Black Friday / Cyber Monday Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR)

Question # 4

An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA

command must be used?

A.

flow-export destination inside 1.1.1.1 2055

B.

ip flow monitor input

C.

ip flow-export destination 1.1.1.1 2055

D.

flow exporter

Full Access
Question # 5

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

A.

control

B.

malware

C.

URL filtering

D.

protect

Full Access
Question # 6

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the

ASA be added on the Cisco UC Manager platform?

A.

Certificate Trust List

B.

Endpoint Trust List

C.

Enterprise Proxy Service

D.

Secured Collaboration Proxy

Full Access
Question # 7

How many interfaces per bridge group does an ASA bridge group deployment support?

A.

up to 2

B.

up to 4

C.

up to 8

D.

up to 16

Full Access
Question # 8

Which two fields are defined in the NetFlow flow? (Choose two)

A.

type of service byte

B.

class of service bits

C.

Layer 4 protocol type

D.

destination port

E.

output logical interface

Full Access
Question # 9

Which two capabilities does TAXII support? (Choose two)

A.

Exchange

B.

Pull messaging

C.

Binding

D.

Correlation

E.

Mitigating

Full Access
Question # 10

Which IPS engine detects ARP spoofing?

A.

Atomic ARP Engine

B.

Service Generic Engine

C.

ARP Inspection Engine

D.

AIC Engine

Full Access
Question # 11

How is ICMP used an exfiltration technique?

A.

by flooding the destination host with unreachable packets

B.

by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address

C.

by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host

D.

by overwhelming a targeted host with ICMP echo-request packets

Full Access
Question # 12

An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

A.

Configure security appliances to send syslogs to Cisco Stealthwatch Cloud

B.

Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud

D.

Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud

Full Access
Question # 13

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

A.

Cisco Umbrella

B.

Cisco AMP

C.

Cisco Stealthwatch

D.

Cisco Tetration

Full Access
Question # 14

Which Cisco platform ensures that machines that connect to organizational networks have the recommended

antivirus definitions and patches to help prevent an organizational malware outbreak?

A.

Cisco WiSM

B.

Cisco ESA

C.

Cisco ISE

D.

Cisco Prime Infrastructure

Full Access
Question # 15

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.

However, the connection is failing. Which action should be taken to accomplish this goal?

A.

Disable telnet using the no ip telnet command.

B.

Enable the SSH server using the ip ssh server command.

C.

Configure the port using the ip ssh port 22 command.

D.

Generate the RSA key using the crypto key generate rsa command.

Full Access
Question # 16

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?

(Choose two)

A.

Sophos engine

B.

white list

C.

RAT

D.

outbreak filters

E.

DLP

Full Access
Question # 17

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats,

which allows the SOC to proactively automate responses to those threats?

A.

Cisco Umbrella

B.

External Threat Feeds

C.

Cisco Threat Grid

D.

Cisco Stealthwatch

Full Access
Question # 18

Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

A.

exploits

B.

ARP spoofing

C.

denial-of-service attacks

D.

malware

E.

eavesdropping

Full Access
Question # 19

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current

encryption technology?

A.

3DES

B.

RSA

C.

DES

D.

AES

Full Access
Question # 20

Which component of Cisco umbrella architecture increases reliability of the service?

A.

Anycast IP

B.

AMP Threat grid

C.

Cisco Talos

D.

BGP route reflector

Full Access
Question # 21

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)

A.

virtualization

B.

middleware

C.

operating systems

D.

applications

E.

data

Full Access
Question # 22

What is the purpose of the certificate signing request when adding a new certificate for a server?

A.

It is the password for the certificate that is needed to install it with.

B.

It provides the server information so a certificate can be created and signed

C.

It provides the certificate client information so the server can authenticate against it when installing

D.

It is the certificate that will be loaded onto the server

Full Access
Question # 23

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites

but other sites are not accessible due to an error. Why is the error occurring?

A.

Client computers do not have the Cisco Umbrella Root CA certificate installed.

B.

IP-Layer Enforcement is not configured.

C.

Client computers do not have an SSL certificate deployed from an internal CA server.

D.

Intelligent proxy and SSL decryption is disabled in the policy

Full Access
Question # 24

With which components does a southbound API within a software-defined network architecture communicate?

A.

controllers within the network

B.

applications

C.

appliances

D.

devices such as routers and switches

Full Access
Question # 25

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)

A.

It allows multiple security products to share information and work together to enhance security posture in the network.

B.

It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints.

C.

It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint.

D.

It integrates with third-party products to provide better visibility throughout the network.

E.

It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

Full Access
Question # 26

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Full Access
Question # 27

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Full Access
Question # 28

Drag and drop the solutions from the left onto the solution's benefits on the right.

Full Access
Question # 29

What features does Cisco FTDv provide over ASAv?

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Full Access
Question # 30

What is provided by the Secure Hash Algorithm in a VPN?

A.

integrity

B.

key exchange

C.

encryption

D.

authentication

Full Access
Question # 31

What is the purpose of the My Devices Portal in a Cisco ISE environment?

A.

to register new laptops and mobile devices

B.

to request a newly provisioned mobile device

C.

to provision userless and agentless systems

D.

to manage and deploy antivirus definitions and patches on systems owned by the end user

Full Access
Question # 32

Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?

A.

IKEv1

B.

AH

C.

ESP

D.

IKEv2

Full Access
Question # 33

Refer to the exhibit.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to

utilize an external token authentication mechanism in conjunction with AAA authentication using machine

certificates. Which configuration item must be modified to allow this?

A.

Group Policy

B.

Method

C.

SAML Server

D.

DHCP Servers

Full Access
Question # 34

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Full Access
Question # 35

Which security solution uses NetFlow to provide visibility across the network, data center, branch

offices, and cloud?

A.

Cisco CTA

B.

Cisco Stealthwatch

C.

Cisco Encrypted Traffic Analytics

D.

Cisco Umbrella

Full Access
Question # 36

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.

The chosen firewalls must provide methods of blocking traffic that include offering the user the option

to bypass the block for certain sites after displaying a warning page and to reset the connection. Which

solution should the organization choose?

A.

Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not

B.

Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via

the GUI, whereas Cisco FTD does not.

C.

Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco

ASA does not

D.

Cisco ASA because it has an additional module that can be installed to provide multiple blocking

capabilities, whereas Cisco FTD does not.

Full Access
Question # 37

What is the difference between Cross-site Scripting and SQL Injection, attacks?

A.

Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

B.

Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social

engineering attack.

C.

Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a

database is manipulated.

D.

Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

Full Access
Question # 38

Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

Full Access
Question # 39

What is a benefit of performing device compliance?

A.

Verification of the latest OS patches

B.

Device classification and authorization

C.

Providing multi-factor authentication

D.

Providing attribute-driven policies

Full Access
Question # 40

Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Full Access
Question # 41

What is a key difference between Cisco Firepower and Cisco ASA?

A.

Cisco ASA provides access control while Cisco Firepower does not.

B.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Full Access
Question # 42

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 43

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen

on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose

two)

A.

permit

B.

trust

C.

reset

D.

allow

E.

monitor

Full Access
Question # 44

A user has a device in the network that is receiving too many connection requests from multiple machines.

Which type of attack is the device undergoing?

A.

phishing

B.

slowloris

C.

pharming

D.

SYN flood

Full Access
Question # 45

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A.

Place the Cisco ISE server and the AD server in the same subnet

B.

Configure a common administrator account

C.

Configure a common DNS server

D.

Synchronize the clocks of the Cisco ISE server and the AD server

Full Access
Question # 46

Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?

A.

Integration

B.

Intent

C.

Event

D.

Multivendor

Full Access
Question # 47

Which MDM configuration provides scalability?

A.

pushing WPA2-Enterprise settings automatically to devices

B.

enabling use of device features such as camera use

C.

BYOD support without extra appliance or licenses

D.

automatic device classification with level 7 fingerprinting

Full Access
Question # 48

Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other

interoperable security platforms?

A.

IEEE

B.

IETF

C.

NIST

D.

ANSI

Full Access
Question # 49

An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?

A.

Cisco Stealthwatch Cloud

B.

Cisco Umbrella

C.

NetFlow collectors

D.

Cisco Cloudlock

Full Access
Question # 50

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 51

An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?

A.

Configure the default policy to redirect the requests to the correct policy

B.

Place the policy with the most-specific configuration last in the policy order

C.

Configure only the policy with the most recently changed timestamp

D.

Make the correct policy first in the policy order

Full Access
Question # 52

Drag and drop the descriptions from the left onto the encryption algorithms on the right.

Full Access
Question # 53

A network engineer must migrate a Cisco WSA virtual appliance from one physical host to another physical host by using VMware vMotion. What is a requirement for both physical hosts?

A.

The hosts must run Cisco AsyncOS 10.0 or greater.

B.

The hosts must run different versions of Cisco AsyncOS.

C.

The hosts must have access to the same defined network.

D.

The hosts must use a different datastore than the virtual appliance.

Full Access
Question # 54

Drag and drop the posture assessment flow actions from the left into a sequence on the right.

Full Access
Question # 55

Refer to the exhibit.

Which statement about the authentication protocol used in the configuration is true?

A.

The authentication request contains only a password

B.

The authentication request contains only a username

C.

The authentication and authorization requests are grouped in a single packet

D.

There are separate authentication and authorization request packets

Full Access
Question # 56

Which benefit does endpoint security provide the overall security posture of an organization?

A.

It streamlines the incident response process to automatically perform digital forensics on the endpoint.

B.

It allows the organization to mitigate web-based attacks as long as the user is active in the domain.

C.

It allows the organization to detect and respond to threats at the edge of the network.

D.

It allows the organization to detect and mitigate threats that the perimeter security devices do not detect.

Full Access
Question # 57

How is DNS tunneling used to exfiltrate data out of a corporate network?

A.

It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.

B.

It encodes the payload with random characters that are broken into short strings and the DNS server

rebuilds the exfiltrated data.

C.

It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage

and theft on the network.

D.

It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.

Full Access
Question # 58

Which VPN technology can support a multivendor environment and secure traffic between sites?

A.

SSL VPN

B.

GET VPN

C.

FlexVPN

D.

DMVPN

Full Access
Question # 59

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

A.

PaaS

B.

XaaS

C.

IaaS

D.

SaaS

Full Access
Question # 60

Which technology must be used to implement secure VPN connectivity among company branches over a

private IP cloud with any-to-any scalable connectivity?

A.

DMVPN

B.

FlexVPN

C.

IPsec DVTI

D.

GET VPN

Full Access
Question # 61

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

A.

RSA SecureID

B.

Internal Database

C.

Active Directory

D.

LDAP

Full Access
Question # 62

What is the primary benefit of deploying an ESA in hybrid mode?

A.

You can fine-tune its settings to provide the optimum balance between security and performance for your environment

B.

It provides the lowest total cost of ownership by reducing the need for physical appliances

C.

It provides maximum protection and control of outbound messages

D.

It provides email security while supporting the transition to the cloud

Full Access
Question # 63

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

A.

Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS

B.

Cisco FTDv with one management interface and two traffic interfaces configured

C.

Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises

D.

Cisco FTDv with two management interfaces and one traffic interface configured

E.

Cisco FTDv configured in routed mode and IPv6 configured

Full Access
Question # 64

An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the

endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?

A.

Port Bounce

B.

CoA Terminate

C.

CoA Reauth

D.

CoA Session Query

Full Access
Question # 65

What is a characteristic of traffic storm control behavior?

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within

the interval.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is

unicast or broadcast.

Full Access
Question # 66

Which two descriptions of AES encryption are true? (Choose two)

A.

AES is less secure than 3DES.

B.

AES is more secure than 3DES.

C.

AES can use a 168-bit key for encryption.

D.

AES can use a 256-bit key for encryption.

E.

AES encrypts and decrypts a key three times in sequence.

Full Access
Question # 67

A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?

A.

Transparent mode

B.

Forward file

C.

PAC file

D.

Bridge mode

Full Access
Question # 68

An engineer needs to configure an access control policy rule to always send traffic for inspection without

using the default action. Which action should be configured for this rule?

A.

monitor

B.

allow

C.

block

D.

trust

Full Access
Question # 69

What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

A.

Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not

B.

Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.

C.

URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA

D.

Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Full Access
Question # 70

Which benefit does DMVPN provide over GETVPN?

A.

DMVPN supports QoS, multicast, and routing, and GETVPN supports only QoS.

B.

DMVPN is a tunnel-less VPN, and GETVPN is tunnel-based.

C.

DMVPN supports non-IP protocols, and GETVPN supports only IP protocols.

D.

DMVPN can be used over the public Internet, and GETVPN requires a private network.

Full Access
Question # 71

Refer to the exhibit.

Which configuration item makes it possible to have the AAA session on the network?

A.

aaa authentication login console ise

B.

aaa authentication enable default enable

C.

aaa authorization network default group ise

D.

aaa authorization exec default ise

Full Access
Question # 72

Why should organizations migrate to an MFA strategy for authentication?

A.

Single methods of authentication can be compromised more easily than MFA.

B.

Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.

C.

MFA methods of authentication are never compromised.

D.

MFA does not require any piece of evidence for an authentication mechanism.

Full Access
Question # 73

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1 1 11 using the flow record Stea!thwatch406397954 command Which additional command is required to complete the flow record?

A.

transport udp 2055

B.

match ipv4 ttl

C.

cache timeout active 60

D.

destination 1.1.1.1

Full Access
Question # 74

An administrator needs to configure the Cisco ASA via ASDM such that the network management system

can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration?

(Choose two.)

A.

Specify the SNMP manager and UDP port.

B.

Specify an SNMP user group

C.

Specify a community string.

D.

Add an SNMP USM entry

E.

Add an SNMP host access entry

Full Access
Question # 75

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

A.

Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.

B.

Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.

C.

Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.

D.

Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.

Full Access
Question # 76

What is the intent of a basic SYN flood attack?

A.

to solicit DNS responses

B.

to exceed the threshold limit of the connection queue

C.

to flush the register stack to re-initiate the buffers

D.

to cause the buffer to overflow

Full Access
Question # 77

What is a benefit of flexible NetFlow records?

A.

They are used for security

B.

They are used for accounting

C.

They monitor a packet from Layer 2 to Layer 5

D.

They have customized traffic identification

Full Access
Question # 78

What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

A.

It provides spoke-to-spoke communications without traversing the hub

B.

It allows different routing protocols to work over the tunnel

C.

It allows customization of access policies based on user identity

D.

It allows multiple sites to connect to the data center

E.

It enables VPN access for individual users from their machines

Full Access
Question # 79

Which posture assessment requirement provides options to the client for remediation and requires the

remediation within a certain timeframe?

A.

Audit

B.

Mandatory

C.

Optional

D.

Visibility

Full Access
Question # 80

What is the difference between a vulnerability and an exploit?

A.

A vulnerability is a hypothetical event for an attacker to exploit

B.

A vulnerability is a weakness that can be exploited by an attacker

C.

An exploit is a weakness that can cause a vulnerability in the network

D.

An exploit is a hypothetical event that causes a vulnerability in the network

Full Access
Question # 81

Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?

A.

Cisco Content Platform

B.

Cisco Container Controller

C.

Cisco Container Platform

D.

Cisco Cloud Platform

Full Access
Question # 82

A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this

requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

A.

Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud

B.

Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud

C.

Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud

D.

Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

Full Access