Summer Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1271b8m643

350-701 Exam Dumps - Implementing and Operating Cisco Security Core Technologies (SCOR)

Question # 4

What are two Trojan malware attacks? (Choose two)

A.

Frontdoor

B.

Rootkit

C.

Smurf

D.

Backdoor

E.

Sync

Full Access
Question # 5

Which Cisco platform ensures that machines that connect to organizational networks have the recommended

antivirus definitions and patches to help prevent an organizational malware outbreak?

A.

Cisco WiSM

B.

Cisco ESA

C.

Cisco ISE

D.

Cisco Prime Infrastructure

Full Access
Question # 6

A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?

A.

1

B.

3

C.

5

D.

10

Full Access
Question # 7

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.

Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)

A.

Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre

configured interval.

B.

Use EEM to have the ports return to service automatically in less than 300 seconds.

C.

Enter the shutdown and no shutdown commands on the interfaces.

D.

Enable the snmp-server enable traps command and wait 300 seconds

E.

Ensure that interfaces are configured with the error-disable detection and recovery feature

Full Access
Question # 8

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based?

(Choose two)

A.

URLs

B.

protocol IDs

C.

IP addresses

D.

MAC addresses

E.

port numbers

Full Access
Question # 9

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a

mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

A.

TCP 6514

B.

UDP 1700

C.

TCP 49

D.

UDP 1812

Full Access
Question # 10

What is a key difference between Cisco Firepower and Cisco ASA?

A.

Cisco ASA provides access control while Cisco Firepower does not.

B.

Cisco Firepower provides identity-based access control while Cisco ASA does not.

C.

Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

D.

Cisco ASA provides SSL inspection while Cisco Firepower does not.

Full Access
Question # 11

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?

A.

to prevent theft of the endpoints

B.

because defense-in-depth stops at the network

C.

to expose the endpoint to more threats

D.

because human error or insider threats will still exist

Full Access
Question # 12

A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

A.

The policy was created to send a message to quarantine instead of drop

B.

The file has a reputation score that is above the threshold

C.

The file has a reputation score that is below the threshold

D.

The policy was created to disable file analysis

Full Access
Question # 13

Which solution is made from a collection of secure development practices and guidelines that

developers must follow to build secure applications?

A.

AFL

B.

Fuzzing Framework

C.

Radamsa

D.

OWASP

Full Access
Question # 14

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?

A.

The administrator must upload the file instead of the hash for Cisco AMP to use.

B.

The MD5 hash uploaded to the simple detection policy is in the incorrect format

C.

The APK must be uploaded for the application that the detection is intended

D.

Detections for MD5 signatures must be configured in the advanced custom detection policies

Full Access
Question # 15

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to

network resources?

A.

BYOD on boarding

B.

Simple Certificate Enrollment Protocol

C.

Client provisioning

D.

MAC authentication bypass

Full Access
Question # 16

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which

vulnerability allows the attacker to see the passwords being transmitted in clear text?

A.

weak passwords for authentication

B.

unencrypted links for traffic

C.

software bugs on applications

D.

improper file security

Full Access
Question # 17

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

A.

SDP

B.

LDAP

C.

subordinate CA

D.

SCP

E.

HTTP

Full Access
Question # 18

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A.

consumption

B.

sharing

C.

analysis

D.

authoring

Full Access
Question # 19

Which risk is created when using an Internet browser to access cloud-based service?

A.

misconfiguration of infrastructure, which allows unauthorized access

B.

B. intermittent connection to the cloud connectors

C.

vulnerabilities within protocol

D.

insecure implementation of API

Full Access
Question # 20

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

A.

Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.

B.

Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE

C.

Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

D.

Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE

Full Access
Question # 21

Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect

from phishing attacks? (Choose two.)

A.

blocks malicious websites and adds them to a block list

B.

does a real-time user web browsing behavior analysis

C.

provides a defense for on-premises email deployments

D.

uses a static algorithm to determine malicious

E.

determines if the email messages are malicious

Full Access
Question # 22

What is the term for the concept of limiting communication between applications or containers on the same node?

A.

container orchestration

B.

software-defined access

C.

microservicing

D.

microsegmentation

Full Access
Question # 23

What features does Cisco FTDv provide over ASAv?

A.

Cisco FTDv runs on VMWare while ASAv does not

B.

Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not

C.

Cisco FTDv runs on AWS while ASAv does not

D.

Cisco FTDv supports URL filtering while ASAv does not

Full Access
Question # 24

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly

identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

A.

Configure incoming content filters

B.

Use Bounce Verification

C.

Configure Directory Harvest Attack Prevention

D.

Bypass LDAP access queries in the recipient access table

Full Access
Question # 25

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.

How does the switch behave in this situation?

A.

It forwards the packet after validation by using the MAC Binding Table.

B.

It drops the packet after validation by using the IP & MAC Binding Table.

C.

It forwards the packet without validation.

D.

It drops the packet without validation.

Full Access
Question # 26

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

A.

deployment

B.

consumption

C.

authoring

D.

sharing

Full Access
Question # 27

A Cisco ISE engineer configures Central Web Authentication (CWA) for wireless guest access and must have the guest endpoints redirect to the guest portal for authentication and authorization. While testing the policy, the engineer notices that the device is not redirected and instead gets full guest access. What must be done for the redirect to work?

A.

Tag the guest portal in the CWA part of the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.

B.

Use the track movement option within the authorization profile for the authorization policy line that the unauthenticated devices hit.

C.

Create an advanced attribute setting of Cisco:cisco-gateway-id=guest within the authorization profile for the authorization policy line that the unauthenticated devices hit.

D.

Add the DACL name for the Airespace ACL configured on the WLC in the Common Tasks section of the authorization profile for the authorization policy line that the unauthenticated devices hit.

Full Access
Question # 28

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

A.

REST uses methods such as GET, PUT, POST, and DELETE.

B.

REST codes can be compiled with any programming language.

C.

REST is a Linux platform-based architecture.

D.

The POST action replaces existing data at the URL path.

E.

REST uses HTTP to send a request to a web service.

Full Access
Question # 29

Refer to the exhibit.

The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?

A.

P2 and P3 only

B.

P5, P6, and P7 only

C.

P1, P2, P3, and P4 only

D.

P2, P3, and P6 only

Full Access
Question # 30

What is the recommendation in a zero-trust model before granting access to corporate applications and

resources?

A.

to use multifactor authentication

B.

to use strong passwords

C.

to use a wired network, not wireless

D.

to disconnect from the network when inactive

Full Access
Question # 31

Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?

A.

supports VMware vMotion on VMware ESXi

B.

requires an additional license

C.

performs transparent redirection

D.

supports SSL decryption

Full Access
Question # 32

What are two advantages of using Cisco Any connect over DMVPN? (Choose two)

A.

It provides spoke-to-spoke communications without traversing the hub

B.

It allows different routing protocols to work over the tunnel

C.

It allows customization of access policies based on user identity

D.

It allows multiple sites to connect to the data center

E.

It enables VPN access for individual users from their machines

Full Access
Question # 33

Which Talos reputation center allows for tracking the reputation of IP addresses for email and web traffic?

A.

IP and Domain Reputation Center

B.

File Reputation Center

C.

IP Slock List Center

D.

AMP Reputation Center

Full Access
Question # 34

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized

solution. The organization does not have a local VM but does have existing Cisco ASAs that must migrate over

to Cisco FTDs. Which solution meets the needs of the organization?

A.

Cisco FMC

B.

CSM

C.

Cisco FDM

D.

CDO

Full Access
Question # 35

Drag and drop the exploits from the left onto the type of security vulnerability on the right.

Full Access
Question # 36

Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?

A.

Cisco Identity Services Engine

B.

Cisco Enterprise Security Appliance

C.

Cisco Web Security Appliance

D.

Cisco Advanced Stealthwatch Appliance

Full Access
Question # 37

What is a difference between a DoS attack and a DDoS attack?

A.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

B.

A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

C.

A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

D.

A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

Full Access
Question # 38

How does the Cisco WSA enforce bandwidth restrictions for web applications?

A.

It implements a policy route to redirect application traffic to a lower-bandwidth link.

B.

It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA.

C.

It sends commands to the uplink router to apply traffic policing to the application traffic.

D.

It simulates a slower link by introducing latency into application traffic.

Full Access
Question # 39

What is a difference between GETVPN and IPsec?

A.

GETVPN reduces latency and provides encryption over MPLS without the use of a central hub

B.

GETVPN provides key management and security association management

C.

GETVPN is based on IKEv2 and does not support IKEv1

D.

GETVPN is used to build a VPN network with multiple sites without having to statically configure all devices

Full Access
Question # 40

What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest

access, and the same guest portal is used as the BYOD portal?

A.

single-SSID BYOD

B.

multichannel GUI

C.

dual-SSID BYOD

D.

streamlined access

Full Access
Question # 41

What is the most common type of data exfiltration that organizations currently experience?

A.

HTTPS file upload site

B.

Microsoft Windows network shares

C.

SQL database injections

D.

encrypted SMTP

Full Access
Question # 42

How is data sent out to the attacker during a DNS tunneling attack?

A.

as part of the UDP/53 packet payload

B.

as part of the domain name

C.

as part of the TCP/53 packet header

D.

as part of the DNS response packet

Full Access
Question # 43

What are two security benefits of an MDM deployment? (Choose two.)

A.

robust security policy enforcement

B.

privacy control checks

C.

on-device content management

D.

distributed software upgrade

E.

distributed dashboard

Full Access
Question # 44

An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?

A.

Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP

address

B.

Use the tenant control features to identify each subnet being used and track the connections within the

Cisco Umbrella dashboard

C.

Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard

D.

Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

Full Access
Question # 45

An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK

and sequence. Which protocol accomplishes this goal?

A.

AES-192

B.

IKEv1

C.

AES-256

D.

ESP

Full Access
Question # 46

What is a benefit of using GET VPN over FlexVPN within a VPN deployment?

A.

GET VPN supports Remote Access VPNs

B.

GET VPN natively supports MPLS and private IP networks

C.

GET VPN uses multiple security associations for connections

D.

GET VPN interoperates with non-Cisco devices

Full Access
Question # 47

Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the

IPsec configuration is copied automatically

B.

The active and standby devices can run different versions of the Cisco IOS software but must be the same

type of device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device

D.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;

the IKE configuration is copied automatically.

E.

E. The active and standby devices must run the same version of the Cisco IOS software and must be the

same type of device

Full Access
Question # 48

The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

A.

SDN controller and the cloud

B.

management console and the SDN controller

C.

management console and the cloud

D.

SDN controller and the management solution

Full Access
Question # 49

What is a commonality between DMVPN and FlexVPN technologies?

A.

FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes

B.

FlexVPN and DMVPN use the new key management protocol

C.

FlexVPN and DMVPN use the same hashing algorithms

D.

IOS routers run the same NHRP code for DMVPN and FlexVPN

Full Access
Question # 50

What is a difference between an XSS attack and an SQL injection attack?

A.

SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications

B.

XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

C.

SQL injection attacks are used to steal information from databases whereas XSS attacks are used to

redirect users to websites where attackers can steal data from them

D.

XSS attacks are used to steal information from databases whereas SQL injection attacks are used to

redirect users to websites where attackers can steal data from them

Full Access
Question # 51

What is a difference between DMVPN and sVTI?

A.

DMVPN supports tunnel encryption, whereas sVTI does not.

B.

DMVPN supports dynamic tunnel establishment, whereas sVTI does not.

C.

DMVPN supports static tunnel establishment, whereas sVTI does not.

D.

DMVPN provides interoperability with other vendors, whereas sVTI does not.

Full Access
Question # 52

Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

A.

transparent

B.

redirection

C.

forward

D.

proxy gateway

Full Access
Question # 53

Which cloud service model offers an environment for cloud consumers to develop and deploy applications

without needing to manage or maintain the underlying cloud infrastructure?

A.

PaaS

B.

XaaS

C.

IaaS

D.

SaaS

Full Access
Question # 54

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also

provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

A.

url

B.

terminal

C.

profile

D.

selfsigned

Full Access
Question # 55

Which algorithm provides encryption and authentication for data plane communication?

A.

AES-GCM

B.

SHA-96

C.

AES-256

D.

SHA-384

Full Access
Question # 56

What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

A.

data exfiltration

B.

command and control communication

C.

intelligent proxy

D.

snort

E.

URL categorization

Full Access
Question # 57

Which type of attack is social engineering?

A.

trojan

B.

phishing

C.

malware

D.

MITM

Full Access
Question # 58

A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A.

DHCP snooping has not been enabled on all VLANs.

B.

The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

C.

Dynamic ARP Inspection has not been enabled on all VLANs

D.

The no ip arp inspection trust command is applied on all user host interfaces

Full Access
Question # 59

Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion

Prevention System?

A.

control

B.

malware

C.

URL filtering

D.

protect

Full Access
Question # 60

Which Cisco security solution protects remote users against phishing attacks when they are not connected to

the VPN?

A.

Cisco Stealthwatch

B.

Cisco Umbrella

C.

Cisco Firepower

D.

NGIPS

Full Access
Question # 61

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A.

IP Blacklist Center

B.

File Reputation Center

C.

AMP Reputation Center

D.

IP and Domain Reputation Center

Full Access
Question # 62

What is a characteristic of traffic storm control behavior?

A.

Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within

the interval.

B.

Traffic storm control cannot determine if the packet is unicast or broadcast.

C.

Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.

D.

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is

unicast or broadcast.

Full Access
Question # 63

Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

A.

put

B.

options

C.

get

D.

push

E.

connect

Full Access
Question # 64

How does Cisco Umbrella archive logs to an enterprise owned storage?

A.

by using the Application Programming Interface to fetch the logs

B.

by sending logs via syslog to an on-premises or cloud-based syslog server

C.

by the system administrator downloading the logs from the Cisco Umbrella web portal

D.

by being configured to send logs to a self-managed AWS S3 bucket

Full Access
Question # 65

What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

A.

It tracks flow-create, flow-teardown, and flow-denied events.

B.

It provides stateless IP flow tracking that exports all records of a specific flow.

C.

It tracks the flow continuously and provides updates every 10 seconds.

D.

Its events match all traffic classes in parallel.

Full Access
Question # 66

Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

A.

accounting

B.

assurance

C.

automation

D.

authentication

E.

encryption

Full Access
Question # 67

Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

A.

DDoS

B.

antispam

C.

antivirus

D.

encryption

E.

DLP

Full Access
Question # 68

An engineer needs a solution for TACACS+ authentication and authorization for device administration.

The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to

use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

A.

Cisco Prime Infrastructure

B.

Cisco Identity Services Engine

C.

Cisco Stealthwatch

D.

Cisco AMP for Endpoints

Full Access
Question # 69

Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data

within a network perimeter?

A.

cloud web services

B.

network AMP

C.

private cloud

D.

public cloud

Full Access
Question # 70

Which action controls the amount of URI text that is stored in Cisco WSA logs files?

A.

Configure the datasecurityconfig command

B.

Configure the advancedproxyconfig command with the HTTPS subcommand

C.

Configure a small log-entry size.

D.

Configure a maximum packet size.

Full Access
Question # 71

Which threat involves software being used to gain unauthorized access to a computer system?

A.

virus

B.

NTP amplification

C.

ping of death

D.

HTTP flood

Full Access
Question # 72

What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

A.

authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

B.

authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

C.

authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

D.

secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Full Access
Question # 73

Which compliance status is shown when a configured posture policy requirement is not met?

A.

compliant

B.

unknown

C.

authorized

D.

noncompliant

Full Access
Question # 74

Refer to the exhibit.

What is a result of the configuration?

A.

Traffic from the DMZ network is redirected

B.

Traffic from the inside network is redirected

C.

All TCP traffic is redirected

D.

Traffic from the inside and DMZ networks is redirected

Full Access
Question # 75

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN

configuration as opposed to DMVPN?

A.

Multiple routers or VRFs are required.

B.

Traffic is distributed statically by default.

C.

Floating static routes are required.

D.

HSRP is used for faliover.

Full Access
Question # 76

Which two mechanisms are used to control phishing attacks? (Choose two)

A.

Enable browser alerts for fraudulent websites.

B.

Define security group memberships.

C.

Revoke expired CRL of the websites.

D.

Use antispyware software.

E.

Implement email filtering techniques.

Full Access
Question # 77

Which two cryptographic algorithms are used with IPsec? (Choose two)

A.

AES-BAC

B.

AES-ABC

C.

HMAC-SHA1/SHA2

D.

Triple AMC-CBC

E.

AES-CBC

Full Access
Question # 78

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?

A.

Use security services to configure the traffic monitor, .

B.

Use URL categorization to prevent the application traffic.

C.

Use an access policy group to configure application control settings.

D.

Use web security reporting to validate engine functionality

Full Access
Question # 79

How does DNS Tunneling exfiltrate data?

A.

An attacker registers a domain that a client connects to based on DNS records and sends malware through

that connection.

B.

An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.

C.

An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to

poison the resolutions.

D.

An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious

domain.

Full Access