Download Cisco.350-701.VCEplus.2024-08-23.211q.tqb

Download Exam

File Info

Exam Implementing and Operating Cisco Security Core Technologies
Number 350-701
File Name Cisco.350-701.VCEplus.2024-08-23.211q.tqb
Size 7 MB
Posted Aug 23, 2024
Download Cisco.350-701.VCEplus.2024-08-23.211q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
(Choose two)


  1. Outgoing traffic is allowed so users can communicate with outside organizations.
  2. Malware infects the messenger application on the user endpoint to send company data.
  3. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
  4. An exposed API for the messaging platform is used to send large amounts of data.
  5. Messenger applications cannot be segmented with standard network controls
Correct answer: CE



Question 2

Which Cisco AMP file disposition valid?


  1. pristine
  2. malware 
  3. dirty
  4. non malicious
Correct answer: B



Question 3

When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?


  1. Spero analysis
  2. dynamic analysis
  3. sandbox analysis
  4. malware analysis
Correct answer: B
Explanation:
Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware.Reference:-> Spero analysis only uploads the signature of the (executable)https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-configguidev60/Reference_a_wrapper_Chapter_topic_here.htmlfiles to the AMP cloud. It does notupload thewhole file. Dynamic analysis sends files to AMP ThreatGrid.Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit.Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos SecurityIntelligence and Research Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally.There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a virtual machine.
Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware.
Reference:
-> Spero analysis only uploads the signature of the (executable)
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-configguidev60/Reference_a_wrapper_Chapter_topic_here.html
files to the AMP cloud. It does notupload thewhole file. Dynamic analysis sends files to AMP ThreatGrid.
Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit.
Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos Security
Intelligence and Research Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally.
There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a virtual machine.



Question 4

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?


  1. mirror port
  2. Flow
  3. NetFlow
  4. VPC flow logs
Correct answer: C



Question 5

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?


  1. Configure incoming content filters
  2. Use Bounce Verification
  3. Configure Directory Harvest Attack Prevention
  4. Bypass LDAP access queries in the recipient access table
Correct answer: C
Explanation:
A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different permutations of common username. Its easy for attackers to get hold of a valid email address if your organization uses standard format for official e-mail alias (for example: [email protected]). We can configure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here's an LDAP search translated into plainEnglish: "Search for all people located in Chicago who's name contains "Fred" that have an email address. Please return their full name, email, title, and description.
A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different permutations of common username. Its easy for attackers to get hold of a valid email address if your organization uses standard format for official e-mail alias (for example: [email protected]). We can configure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.
Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here's an LDAP search translated into plain
English: "Search for all people located in Chicago who's name contains "Fred" that have an email address. Please return their full name, email, title, and description.



Question 6

A company recently discovered an attack propagating throughout their Windows network via a file named abc428565580xyz exe The malicious file was uploaded to a Simple Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for the Windows clients was updated to reference the detection list Verification testing scans on known infected systems shows that AMP for Endpoints is not detecting the presence of this file as an indicator of compromise What must be performed to ensure detection of the malicious file?


  1. Upload the malicious file to the Blocked Application Control List
  2. Use an Advanced Custom Detection List instead of a Simple Custom Detection List
  3. Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis
  4. Upload the SHA-256 hash for the file to the Simple Custom Detection List
Correct answer: D



Question 7

Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)


  1. posture assessment
  2. aaa authorization exec default local
  3. tacacs-server host 10.1.1.250 key password
  4. aaa server radius dynamic-author
  5. CoA
Correct answer: DE



Question 8

An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?


  1. MDA on the router
  2. PBR on Cisco WSA
  3. WCCP on switch
  4. DNS resolution on Cisco WSA
Correct answer: C



Question 9

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?


  1. AAA attributes
  2. CoA request 
  3. AV pair
  4. carrier-grade NAT
Correct answer: B



Question 10

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?


  1. Multiple NetFlow collectors are supported
  2. Advanced NetFlow v9 templates and legacy v5 formatting are supported
  3. Secure NetFlow connections are optimized for Cisco Prime Infrastructure
  4. Flow-create events are delayed
Correct answer: B
Explanation:
Reference: <> monitor-nsel.pdf ... -- Delays the export of flow-create events. The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide the following major functions: ... -- Delays the export of flow-create events. Reference: <> monitor-nsel.pdf
Reference: <> monitor-nsel.pdf ... -- Delays the export of flow-create events. The ASA and ASASM implementations of NetFlow Secure Event 
Logging (NSEL) provide the following major functions: ... -- Delays the export of flow-create events. Reference: <> monitor-nsel.pdf









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files