350-701 Dumps
350-701 Braindumps
350-701 Real Questions
350-701 Practice Test
350-701 Actual Questions
killexams.com
Implementing and Operating Cisco Security Core Technologies (SCOR)
https://killexams.com/pass4sure/exam-detail/350-701
Question: 721
Which information is required when adding a device to Firepower Management Center?
username and password
encryption method
device serial number
registration key
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-configguide-v60/Device_Management_Basics.html#ID-2242-0000069d
Question: 722
Which technology is used to improve web traffic performance by proxy caching?
WSA
Firepower
FireSIGHT
ASA
Question: 723
What are two list types within AMP for Endpoints Outbreak Control? (Choose two.)
blocked ports
simple custom detections
command and control
allowed applications
URL
Reference: https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf chapter
Question: 724
DRAG DROP
Drag and drop the capabilities from the left onto the correct technologies on the right.
Question: 725
How does Cisco Stealthwatch Cloud provide security for cloud environments?
It delivers visibility and threat detection.
It prevents exfiltration of sensitive data.
It assigns Internet-based DNS protection for clients and servers.
It facilitates secure connectivity between public and private networks.
Reference: https://www.content.shi.com/SHIcom/ContentAttachmentImages/SharedResources/FBLP/Cisco/Cisco-091919-Simple-IT-Whitepaper.pdf
Question: 726
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
A sysopt command can be used to enable NSEL on a specific interface.
NSEL can be used without a collector configured.
A flow-export event type must be defined under a policy.
Question: 727
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)
data exfiltration
command and control communication
intelligent proxy
snort
URL categorization
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-aglance-c45-736555.pdf
Question: 728
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two.)
Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
The IPsec configuration that is set up on the active device must be duplicated on the standby device.
Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/secvpn-availability-15-mt-book/sec-state-fail-ipsec.html
Question: 729
Which two key and block sizes are valid for AES? (Choose two.)
64-bit block size, 112-bit key length
64-bit block size, 168-bit key length
128-bit block size, 192-bit key length
128-bit block size, 256-bit key length
192-bit block size, 256-bit key length
DRAG DROP
Drag and drop the Firepower Next Generation Intrustion Prevention System detectors from the left onto the correct definitions on the right.
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide-v64/detecting_specific_threats.html
Question: 731
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?
Cisco Identity Services Engine and AnyConnect Posture module
Cisco Stealthwatch and Cisco Identity Services Engine integration
Cisco ASA firewall with Dynamic Access Policies configured
Cisco Identity Services Engine with PxGrid services enabled
Which algorithm provides encryption and authentication for data plane communication?
AES-GCM
SHA-96
AES-256
SHA-384
Question: 733
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)
phishing
brute force
man-in-the-middle
DDOS
tear drop
Question: 734
Which deployment model is the most secure when considering risks to cloud adoption?
public cloud
hybrid cloud
community cloud
private cloud
Question: 735
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
security intelligence
impact flags
health monitoring
URL filtering
Question: 736
Which technology reduces data loss by identifying sensitive information stored in public computing environments?
Cisco SDA
Cisco Firepower
Cisco HyperFlex
Cisco Cloudlock
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cloudlock/cisco-cloudlockcloud-data-security-datasheet.pdf
Question: 737
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?
DNS tunneling
DNSCrypt
DNS security
DNSSEC
Reference: https://learn-umbrella.cisco.com/cloud-security/dns-tunneling
Question: 738
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)
biometric factor
time factor
confidentiality factor
knowledge factor
encryption factor
Question: 739
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
File Analysis
SafeSearch
SSL Decryption
Destination Lists