350-701 Exam Questions
916 real 350-701 exam questions with expert-verified answers and explanations. Page 2 of 19.
- Question #51Network Security
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
Cisco FirepowerNGIPSnetwork discoveryimpact flags - Question #52
Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?
Authentication protocolsAAA conceptsAuthorization requests - Question #53
Which two preventive measures are used to control cross-site scripting? (Choose two.)
XSS preventionWeb application securityOutput encodingHTML sanitization - Question #54
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?
Cisco FirepowerNetwork Discovery - Question #55
Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
802.1XMABCisco authenticationCisco CLI - Question #56Content Security
An engineer is configuring a Cisco Secure Email Gateway and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed reci...
Cisco Secure Email GatewayEmail filteringRecipient Access Table - Question #57Threat Intelligence and Management
Which two capabilities does TAXII support? (Choose two.)
TAXIIThreat Intelligence Exchange - Question #58Secure Network Operations (Cisco DNA Center/SD-WAN)
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
Platform service policyDevice policy definitionShared device configuration - Question #59Secure Network Access, Visibility, and Enforcement
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus applicat...
Cisco ISEPosture assessmentNetwork Access ControlAnyConnect module - Question #60
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)
Cisco CTAThreat detection enginesData exfiltrationC2 communication - Question #61Threats and Attack Methods
In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?
Cross-site scriptingXSSEncoding techniques - Question #62
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)
IPsec Stateful FailoverHigh AvailabilityCisco IOSConfiguration Synchronization - Question #63
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
802.1XCisco IOS commandInterface authentication status - Question #64
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch secu...
DHCP SnoopingDynamic ARP InspectionSwitch port securitySpoofing prevention - Question #65
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
Cisco ASA VPNCisco ISE PostureRADIUS CoANetwork Access Control - Question #66
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
Cisco IOS commandsIKEv1IPsec VPNPre-shared key - Question #67
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)
Cisco ISEEndpoint ProfilingRADIUSDHCP - Question #68Securing the Cloud
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
Hybrid Cloud SecurityMicrosegmentationApplication VisibilityWorkload Protection - Question #69
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)
MFA factorsAuthentication factors - Question #70Cryptography
Which two key and block sizes are valid for AES? (Choose two.)
AES encryptionCryptographic algorithmsKey lengthsBlock sizes - Question #71Content Security
After deploying a Cisco Secure Email Gateway on your network, you notice that some messages fail to reach their destinations. Which task can you perform to determine where each mes...
Cisco Secure Email GatewayEmail message trackingEmail troubleshooting - Question #72
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?
Elliptic Curve CryptographyRSA algorithmAsymmetric encryption - Question #73
How is ICMP used an exfiltration technique?
ICMP exfiltrationCovert channelsCommand and Control (C2)Protocol misuse - Question #74Attacks, Vulnerabilities, and Mitigation
What is the difference between deceptive phishing and spear phishing?
phishingspear phishingsocial engineering - Question #75Secure Network Access, Visibility, and Enforcement
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requi...
Cisco ISETACACS+802.1XNetwork Access Control - Question #76
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)
802.1X authenticationCisco ISECisco Catalyst switch - Question #77
The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?
Cisco ASATLS proxyCisco UC ManagerCertificate Trust List - Question #78
Which API is used for Content Security?
AsyncOS APIContent SecurityCisco Security APIs - Question #79Network Security
Which two behavioral patterns characterize a ping of death attack? (Choose two.)
Ping of DeathDenial of Service (DoS)IP fragmentationMalformed packets - Question #80
Which two mechanisms are used to control phishing attacks? (Choose two.)
Phishing countermeasuresEmail filteringBrowser security - Question #81
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more thr...
Cisco UmbrellaWeb PolicySecurity CategoriesThreat Blocking - Question #82
What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two.)
Cisco ISEGuest accessWeb authenticationPortal redirection - Question #83
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
SQL injectionInput validationWeb application security - Question #84Cloud Security
Which deployment model is the most secure when considering risks to cloud adoption?
Cloud deployment modelsCloud securityPrivate cloud - Question #85Secure Cloud Access
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
Cloudlock Apps FirewallCloud Application SecurityCASB - Question #86
What is the primary benefit of deploying an ESA in hybrid mode?
Cisco ESAEmail securityHybrid deployment - Question #87
Which option is the main function of Cisco Firepower impact flags?
Cisco Firepowerimpact flagsintrusion correlation - Question #88Network Security
Which two deployment modes does the Cisco ASA FirePOWER module support? (Choose two.)
Cisco ASA FirePOWERFirePOWER deployment modes - Question #89Network Security
Drag and Drop Question Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right. Answer:
Firepower NGIPSIntrusion DetectionPort Scan DetectionNetwork Security Monitoring - Question #90Content Security
Drag and Drop Question Drag and drop the capabilities from the left onto the correct technologies on the right. Answer:
Threat PreventionAdvanced Malware ProtectionSecure Web GatewayContent Filtering - Question #91Network Security / VPN and Cryptographic Protocols - understanding the differences between IKE version 1 and IKE version 2 in terms of packet exchange, NAT traversal support, and authentication mechanisms (commonly tested on CompTIA Security+, CySA+, or Cisco CCNP Security)
Drag and Drop Question Drag and drop the descriptions from the left onto the correct protocol versions on the right. Answer:
IKEv1IKEv2IPsecVPN Protocols - Question #92
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
Cisco UmbrellaCisco TalosThreat IntelligenceURL Filtering - Question #93Content Security
What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?
Cisco WSAHTTPS decryptionApplication detection - Question #94Content Security
What is the primary role of the Cisco Email Security Appliance?
Email SecurityMail Transfer AgentEmail ArchitectureThreat Protection - Question #95
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)
Cisco DNA CenterSDNNetwork automationNetwork assurance - Question #96
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
DNS tunnelingData exfiltrationNetwork attacks - Question #97
Which algorithm provides encryption and authentication for data plane communication?
AES-GCMAuthenticated encryption - Question #98
How does Cisco Umbrella archive logs to an enterprise-owned storage?
Cisco Umbrella log managementLog archivingAWS S3 integration - Question #99
In which cloud services model is the tenant responsible for virtual machine OS patching?
Cloud service modelsShared responsibility modelIaaS responsibilities - Question #100Security Concepts
Which two descriptions of AES encryption are true? (Choose two.)
AES encryption3DES encryptionSymmetric encryptionEncryption key lengths