In addition, the delivery of...
Cisco Secure Email GatewayEmail AntivirusSender ReputationEmail Quarantine - Question #897
A security engineer must create a policy based on the reputation verdict of a file from a Cisco Secure Email Gateway. The file with an undetermined verdict must be dropped. Which a...
Cisco Secure Email GatewayFile ReputationEmail Security PolicyUnknown Verdict Handling - Question #898
A network security engineer must block malicious URLs from being accessed on a corporate network. The engineer installed a Cisco Secure Web Appliance and must redirect HTTP traffic...
Cisco Secure Web ApplianceWCCPTraffic RedirectionWeb Filtering - Question #899
What is a benefit of an endpoint patch management strategy?
Patch managementEndpoint securityIT operations - Question #900Secure Network Access, Visibility, and Enforcement
What is the function of Cisco pxGrid in a security infrastructure?
Cisco pxGridSecurity integration - Question #901Configure and verify AAA authentication using RADIUS on Cisco IOS devices - maps to CCNA Security / ENCOR (350-401) Security domain or CCNA (200-301) Security Fundamentals
Drag and Drop Question An engineer must configure a Cisco switch to use a RADIUS server for AAA to meet these requirements: - Use Cisco123! as an encryption key. - Be located at an...
AAA ConfigurationRADIUSCisco IOS CLINetwork Security - Question #902
What is a benefit of Cisco IOS Flexible NetFlow?
Cisco Flexible NetFlowSecurity MonitoringNetwork VisibilityTraffic Analysis