Download Implementing and Operating Cisco Security Core Technologies.350-701.NewDumps.2021-04-16.71q.vcex

Vendor: Cisco
Exam Code: 350-701
Exam Name: Implementing and Operating Cisco Security Core Technologies
Date: Apr 16, 2021
File Size: 3 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
What is a characteristic of a bridge group in ASA Firewall transparent mode?
  1. It includes multiple interfaces and access rules between interfaces are customizable
  2. It is a Layer 3 segment and includes one port and customizable access rules
  3. It allows ARP traffic with a single access rule
  4. It has an IP address on its BVI interface and is used for management traffic
Correct answer: A
Explanation:
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.  Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.  You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.  Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html  Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.  
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.  
You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.  
Reference: 
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html  
Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
Question 2
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?
  1. Common Security Exploits
  2. Common Vulnerabilities and Exposures
  3. Common Exploits and Vulnerabilities
  4. Common Vulnerabilities, Exploits and Threats
Correct answer: B
Explanation:
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures(CVE). CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.  The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security services.  Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures(CVE). CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.  
The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security services.  
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Question 3
Which two fields are defined in the NetFlow flow? (Choose two)
  1. type of service byte
  2. class of service bits
  3. Layer 4 protocol type
  4. destination port
  5. output logical interface
Correct answer: AD
Explanation:
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: Ingress interface (SNMP ifIndex)  Source IP address  Destination IP address  IP protocol  Source port for UDP or TCP, 0 for other protocols  Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols  IP Type of Service  Note: A flow is a unidirectional series of packets between a given source and destination.
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: 
  • Ingress interface (SNMP ifIndex)  
  • Source IP address  
  • Destination IP address  
  • IP protocol  
  • Source port for UDP or TCP, 0 for other protocols  
  • Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols  
  • IP Type of Service  
Note: A flow is a unidirectional series of packets between a given source and destination.
Question 4
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
  1. NetFlow
  2. desktop client
  3. ASDM
  4. API
Correct answer: D
Question 5
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.  
  
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.  The Cisco Advanced Malware Protection (AMP) solution enables you to detect and block malware, continuously analyze for malware, and get retrospective alerts. AMP for Networks delivers network-based advanced malware protection that goes beyond point-in-time detection to protect your organization across the entire attack continuum – before, during, and after an attack.  Designed for Cisco Firepower® network threat appliances, AMP for Networks detects, blocks,tracks, and contains malware threats across multiple threat vectors within a single system. It also provides the visibility and control necessary to protect your organization against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. 
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.  
The Cisco Advanced Malware Protection (AMP) solution enables you to detect and block malware, continuously analyze for malware, and get retrospective alerts. AMP for Networks delivers network-based advanced malware protection that goes beyond point-in-time detection to protect your organization across the entire attack continuum – before, during, and after an attack.  
Designed for Cisco Firepower® network threat appliances, AMP for Networks detects, blocks,tracks, and contains malware threats across multiple threat vectors within a single system. It also provides the visibility and control necessary to protect your organization against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. 
Question 6
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. 
What action would allow the attacker to gain access to machine 1 but not machine 2?
  1. sniffing the packets between the two hosts
  2. sending continuous pings
  3. overflowing the buffer’s memory
  4. inserting malicious commands into the database
Correct answer: D
Question 7
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. 
The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
  1. Cisco Firepower
  2. Cisco Umbrella
  3. ISE
  4. AMP
Correct answer: B
Explanation:
Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent.
Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. 
Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent.
Question 8
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. 
The company needs to be able to protect sensitive data throughout the full environment.  
Which tool should be used to accomplish this goal?
  1. Security Manager
  2. Cloudlock
  3. Web Security Appliance
  4. Cisco ISE
Correct answer: B
Explanation:
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.
Question 9
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. 
However, the connection is failing. Which action should be taken to accomplish this goal?
  1. Disable telnet using the no ip telnet command.
  2. Enable the SSH server using the ip ssh server command.
  3. Configure the port using the ip ssh port 22 command.
  4. Generate the RSA key using the crypto key generate rsa command.
Correct answer: D
Explanation:
In this question, the engineer was trying to secure the connection so maybe he was trying to allow SSH to the device.But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the “crypto key generate rsa” command.
In this question, the engineer was trying to secure the connection so maybe he was trying to allow SSH to the device.
But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the “crypto key generate rsa” command.
Question 10
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis.  
The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?
  1. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
  2. The file is queued for upload when connectivity is restored.
  3. The file upload is abandoned.
  4. The ESA immediately makes another attempt to upload the file.
Correct answer: C
Explanation:
The appliance will try once to upload the file; if upload is not successful, for example because of connectivity problems, the file may not be uploaded. If the failure was because the file analysis server was overloaded, the upload will be attempted once more.  Reference:https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technote-esa-00.html  In this question, it stated “the network is congested” (not the file analysis server was overloaded) so the appliance will not try to upload the file again.
The appliance will try once to upload the file; if upload is not successful, for example because of connectivity problems, the file may not be uploaded. If the failure was because the file analysis server was overloaded, the upload will be attempted once more.  
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technote-esa-00.html  
In this question, it stated “the network is congested” (not the file analysis server was overloaded) so the appliance will not try to upload the file again.
Question 11
What is a characteristic of a bridge group in ASA Firewall transparent mode?
  1. It includes multiple interfaces and access rules between interfaces are customizable
  2. It is a Layer 3 segment and includes one port and customizable access rules
  3. It allows ARP traffic with a single access rule
  4. It has an IP address on its BVI interface and is used for management traffic
Correct answer: A
Explanation:
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.  Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.  You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.  Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html  Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.  
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.  
You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.  
Reference: 
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html  
Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
Question 12
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?
  1. Common Security Exploits
  2. Common Vulnerabilities and Exposures
  3. Common Exploits and Vulnerabilities
  4. Common Vulnerabilities, Exploits and Threats
Correct answer: B
Explanation:
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures(CVE). CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.  The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security services.  Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures(CVE). CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.  
The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security services.  
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Question 13
Which two fields are defined in the NetFlow flow? (Choose two)
  1. type of service byte
  2. class of service bits
  3. Layer 4 protocol type
  4. destination port
  5. output logical interface
Correct answer: AD
Explanation:
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: Ingress interface (SNMP ifIndex)  Source IP address  Destination IP address  IP protocol  Source port for UDP or TCP, 0 for other protocols  Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols  IP Type of Service  Note: A flow is a unidirectional series of packets between a given source and destination.
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: 
  • Ingress interface (SNMP ifIndex)  
  • Source IP address  
  • Destination IP address  
  • IP protocol  
  • Source port for UDP or TCP, 0 for other protocols  
  • Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols  
  • IP Type of Service  
Note: A flow is a unidirectional series of packets between a given source and destination.
Question 14
What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?
  1. NetFlow
  2. desktop client
  3. ASDM
  4. API
Correct answer: D
Question 15
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.  
  
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.  The Cisco Advanced Malware Protection (AMP) solution enables you to detect and block malware, continuously analyze for malware, and get retrospective alerts. AMP for Networks delivers network-based advanced malware protection that goes beyond point-in-time detection to protect your organization across the entire attack continuum – before, during, and after an attack.  Designed for Cisco Firepower® network threat appliances, AMP for Networks detects, blocks,tracks, and contains malware threats across multiple threat vectors within a single system. It also provides the visibility and control necessary to protect your organization against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. 
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.  
The Cisco Advanced Malware Protection (AMP) solution enables you to detect and block malware, continuously analyze for malware, and get retrospective alerts. AMP for Networks delivers network-based advanced malware protection that goes beyond point-in-time detection to protect your organization across the entire attack continuum – before, during, and after an attack.  
Designed for Cisco Firepower® network threat appliances, AMP for Networks detects, blocks,tracks, and contains malware threats across multiple threat vectors within a single system. It also provides the visibility and control necessary to protect your organization against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. 
Question 16
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. 
What action would allow the attacker to gain access to machine 1 but not machine 2?
  1. sniffing the packets between the two hosts
  2. sending continuous pings
  3. overflowing the buffer’s memory
  4. inserting malicious commands into the database
Correct answer: D
Question 17
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. 
The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
  1. Cisco Firepower
  2. Cisco Umbrella
  3. ISE
  4. AMP
Correct answer: B
Explanation:
Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent.
Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations – before a connection is ever made. 
Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent.
Question 18
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. 
The company needs to be able to protect sensitive data throughout the full environment.  
Which tool should be used to accomplish this goal?
  1. Security Manager
  2. Cloudlock
  3. Web Security Appliance
  4. Cisco ISE
Correct answer: B
Explanation:
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.
Question 19
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. 
However, the connection is failing. Which action should be taken to accomplish this goal?
  1. Disable telnet using the no ip telnet command.
  2. Enable the SSH server using the ip ssh server command.
  3. Configure the port using the ip ssh port 22 command.
  4. Generate the RSA key using the crypto key generate rsa command.
Correct answer: D
Explanation:
In this question, the engineer was trying to secure the connection so maybe he was trying to allow SSH to the device.But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the “crypto key generate rsa” command.
In this question, the engineer was trying to secure the connection so maybe he was trying to allow SSH to the device.
But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the “crypto key generate rsa” command.
Question 20
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis.  
The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?
  1. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
  2. The file is queued for upload when connectivity is restored.
  3. The file upload is abandoned.
  4. The ESA immediately makes another attempt to upload the file.
Correct answer: C
Explanation:
The appliance will try once to upload the file; if upload is not successful, for example because of connectivity problems, the file may not be uploaded. If the failure was because the file analysis server was overloaded, the upload will be attempted once more.  Reference:https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technote-esa-00.html  In this question, it stated “the network is congested” (not the file analysis server was overloaded) so the appliance will not try to upload the file again.
The appliance will try once to upload the file; if upload is not successful, for example because of connectivity problems, the file may not be uploaded. If the failure was because the file analysis server was overloaded, the upload will be attempted once more.  
Reference:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technote-esa-00.html  
In this question, it stated “the network is congested” (not the file analysis server was overloaded) so the appliance will not try to upload the file again.
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!