Our team of highly skilled and experienced professionals is dedicated to delivering up-to-date and precise study materials in PDF format to our customers. We deeply value both your time and financial investment, and we have spared no effort to provide you with the highest quality work. We ensure that our students consistently achieve a score of more than 95% in the Cisco 350-701 exam. You provide only authentic and reliable study material. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is any change in the 350-701 dumps file. The Cisco 350-701 exam question answers and 350-701 dumps we offer are as genuine as studying the actual exam content.
24/7 Friendly Approach:
You can reach out to our agents at any time for guidance; we are available 24/7. Our agent will provide you information you need; you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your 350-701 exam with extraordinary marks.
Quality Exam Dumps for Cisco 350-701:
Pass4surexams provide trusted study material. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our experts work tirelessly for our customers, ensuring a seamless journey to passing the Cisco 350-701 exam on the first attempt. We have already helped a lot of students to ace IT certification exams with our genuine 350-701 Exam Question Answers. Don't wait and join us today to collect your favorite certification exam study material and get your dream job quickly.
90 Days Free Updates for Cisco 350-701 Exam Question Answers and Dumps:
Enroll with confidence at Pass4surexams, and not only will you access our comprehensive Cisco 350-701 exam question answers and dumps, but you will also benefit from a remarkable offer – 90 days of free updates. In the dynamic landscape of certification exams, our commitment to your success doesn't waver. If there are any changes or updates to the Cisco 350-701 exam content during the 90-day period, rest assured that our team will promptly notify you and provide the latest study materials, ensuring you are thoroughly prepared for success in your exam."
Cisco 350-701 Real Exam Questions:
Quality is the heart of our service that's why we offer our students real exam questions with 100% passing assurance in the first attempt. Our 350-701 dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.
Cisco 350-701 Sample Questions
Question # 1
What is the difference between EPP and EDR?
A. EPP focuses primarily on threats that have evaded front-line defenses that entered theenvironment. B. Having an EPP solution allows an engineer to detect, investigate, and remediatemodern threats. C. EDR focuses solely on prevention at the perimeter. D. Having an EDR solution gives an engineer the capability to flag offending files at the firstsign of malicious behavior.
Answer: D Explanation: EPP and EDR are two types of endpoint security solutions that have differentgoals and capabilities. EPP stands for endpoint protection platform, which is a suite oftechnologies that work together to prevent, detect, and remediate security threats onendpoints. EPP solutions use techniques such as antivirus, firewall, application control, andpatch management to block known and unknown malware and malicious activity. EDRstands for endpoint detection and response, which is a solution that provides real-timevisibility into endpoint activities and enables security teams to detect, investigate, andrespond to advanced threats that may have bypassed EPP defenses. EDR solutions usetechniques such as behavioral analysis, threat intelligence, and incident response to flagoffending files at the first sign of malicious behavior, contain and isolate compromisedendpoints, and remediate the damage caused by the attack. Therefore, the correct answeris D, as having an EDR solution gives an engineer the capability to flag offending files atthe first sign of malicious behavior. The other options are incorrect because: A is false, as EPP focuses primarily on threats that have evaded front-linedefenses that entered the environment, not EDR.B is false, as having an EPP solution allows an engineer to detect, investigate, andremediate modern threats, not EDR.C is false, as EDR focuses on detection and response at the endpoint level, notprevention at the perimeter. References:EPP vs. EDR: Why You Need Both - CrowdStrike
Question # 2
Cisco Umbrella is a cloud-delivered network security service that provides DNSlayer security, secure web gateway, cloud-delivered firewall, cloud access securitybroker, and threat intelligence3. It does not offer data security features such asDLP, data inspection, and data blocking4.Cisco AppDynamics Cloud Monitoring is a cloud-native application performancemanagement solution that helps you monitor, troubleshoot, and optimize yourcloud applications. It does not offer user security, data security, or app securityfeatures as a CASB solution.Cisco Stealthwatch is a network traffic analysis solution that provides visibility andthreat detection across your network, endpoints, and cloud. It does not offer datasecurity features such as DLP, data inspection, and data blocking.References: 3: Cisco Umbrella Packages - Cisco Umbrella 1: Cisco Cloudlock - Cisco 2:Cisco Cloudlock Cisco Cloudlock: Secure Cloud Data 4: Easy to Deploy & Simple toManage CASB Solution - Cisco Umbrella : Cisco AppDynamics Cloud Monitoring : CiscoStealthwatch - Cisco
A. signature-based endpoint protection on company endpoints B. macro-based protection to keep connected endpoints safe C. continuous monitoring of all files that are located on connected endpoints D. email integration to protect endpoints from malicious content that is located in email E. real-time feeds from global threat intelligence centers
Answer: C,E Explanation: A next-generation endpoint security solution is a modern approach ofcombining user and system behavior analytics with AI and machine learning to provideendpoint security12. These solutions are specifically designed to detect unknown malwareand zero-day threats, which other non-next-generation solutions might fail to detect3. Twokey deliverables that help justify the implementation of a next-generation endpoint securitysolution are: Continuous monitoring of all files that are located on connected endpoints. Thisfeature allows the solution to scan and analyze all files on the endpoints,regardless of their origin or type, and identify any malicious or suspiciousbehavior. This helps to prevent malware from infecting the endpoints or spreadingto other devices on the network4.
Question # 3
An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, CiscoStealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers aswell as protection against data exfiltration Which solution best meets these requirements?
A. Cisco CloudLock B. Cisco AppDynamics Cloud Monitoring C. Cisco Umbrella D. Cisco Stealthwatch
Answer: A Explanation: Cisco CloudLock is a cloud-native cloud access security broker (CASB) that helps youmove to the cloud safely. It protects your cloud users, data, and apps. CloudLock’s simple,open, and automated approach uses APIs to manage the risks in your cloud appecosystem. With CloudLock you can more easily combat data breaches while meetingcompliance regulations1. Cisco CloudLock provides the following features that meet the requirements of visibility intodata transfers as well as protection against data exfiltration: User security: Cloudlock uses advanced machine learning algorithms to detectanomalies based on multiple factors. It also identifies activities outside allowedcountries and spots actions that seem to take place at impossible speeds acrossdistances1.Data security: Cloudlock’s data loss prevention (DLP) technology continuouslymonitors cloud environments to detect and secure sensitive information. Itprovides countless out-of-the-box policies as well as highly tunable custompolicies. It also supports inline and out-of-band data inspection and blockingcapabilities to protect sensitive data12.App security: The Cloudlock Apps Firewall discovers and controls cloud appsconnected to your corporate environment. You can see a crowd-sourcedCommunity Trust Rating for individual apps, and you can ban or allowlist thembased on risk1.The other solutions do not provide the same level of visibility and protection as CiscoCloudLock: Cisco Umbrella is a cloud-delivered network security service that provides DNSlayer security, secure web gateway, cloud-delivered firewall, cloud access securitybroker, and threat intelligence3. It does not offer data security features such asDLP, data inspection, and data blocking4.Cisco AppDynamics Cloud Monitoring is a cloud-native application performancemanagement solution that helps you monitor, troubleshoot, and optimize yourcloud applications. It does not offer user security, data security, or app securityfeatures as a CASB solution.Cisco Stealthwatch is a network traffic analysis solution that provides visibility andthreat detection across your network, endpoints, and cloud. It does not offer datasecurity features such as DLP, data inspection, and data blocking.References: 3: Cisco Umbrella Packages - Cisco Umbrella 1: Cisco Cloudlock - Cisco 2:Cisco Cloudlock Cisco Cloudlock: Secure Cloud Data 4: Easy to Deploy & Simple toManage CASB Solution - Cisco Umbrella : Cisco AppDynamics Cloud Monitoring : CiscoStealthwatch - Cisco
Question # 4
An engineer needs to detect and quarantine a file named abc424400664 zip based on theMD5 signature of the file using the Outbreak Control list feature within Cisco AdvancedMalware Protection (AMP) for Endpoints The configured detection method must work onfiles of unknown disposition Which Outbreak Control list must be configured to providethis?
A. Blocked Application B. Simple Custom Detection C. Advanced Custom Detection D. Android Custom Detection
Answer: B Explanation: Simple Custom Detection is a feature of Cisco AMP for Endpoints that allowsadministrators to block specific files based on their SHA-256 or MD5 hashes. This feature can be used to detect and quarantine files of unknown disposition, such asabc424400664.zip, by adding their hashes to a custom list in the AMP portal. The list canthen be applied to a policy that is assigned to the endpoints. Simple Custom Detectionworks on files of any type, size, or platform, unlike the other options that are eitherplatform-specific (Android Custom Detection), size-limited (Blocked Application), orsignature-based (Advanced Custom Detection). References: 1, 2, 3
Question # 5
Which Cisco network security device supports contextual awareness?
A. Firepower B. CISCO ASA C. Cisco IOS D. ISE
Answer: A Explanation: Contextual awareness is the ability to collect and analyze information about the networkenvironment, such as users, devices, applications, threats, and vulnerabilities, and use it toenhance security policies and actions. Cisco Firepower is a network security device thatsupports contextual awareness by providing real-time visibility into network traffic andactivity, security intelligence from Cisco Talos and other sources, and advanced threatprotection with Cisco AMP and sandboxing. Cisco Firepower can also leverage CiscopxGrid to share contextual data with other security solutions, such as SIEM and TDplatforms, to enable faster and more accurate threat detection andresponse123 References := 1: Cisco Firepower NGIPS Data Sheet - Cisco 2: Cisco IdentityServices Engine with Integrated Security Information and Event Management and ThreatDefense Platforms At-a-Glance - Cisco 3: A Visibility-Driven Approach to Next-GenerationFirewalls
Question # 6
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. Thedefault managementport conflicts with other communications on the network and must be changed. What mustbe done to ensurethat all devices can communicate together?
A. Manually change the management port on Cisco FMC and all managed Cisco FTD
devices B. Set the tunnel to go through the Cisco FTD C. Change the management port on Cisco FMC so that it pushes the change to allmanaged Cisco FTD devices D. Set the tunnel port to 8305
Answer: A Explanation: The FMC and managed devices communicate using a two-way, SSL encrypted communication channel, which by default is on port 8305.Cisco stronglyrecommends that you keep the default settings for the remote management port, but ifthemanagement port conflicts with other communications on your network, you can choosea different port. If you change the management port, you must change it for all devices inyour deployment that need to communicate with each other. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmtnw/fmc-ftd-mgmtnw.html
Question # 7
Which configuration method provides the options to prevent physical and virtual endpoint
devices that are in the same base EPG or uSeg from being able to communicate with each
other with Vmware VDS or Microsoft vSwitch?
A. inter-EPG isolation B. inter-VLAN security C. intra-EPG isolation D. placement in separate EPGs
Answer: C Explanation: Intra-EPG Isolation is an option to prevent physical or virtual endpoint devices that are in the same base EPG or microsegmented (uSeg) EPG fromcommunicating with each other. By default, endpoint devices included in the same EPG areallowed to communicate with one another.
Question # 8
Which role is a default guest type in Cisco ISE?
A. Monthly B. Yearly C. Contractor D. Full-Time
Answer: C,D Explanation: To add switches into the fabric, administrators can use PowerOn Auto Provisioning(POAP) or Seed IP methods. POAP is a feature that automates the process of upgradingsoftware images and installing configuration files on Cisco switches that are beingdeployed in the network for the first time. Seed IP is a method that allows administrators tospecify the IP address of a switch that is already part of the fabric, and then use it todiscover and add other switches that are connected to it. Both methods enableadministrators to control how switches are added into DCNM for private cloudmanagement. References: POAP, section “PowerOn Auto Provisioning (POAP)”.Seed IP, section “Add Switches”.https://www.cisco.com/c/en/us/td/docs/security/ise/1-4-1/admin_guide/b_ise_admin_guide_141/b_ise_admin_guide_141_chapter_01110.htm
Question # 9
An engineer is implementing DHCP security mechanisms and needs the ability to addadditional attributes to profiles that are created within Cisco ISE Which action accomplishesthis task?
A. Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannotget an IP address B. Use DHCP option 82 to ensure that the request is from a legitimate endpoint and sendthe information to Cisco ISE C. Modify the DHCP relay and point the IP address to Cisco ISE. D. Configure DHCP snooping on the switch VLANs and trust the necessary interfaces
Answer: B Explanation: DHCP option 82 is a feature that allows the network access device (NAD) toinsert additional information into the DHCP request packet from the endpoint. Thisinformation can include the switch ID, port number, VLAN ID, and other attributes that canhelp Cisco ISE to identify and profile the endpoint. Cisco ISE can use DHCP option 82 toassign the endpoint to the appropriate identity group, policy, and authorization profile.DHCP option 82 is also useful to prevent rogue DHCP servers from assigning IP addressesto endpoints, as Cisco ISE can verify the legitimacy of the DHCP request based on theoption 82 data. To use DHCP option 82, the NAD must be configured to enable this featureand send the option 82 data to Cisco ISE. Cisco ISE must also be configured to accept andparse the option 82 data from the NAD. For more details on how to configure DHCP option82 on Cisco ISE and NAD, see the references below. References: Configuring the DHCP ProbeSecuring Your Network From DHCP RisksCan we use ISE as DHCP/DNS server to prevent guest traffic using …
Question # 10
Which threat intelligence standard contains malware hashes?
A. advanced persistent threat B. open command and control C. structured threat information expression D. trusted automated exchange of indicator information
Answer: D Explanation: The threat intelligence standard that contains malware hashes is trusted automatedexchange of indicator information (TAXII). TAXII is a protocol that enables the exchange ofcyber threat information in a standardized and automated manner. It supports various typesof threat intelligence, such as indicators of compromise (IOCs), observables, incidents,tactics, techniques, and procedures (TTPs), and campaigns. Malware hashes are oneexample of IOCs that can be shared using TAXII. Malware hashes are cryptographicsignatures that uniquely identify malicious files or programs. They can be used to detectand block malware infections on endpoints or networks. TAXII uses STIX (structured threatinformation expression) as the data format for representing threat intelligence. STIX is alanguage that defines a common vocabulary and structure for describing cyber threatinformation. STIX allows threat intelligence producers and consumers to share informationin a consistent and interoperable way. STIX defines various objects and properties that canbe used to represent different aspects of cyber threat information, such as indicators,observables, incidents, TTPs, campaigns, threat actors, courses of action, andrelationships. Malware hashes can be expressed as observables in STIX, which areconcrete items or events that are observable in the operational domain. Observables canhave various types, such as file, process, registry key, URL, IP address, domain name, etc.Each observable type has a set of attributes that describe its properties. For example, a fileobservable can have attributes such as name, size, type, hashes, magic number, etc. Ahash attribute can have a type (such as MD5, SHA1, SHA256, etc.) and a value (such asthe hexadecimal representation of the hash). A file observable can have one or more hashattributes to represent different hashing algorithms applied to the same file. For example, afile observable can have both MD5 and SHA256 hashes to increase the confidence andaccuracy of identifying the file The other options are incorrect because they are not threat intelligence standards thatcontain malware hashes. Option A is incorrect because advanced persistent threat (APT) isnot a standard, but a term that describes a stealthy and sophisticated cyberattack that aimsto compromise and maintain access to a target network or system over a long period oftime. Option B is incorrect because open command and control (OpenC2) is not a standardthat contains malware hashes, but a language that enables the command and control ofcyber defense components, such as sensors, actuators, and orchestrators. Option C isincorrect because structured threat information expression (STIX) is not a standard thatcontains malware hashes, but a data format that represents threat intelligence. STIX usesTAXII as the transport protocol for exchanging threat intelligence, including malwarehashes. References: TAXIISTIXMalware Hashes
Question # 11
What are two functions of IKEv1 but not IKEv2? (Choose two)
A. NAT-T is supported in IKEv1 but rot in IKEv2. B. With IKEv1, when using aggressive mode, the initiator and responder identities arepassed cleartext C. With IKEv1, mode negotiates faster than main mode D. IKEv1 uses EAP authentication E. IKEv1 conversations are initiated by the IKE_SA_INIT message
Answer: B,C Explanation: IKEv1 has two modes of operation: main mode and aggressive mode. Mainmode uses six messages to establish the IKE SA, while aggressive mode uses only threemessages. Therefore, aggressive mode is faster than main mode, but less secure, as itexposes the identities of the peers in cleartext. This makes it vulnerable to man-in-themiddle attacks. IKEv2 does not have these modes, but uses a single four-messageexchange to establish the IKE SA. IKEv2 also encrypts the identities of the peers, making itmore secure than IKEv1 aggressive mode. IKEv1 uses EAP authentication only for remote access VPNs, not for site-to-site VPNs.IKEv2 supports EAP authentication for both types of VPNs. EAP authentication allows theuse of various authentication methods, such as certificates, tokens, or passwords. IKEv1 conversations are initiated by the ISAKMP header, which contains the securityparameters and the message type. IKEv2 conversations are initiated by the IKE_SA_INITmessage, which contains the security parameters, the message type, and the message ID.The message ID is used to identify and order the messages in the IKEv2 exchange. NAT-T is supported by both IKEv1 and IKEv2. NAT-T stands for Network AddressTranslation-Traversal, and it is a mechanism that allows IKE and IPsec traffic to passthrough a NAT device. NAT-T detects the presence of NAT and encapsulates the IKE andIPsec packets in UDP headers, so that they can be translated by the NATdevice. References: IKEv1 vs IKEv2 – What is the Difference?
Question # 12
A network administrator is setting up Cisco FMC to send logs to Cisco Security Analyticsand Logging (SaaS). The network administrator is anticipating a high volume of loggingevents from the firewalls and wants lo limit the strain on firewall resources. Which methodmust the administrator use to send these logs to Cisco Security Analytics and Logging?
A. SFTP using the FMCCLI B. syslog using the Secure Event Connector C. direct connection using SNMP traps D. HTTP POST using the Security Analytics FMC plugin
Answer: B Explanation: The Secure Event Connector is a component of the Security Analytics andLogging (SaaS) solution that enables the FMC to send logs to the cloud-based service. TheSecure Event Connector uses syslog to forward events from the FMC and the manageddevices to the cloud. This method reduces the load on the firewall resources, as the eventsare sent in batches and compressed before transmission. The Secure Event Connectoralso provides encryption, authentication, and reliability for the log data. The other methodsare not supported by the Security Analytics and Logging (SaaS)solution12 References := 1: Cisco Security Analytics and Logging (On Premises)
Question # 13
Which open standard creates a framework for sharing threat intelligence in a machine digestible format?
A. OpenC2 B. OpenlOC C. CybOX D. STIX
Answer: D Explanation: The open standard that creates a framework for sharing threat intelligence ina machine-digestible format is STIX (Structured Threat Information Expression). STIX is a language and serialization format that enables the exchange of cyber threat informationacross organizations, tools, and platforms. STIX defines a common vocabulary and datamodel for representing various types of threat intelligence, such as indicators, observables,incidents, campaigns, threat actors, courses of action, and more. STIX also supports theexpression of context, relationships, confidence, and handling of the threat information.STIX aims to improve the speed, accuracy, and efficiency of threat detection, analysis, andresponse. STIX is often used in conjunction with TAXII (Trusted Automated Exchange of IndicatorInformation), which is a protocol and transport mechanism that enables the secure andautomated communication of STIX data. TAXII defines how to request, send, receive, andstore STIX data using standard methods and formats, such as HTTPS, JSON, and XML.TAXII supports various exchange models, such as hub-and-spoke, peer-to-peer, orsubscription-based. TAXII enables the interoperability and scalability of threat intelligencesharing among different systems and organizations. References: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0,Module 1: Malware Threats, Lesson 3: Identifying Advanced Threats, Topic:Threat Intelligence SharingWhat is STIX/TAXII? | CloudflareSTIX 2.1 Specification Documents
Question # 14
Which two actions does the Cisco identity Services Engine posture module provide thatensures endpoint security?(Choose two.)
A. The latest antivirus updates are applied before access is allowed. B. Assignments to endpoint groups are made dynamically, based on endpoint attributes. C. Patch management remediation is performed. D. A centralized management solution is deployed. E. Endpoint supplicant configuration is deployed.
Answer: A,C Explanation: The Cisco Identity Services Engine (ISE) posture module provides a service that allowsyou to check the compliance of endpoints with corporate security policies. This serviceconsists of three main components: client provisioning, posture policy, and authorizationpolicy. Client provisioning ensures that the endpoints receive the appropriate postureagent, such as the AnyConnect ISE Posture Agent or the Network Admission Control(NAC) Agent. Posture policy defines the conditions and requirements that the endpointsmust meet to be considered compliant, such as having the latest antivirus updates orpatches installed. Authorization policy determines the level of network access granted tothe endpoints based on their posture assessment results, such as allowing full access,limited access, or quarantine. The two actions that the Cisco ISE posture module provides that ensure endpoint securityare: The latest antivirus updates are applied before access is allowed. This actionprevents malware infections and protects the network from potential threats. Theposture policy can include predefined or custom conditions that check the antivirusstatus of the endpoints, such as the product name, version, definition date, andscan result. If the endpoint does not meet the antivirus requirement, the postureagent can trigger a remediation action, such as launching the antivirus update orscan, before allowing network access.Patch management remediation is performed. This action ensures that theendpoints have the latest security patches installed and are not vulnerable toknown exploits. The posture policy can include predefined or custom conditionsthat check the patch status of the endpoints, such as the operating system, servicepack, hotfix, or update. If the endpoint does not meet the patch requirement, theposture agent can trigger a remediation action, such as redirecting the endpoint toa patch management server or launching the patch installation, before allowingnetwork access.References := Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure ClientPosture PoliciesConfiguring posture services with the Cisco Identity Services EngineCisco Identity Services Engine Administrator Guide, Release 2.0 - Posture Policy
Question # 15
How does the Cisco WSA enforce bandwidth restrictions for web applications?
A. It implements a policy route to redirect application traffic to a lower-bandwidth link. B. It dynamically creates a scavenger class QoS policy and applies it to each client thatconnects through the WSA. C. It sends commands to the uplink router to apply traffic policing to the application traffic. D. It simulates a slower link by introducing latency into application traffic.
Answer: D Explanation: The Cisco WSA can enforce bandwidth restrictions for web applications by using theApplication Visibility and Control (AVC) engine. The AVC engine allows the WSA to identifyand control application activity on the network, and to apply bandwidth limits to certainapplication types or individual applications. The WSA dynamically creates a scavengerclass QoS policy and applies it to each client that connects through the WSA. Thescavenger class QoS policy assigns a low priority to the application traffic and limits thebandwidth usage based on the configured settings. This way, the WSA can preventcongestion and ensure fair allocation of bandwidth among different applications andusers. References: User Guide for AsyncOS 11.8 for Cisco Web Security Appliances - GD (GeneralDeployment) - Managing Access to Web ApplicationsWSA - limit bandwidth - Cisco Community
Question # 16
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Whichconfiguration component must be used to accomplish this goal?
A. MDA on the router B. PBR on Cisco WSA C. WCCP on switch D. DNS resolution on Cisco WSA
Answer: C Explanation: To deploy Cisco WSA in transparent mode, the configuration component thatmust be used is WCCP on switch. WCCP stands for Web Cache Communication Protocol,which is a protocol that allows a network device (such as a switch) to redirect web traffic toa proxy server (such as Cisco WSA) transparently. This means that the client does notneed to configure any proxy settings on the browser, and the proxy server can interceptand process the web requests and responses without the client’s knowledge. WCCP canalso provide load balancing and failover capabilities for multiple proxy servers. The other options are incorrect because they are not required or relevant for transparentmode deployment. Option A is incorrect because MDA (Multilink PPP Dial Access) is afeature that allows multiple physical links to be aggregated into a single logical link for dialup connections. It has nothing to do with transparent mode. Option B is incorrect becausePBR (Policy-Based Routing) is a feature that allows routing decisions to be based oncriteria other than the destination IP address, such as source IP address, protocol, port,etc. It is not necessary for transparent mode, as WCCP can handle the traffic redirection.Option D is incorrect because DNS resolution on Cisco WSA is not a configurationcomponent, but a function that allows the proxy server to resolve domain names to IPaddresses. It is not specific to transparent mode, as it is also used in explicitmode. References: What is the difference between transparent and forward proxy mode?User Guide for AsyncOS 12.7 for Cisco Web Security Appliances - LD (LimitedDeployment) - Acquire End-User CredentialsCisco WSA : Is it possible to use web proxy in transparent mode without WCCP?
Question # 17
An engineer is configuring cloud logging using a company-managed Amazon S3 bucket forCisco Umbrella logs. What benefit does this configuration provide for accessing log data?
A. It is included m the license cost for the multi-org console of Cisco Umbrella B. It can grant third-party SIEM integrations write access to the S3 bucket C. No other applications except Cisco Umbrella can write to the S3 bucket D. Data can be stored offline for 30 days
Answer: B Explanation: Using a company-managed Amazon S3 bucket for Cisco Umbrella logsallows the administrator to have full control over the access and lifecycle of the log data.This configuration can grant third-party SIEM integrations write access to the S3 bucket,which can enable more advanced analysis and correlation of the log data with othersources. This configuration also provides more flexibility in terms of how long the data canbe stored offline, as opposed to the Cisco-managed S3 bucket, which has a fixed retentionperiod of 30 days. References: Enable Logging to Your Own S3 BucketCentralized Umbrella Log Management with Amazon’s S3 service for MSP, MSSP,and Multi-org customers
Question # 18
An engineer is configuring IPsec VPN and needs an authentication protocol that is reliableand supports ACKand sequence. Which protocol accomplishes this goal?
A. AES-192 B. IKEv1 C. AES-256 D. ESP
Answer: B Explanation: IKEv1 is the authentication protocol that is reliable and supports ACK andsequence for IPsec VPN. IKEv1 is a key management protocol that is used in conjunctionwith IPsec to establish secure and authenticated connections between IPsec peers. IKEv1uses UDP port 500 and consists of two phases: phase 1 and phase 2. In phase 1, thepeers authenticate each other and negotiate a shared secret key that is used to encrypt thesubsequent messages. In phase 2, the peers negotiate the security parameters for theIPsec tunnel, such as the encryption and authentication algorithms, the lifetime, and themode (transport or tunnel). IKEv1 uses ACK and sequence numbers to ensure thereliability and integrity of the messages exchanged between the peers. ACK is anacknowledgment message that confirms the receipt of a previous message. Sequencenumber is a unique identifier that is assigned to each message to prevent replay attacksand to detect missing or out-of-order messages. IKEv1 also supports various authenticationmethods, such as pre-shared keys, digital certificates, and extended authentication(XAUTH). References : Internet Key Exchange for IPsec VPNs Configuration Guide, Security for VPNs with IPsec Configuration Guide, IPSec Architecture
Question # 19
With regard to RFC 5176 compliance, how many IETF attributes are supported by theRADIUS CoA feature?
A. 3 B. 5 C. 10 D. 12
Answer: B Explanation: The RADIUS CoA feature supports five IETF attributes as defined in RFC5176. These are: Event-Timestamp: This attribute indicates the time when the CoA request wasgenerated by the server.State: This attribute contains a value that is copied from the Access-Acceptmessage that authorized the session.Session-Timeout: This attribute specifies the maximum number of seconds ofservice provided to the user before termination of the session or prompt.Idle-Timeout: This attribute specifies the maximum number of consecutiveseconds of idle connection allowed to the user before termination of the session orprompt.Filter-Id: This attribute identifies the filter list to be applied to the user session.The RADIUS CoA feature also supports vendor-specific attributes (VSAs) that are definedby Cisco or other vendors. These VSAs can be used to perform additional actions such asport shutdown, port bounce, or security and password accounting. References := Some possible references are: RFC 5176: This document describes the dynamic authorization extensions toRADIUS, including the CoA request and response codes, and the supported IETFattributes.RADIUS Change of Authorization - Cisco: This document provides theconfiguration guide for the RADIUS CoA feature on Cisco IOS devices, includingthe supported IETF and Cisco VSAs.Supported IETF attributes in RFC 5176 - Ruckus Networks: This document liststhe supported IETF attributes and error clause values for the RADIUS CoA featureon Ruckus devices.
Question # 20
Which Cisco security solution gives the most complete view of the relationships andevolution of Internet domains IPs, and flies, and helps to pinpoint attackers' infrastructuresand predict future threat?
A. Cisco Secure Network Analytics B. Cisco Secure Cloud Analytics C. Cisco Umbrella Investigate D. Cisco pxGrid
Answer: C Explanation: Cisco Umbrella Investigate is a cloud-based service that provides interactivethreat intelligence on domains, IPs, and files. It helps security analysts to uncover theattacker’s infrastructure and predict future threats by analyzing the relationships andevolution of internet domains, IPs, and files. It also integrates with other Cisco securitysolutions, such as Cisco Secure Network Analytics, Cisco Secure Cloud Analytics, andCisco pxGrid, to provide a holistic view of the network and cloud security posture. CiscoUmbrella Investigate is based on the data collected by Cisco Umbrella, which processesmore than 620 billion DNS requests per day from over 190 countries. Cisco UmbrellaInvestigate uses statistical and machine learning models to automatically score and classifythe data, and provides a risk score for each domain, IP, and file, along with the contributingfactors and historical context. Cisco Umbrella Investigate also allows security analysts toquery the data using a web-based console or an API, and to visualize the results usinggraphs, tables, and maps. Cisco Umbrella Investigate is the most complete and interactivethreat intelligence solution that helps to prevent cyber attacks before theyhappen. References := Some possible references are: Cisco Umbrella InvestigateCyber Attack Prevention - Cisco UmbrellaCisco Umbrella Investigate - Cisco Umbrella
