File Info
| Exam | Implementing and Operating Cisco Security Core Technologies |
| Number | 350-701 |
| File Name | Cisco.350-701.PassLeader.2024-12-25.131q.tqb |
| Size | 7 MB |
| Posted | Dec 25, 2024 |
| Download | Cisco.350-701.PassLeader.2024-12-25.131q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.)
- blocked ports
- simple custom detections
- command and control
- allowed applications
- URL
Correct answer: BD
Question 2
Which command enables 802.1X globally on a Cisco switch?
- dot1x system-auth-control
- dot1x pae authenticator
- authentication port-control auto
- aaa new-model
Correct answer: A
Question 3
What is the function of Cisco Cloudlock for data security?
- data loss prevention
- controls malicious cloud apps
- detects anomalies
- user and entity behavior analytics
Correct answer: A
Question 4
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.)
- computer identity
- Windows service
- user identity
- Windows firewall
- default browser
Correct answer: BD
Question 5
What is a characteristic of Dynamic ARP Inspection?
- DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
- In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
- DAI associates a trust state with each switch.
- DAI intercepts all ARP requests and responses on trusted ports only.
Correct answer: A
Explanation:
Dynamic ARP Inspection To prevent ARP poisoning attacks such as the one described in the previous section, a switch must ensure that only valid ARP requests and responses are relayed. DAI prevents these attacks by intercepting all ARP requests and responses. Each of these intercepted packets is verified for valid MAC address to IP address bindings before the local ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped. DAI determines the validity of an ARP packet based on valid MAC address to IP address bindings stored in a trusted database. This database is built at runtime by DHCP snooping, provided that it is enabled on the VLANs and on the switch in question. In addition, DAI can also validate ARP packets against user-configured ARP ACLs in order to handle hosts that use statically configured IP addresses. DAI can also be configured to drop ARP packets when the IP addresses in the packet are invalid or when the MAC addresses in the body of the ARP packet do not match the addresses specified in the Ethernet header. Dynamic ARP Inspection
To prevent ARP poisoning attacks such as the one described in the previous section, a switch must ensure that only valid ARP requests and responses are relayed. DAI prevents these attacks by intercepting all ARP requests and responses. Each of these intercepted packets is verified for valid MAC address to IP address bindings before the local ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.
DAI determines the validity of an ARP packet based on valid MAC address to IP address bindings stored in a trusted database. This database is built at runtime by DHCP snooping, provided that it is enabled on the VLANs and on the switch in question. In addition, DAI can also validate ARP packets against user-configured ARP ACLs in order to handle hosts that use statically configured IP addresses.
DAI can also be configured to drop ARP packets when the IP addresses in the packet are invalid or when the MAC addresses in the body of the ARP packet do not match the addresses specified in the Ethernet header.
Question 6
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?
- NGFW
- AMP
- WSA
- ESA
Correct answer: B
Explanation:
Question 7
Where are individual sites specified to be blacklisted in Cisco Umbrella?
- application settings
- content categories
- security settings
- destination lists
Correct answer: D
Explanation:
To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save. https://support.umbrella.com/hc/en-us/articles/115004518146-Umbrella-Dashboard-New-Features-Custom-blocked-URLs To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save.
https://support.umbrella.com/hc/en-us/articles/115004518146-Umbrella-Dashboard-New-Features-Custom-blocked-URLs
Question 8
Which statement about IOS zone-based firewalls is true?
- An unassigned interface can communicate with assigned interfaces
- Only one interface can be assigned to a zone.
- An interface can be assigned to multiple zones.
- An interface can be assigned only to one zone.
Correct answer: D
Question 9
Which two activities can be done using Cisco DNA Center? (Choose two.)
- DHCP
- design
- accounting
- DNS
- provision
Correct answer: BE
Question 10
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
- RSA SecureID
- Internal Database
- Active Directory
- LDAP
Correct answer: A
Explanation:
In Cisco ISE, you can authenticate administrators via an external identity store such as Active Directory, LDAP, or RSA SecureID. There are two models you can use to provide authentication via an external identity store: External Authentication and Authorization: There are no credentials that are specified in the local Cisco ISE database for the administrator, and authorization is based on external identity store group membership only. This model is used for Active Directory and LDAP authentication. External Authentication and Internal Authorization: The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database. Source: https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011010.html Scroll down to: "Administrative Access to Cisco ISE Using an External Identity Store" In Cisco ISE, you can authenticate administrators via an external identity store such as Active Directory, LDAP, or RSA SecureID. There are two models you can use to provide authentication via an external identity store:
External Authentication and Authorization: There are no credentials that are specified in the local Cisco ISE database for the administrator, and authorization is based on external identity store group membership only. This model is used for Active Directory and LDAP authentication.
External Authentication and Internal Authorization: The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication.
This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.
Source: https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011010.html
Scroll down to: "Administrative Access to Cisco ISE Using an External Identity Store"
