Leading 350-701 Free Download For Implementing And Operating Cisco Security Core Technologies Certification

NEW QUESTION 1
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

• A. Cisco Prime Infrastructure
• B. Cisco Identity Services Engine
• C. Cisco Stealthwatch
• D. Cisco AMP for Endpoints

Answer: B

NEW QUESTION 2
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

• A. Nexus
• B. Stealthwatch
• C. Firepower
• D. Tetration

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/solutions/security/secure-data-center-solution/index.html#~products

NEW QUESTION 3
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

• A. put
• B. options
• C. get
• D. push
• E. connect

Answer: AC

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html

NEW QUESTION 4
What is a characteristic of Dynamic ARP Inspection?

• A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
• B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
• C. DAI associates a trust state with each switch.
• D. DAI intercepts all ARP requests and responses on trusted ports only.

Answer: A

NEW QUESTION 5
Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

• A. show authentication registrations
• B. show authentication method
• C. show dot1x all
• D. show authentication sessions

Answer: B

NEW QUESTION 6
Which SNMPv3 configuration must be used to support the strongest security possible?

• A. asa-host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
• B. asa-host(config)#snmp-server group myv3 v3 noauth asa- host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa- host(config)#snmp-server host inside 10.255.254.1 version 3 andy
• C. asa-host(config)#snmp- server group myv3 v3 noauth asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXXasa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy
• D. asa- host(config)#snmp-server group myv3 v3 priv asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy

Answer: D

NEW QUESTION 7
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

• A. group policy
• B. access control policy
• C. device management policy
• D. platform service policy

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/platform_settings_policies_for_managed_devices.pdf

NEW QUESTION 8
DRAG DROP
Drag and drop the capabilities from the left onto the correct technologies on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 9
What is a language format designed to exchange threat intelligence that can be transported over the TAXII protocol?

• A. STIX
• B. XMPP
• C. pxGrid
• D. SMTP

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guide/b_ScanCenter_Administrator_Guide/b_ScanCenter_Administrator_Guide_chapter_0100011.pdf

NEW QUESTION 10
Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

• A. The authentication request contains only a password
• B. The authentication request contains only a username
• C. The authentication and authorization requests are grouped in a single packet.
• D. There are separate authentication and authorization request packets.

Answer: C

NEW QUESTION 11
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)

• A. data exfiltration
• B. command and control communication
• C. intelligent proxy
• D. snort
• E. URL categorization

Answer: AB

Explanation:
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-a-glance-c45-736555.pdf

NEW QUESTION 12
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

• A. SNMP
• B. SMTP
• C. syslog
• D. model-driven telemetry

Answer: D

Explanation:
Reference: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide

NEW QUESTION 13
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

• A. authentication server: Cisco Identity Service Engine
• B. supplicant: Cisco AnyConnect ISE Posture module
• C. authenticator: Cisco Catalyst switch
• D. authenticator: Cisco Identity Services Engine
• E. authentication server: Cisco Prime Infrastructure

Answer: AC

Explanation:
Reference: https://www.lookingpoint.com/blog/ise-series-802.1x

NEW QUESTION 14
Which API is used for Content Security?

• A. NX-OS API
• B. IOS XR API
• C. OpenVuln API
• D. AsyncOS API

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/security_management/sma/sma12-0/api/b_SMA_API_12/test_chapter_01.html

NEW QUESTION 15
Which two activities can be done using Cisco DNA Center? (Choose two.)

• A. DHCP
• B. design
• C. accounting
• D. DNS
• E. provision

Answer: BE

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-1/user_guide/b_dnac_ug_1_2_1/b_dnac_ug_1_2_chapter_00.pdf

NEW QUESTION 16
Which ASA deployment mode can provide separation of management on a shared appliance?

• A. DMZ multiple zone mode
• B. transparent firewall mode
• C. multiple context mode
• D. routed mode

Answer: C

NEW QUESTION 17
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

• A. Ensure that the client computers are pointing to the on-premises DNS servers.
• B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
• C. Add the public IP address that the client computers are behind to a Core Identity.
• D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Answer: B

NEW QUESTION 18
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

• A. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
• B. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.
• C. EPP focuses on network security, and EDR focuses on device security.
• D. EDR focuses on network security, and EPP focuses on device security.

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/products/security/endpoint-security/what-is-endpoint-detection-response-edr.html

NEW QUESTION 19
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)

• A. Sophos engine
• B. white list
• C. RAT
• D. outbreak filters
• E. DLP

Answer: AD

NEW QUESTION 20
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

• A. DMVPN
• B. FlexVPN
• C. IPsec DVTI
• D. GET VPN

Answer: D

NEW QUESTION 21
......