Updated 350-701 Dumps PDF - 350-701 Real Valid Brain Dumps With 600 Questions! 100% Free 350-701 Exam Dumps Use Real CCNP Security Dumps The Cisco 350-701 SCOR exam tests the candidates' knowledge of operating and implementing core security technologies such as network or cloud security, content security, or endpoint protection and detection. Best Revision Book: Introducing Cisco 350-701 Official Certification [...]

All Products Contact now

[Q87-Q110] Updated 350-701 Dumps PDF - 350-701 Real Valid Brain Dumps With 600 Questions!

Share

Updated 350-701 Dumps PDF - 350-701 Real Valid Brain Dumps With 600 Questions!

100% Free 350-701 Exam Dumps Use Real CCNP Security Dumps


The Cisco 350-701 SCOR exam tests the candidates' knowledge of operating and implementing core security technologies such as network or cloud security, content security, or endpoint protection and detection.


Best Revision Book: Introducing Cisco 350-701 Official Certification Guide

The CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide (1st Edition) is one of the most comprehensive study materials you can use to pass 350-701 exam. Why? Because it features a lot of exciting resources that will cover everything about the final test. Written by Omar Santos, this book presents the best combination of tools to help you master all the exam concepts easily. It has quizzes at the beginning of every chapter to help you know what you will cover in every section. Besides, it also has chapter review tasks that will help you achieve much more than just drilling on the vital exam concepts. All in all, the official cert guide for the Cisco 350-701 exam is not only valuable because of the exciting study plans it provides but also for the video instruction from the author, a lot of questions and exercises, and unmatched detail on every test objective to ensure you get everything right at the first attempt.

 

NEW QUESTION 87
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?

  • A. elastic search
  • B. indication of compromise
  • C. retrospective detection
  • D. file trajectory

Answer: B

 

NEW QUESTION 88
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

  • A. Configure incoming content filters.
  • B. Configure Directory Harvest Attack Prevention
  • C. Bypass LDAP access queries in the recipient access table.
  • D. Use Bounce Verification

Answer: A

Explanation:
Explanation

 

NEW QUESTION 89
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response?

  • A. EPP focuses on network security, and EDR focuses on device security.
  • B. EDR focuses on network security, and EPP focuses on device security.
  • C. EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses.
  • D. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses.

Answer: C

 

NEW QUESTION 90
In which cloud services model is the tenant responsible for virtual machine OS patching?

  • A. IaaS
  • B. UCaaS
  • C. SaaS
  • D. PaaS

Answer: A

Explanation:
Explanation/Reference: https://www.cmswire.com/cms/information-management/cloud-service-models-iaas-saas-paas- how-microsoft-office-365-azure-fit-in-021672.php

 

NEW QUESTION 91
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

  • A. Internal Database
  • B. Active Directory
  • C. RSA SecureID
  • D. LDAP

Answer: B

 

NEW QUESTION 92
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

  • A. Platform Exchange Grid
  • B. Advanced Malware Protection
  • C. Firepower Threat Defense
  • D. Multifactor Platform Integration

Answer: A

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/products/security/pxgrid.html

 

NEW QUESTION 93
Which attack is preventable by Cisco ESA but not by the Cisco WSA?

  • A. buffer overflow
  • B. DoS
  • C. SQL injection
  • D. phishing
    Explanation
    The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
    Prevents the following:
    + Attacks that use compromised accounts and social engineering.
    + Phishing, ransomware, zero-day attacks and spoofing.
    + BEC with no malicious payload or URL.

Answer: D

Explanation:
Reference:
/b_ESA_Admin_Guide_13-5/m_advanced_phishing_protection.html

 

NEW QUESTION 94
Which Cisco security solution secures public, private, hybrid, and community clouds?

  • A. Cisco ISE
  • B. Cisco Cloudlock
  • C. Cisco ASAv
  • D. Cisco pxGrid

Answer: B

 

NEW QUESTION 95
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

  • A. encrypts data that is stored on endpoints
  • B. native integration that helps secure applications across multiple cloud platforms or on-premises environments
  • C. allows for centralized management of endpoint device applications and configurations
  • D. grants administrators a way to remotely wipe a lost or stolen device
  • E. provides simple and streamlined login experience for multiple applications and users

Answer: B,E

 

NEW QUESTION 96
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

  • A. SIEM
  • B. CASB
  • C. Cisco Cloudlock
  • D. Adaptive MFA

Answer: C

Explanation:
+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy.
+ Cloudlock is API-based.
+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).
+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy.
+ Cloudlock is API-based.
+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).
+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy.
+ Cloudlock is API-based.
+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).
Reference:
Note:
+ Security information and event management (SIEM) platforms collect log and event data from security systems, networks and computers, and turn it into actionable security insights.
+ An incident is a record of the triggering of an alerting policy. Cloud Monitoring opens an incident when a condition of an alerting policy has been met.
Note:
+ Security information and event management (SIEM) platforms collect log and event data from security systems, networks and computers, and turn it into actionable security insights.
+ An incident is a record of the triggering of an alerting policy. Cloud Monitoring opens an incident when a Note:
+ Security information and event management (SIEM) platforms collect log and event data from security systems, networks and computers, and turn it into actionable security insights.
+ An incident is a record of the triggering of an alerting policy. Cloud Monitoring opens an incident when a condition of an alerting policy has been met.

 

NEW QUESTION 97

Answer:

Explanation:

 

NEW QUESTION 98
Drag and drop the descriptions from the left onto the encryption algorithms on the right.

Answer:

Explanation:

 

NEW QUESTION 99
Which two capabilities does TAXII support? (Choose two)

  • A. Mitigating
  • B. Binding
  • C. Correlation
  • D. Pull messaging
  • E. Exchange

Answer: B,D

Explanation:
The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for exchanging structured cyber threat information between parties over the network.
TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat information.
TAXII Capabilities are the highest level at which TAXII actions can be described. There are three capabilities that this version of TAXII supports: push messaging, pull messaging, and discovery.
Although there is no "binding" capability in the list but it is the best answer here.

 

NEW QUESTION 100
Under which two circumstances is a CoA issued? (Choose two)

  • A. A new Identity Service Engine server is added to the deployment with the Administration persona
  • B. An endpoint is profiled for the first time.
  • C. A new authentication rule was added to the policy on the Policy Service node.
  • D. An endpoint is deleted on the Identity Service Engine server.
  • E. A new Identity Source Sequence is created and referenced in the authentication policy.

Answer: B,D

Explanation:
The profiling service issues the change of authorization in the following cases:
- Endpoint deleted-When an endpoint is deleted from the Endpoints page and the endpoint is disconnected or removed from the network.
An exception action is configured-If you have an exception action configured per profile that leads to an unusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to the corresponding static profile by issuing a CoA.
- An endpoint is profiled for the first time-When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.
+ An endpoint identity group has changed-When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.
The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:
++ The endpoint identity group changes for endpoints when they are dynamically profiled ++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/ b_ise_admin_guide_20_chapter_010100.html
++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy.
Reference:
++ The endpoint identity group changes for endpoints when they are dynamically profiled ++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/ b_ise_admin_guide_20_chapter_010100.html

 

NEW QUESTION 101
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?

  • A. PBR on Cisco WSA
  • B. MDA on the router
  • C. DNS resolution on Cisco WSA
  • D. WCCP on switch

Answer: D

 

NEW QUESTION 102
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group.
Which probe must be enabled for this type of profiling to work?

  • A. DHCP
  • B. SNMP
  • C. NMAP
  • D. NetFlow

Answer: C

 

NEW QUESTION 103
What is the function of SDN southbound API protocols?

  • A. to enable the controller to make changes
  • B. to enable the controller to use REST
  • C. to allow for the static configuration of control plane applications
  • D. to allow for the dynamic configuration of control plane applications

Answer: A

Explanation:

 

NEW QUESTION 104
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

  • A. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
  • B. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
  • C. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
  • D. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.
  • E. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

Answer: B,E

Explanation:
In explicit proxy mode, users are configured to use a web proxy and the web traffic is sent directly to the Cisco WSA. In contrast, in transparent proxy mode the Cisco WSA intercepts user's web traffic redirected from other network devices, such as switches, routers, or firewalls.

 

NEW QUESTION 105
Which attack is preventable by Cisco ESA but not by the Cisco WSA?

  • A. phishing
  • B. buffer overflow
  • C. DoS
  • D. SQL injection

Answer: A

Explanation:
Explanation Explanation The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway: Prevents the following: + Attacks that use compromised accounts and social engineering. + Phishing, ransomware, zero-day attacks and spoofing. + BEC with no malicious payload or URL. Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5/user_guide/b_ESA_Admin_Guide_13- 5/m_advanced_phishing_protection.html Explanation The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
Prevents the following:
+ Attacks that use compromised accounts and social engineering.
+ Phishing, ransomware, zero-day attacks and spoofing.
+ BEC with no malicious payload or URL.
Reference:
Explanation Explanation The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway: Prevents the following: + Attacks that use compromised accounts and social engineering. + Phishing, ransomware, zero-day attacks and spoofing. + BEC with no malicious payload or URL. Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5/user_guide/b_ESA_Admin_Guide_13- 5/m_advanced_phishing_protection.html

 

NEW QUESTION 106
Which two key and block sizes are valid for AES? (Choose two)

  • A. 128-bit block size, 192-bit key length
  • B. 64-bit block size, 168-bit key length
  • C. 64-bit block size, 112-bit key length
  • D. 128-bit block size, 256-bit key length
  • E. 192-bit block size, 256-bit key length

Answer: A,D

Explanation:
Explanation
The AES encryption algorithm encrypts and decrypts data in blocks of 128 bits (block size). It can do this using 128-bit, 192-bit, or 256-bit keys

 

NEW QUESTION 107
With which components does a southbound API within a software-defined network architecture communicate?

  • A. devices such as routers and switches
  • B. applications
  • C. controllers within the network
  • D. appliances

Answer: A

Explanation:

The Southbound API is used to communicate between Controllers and network devices.

 

NEW QUESTION 108
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)

  • A. encryption factor
  • B. biometric factor
  • C. confidentiality factor
  • D. time factor
  • E. knowledge factor

Answer: B,E

Explanation:
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. MFA requires means of verification that unauthorized users won't have.
Proper multi-factor authentication uses factors from at least two different categories.
MFA methods:
+ Knowledge - usually a password - is the most commonly used tool in MFA solutions. However, despite their simplicity, passwords have become a security problem and slow down productivity.
+ Physical factors - also called possession factors-use tokens, such as a USB dongle or a portable device, that generate a temporary QR (quick response) code. Mobile phones are commonly used, as they have the advantage of being readily available in most situations.
+ Inherent - This category includes biometrics like fingerprint, face, and retina scans. As technology advances, it may also include voice ID or other behavioral inputs like keystroke metrics. Because inherent factors are reliably unique, always present, and secure, this category shows promise.
+ Location-based and time-based - Authentication systems can use GPS coordinates, network parameters, and metadata for the network in use, and device recognition for MFA. Adaptive authentication combines these data points with historical or contextual user data.
A time factor in conjunction with a location factor could detect an attacker attempting to authenticate in Europe when the user was last authenticated in California an hour prior, for example.
+ Time-based one-time password (TOTP) - This is generally used in 2FA but could apply to any MFA method where a second step is introduced dynamically at login upon completing a first step. The wait for a second step-in which temporary passcodes are sent by SMS or email-is usually brief, and the process is easy to use for a wide range of users and devices. This method is currently widely used.
+ Social media - In this case a user grants permission for a website to use their social media username and password for login. This provide an easy login process, and one generally available to all users.
+ Risk-based authentication - Sometimes called adaptive multi-factor authentication, this method combines adaptive authentication and algorithms that calculate risk and observe the context of specific login requests.
The goal of this method is to reduce redundant logins and provide a more user-friendly workflow.
+ Push-based 2FA - Push-based 2FA improves on SMS and TOTP 2FA by adding additional layers of security while improving ease of use. It confirms a user's identity with multiple factors of authentication that other methods cannot. Because push-based 2FA sends notifications through data networks like cellular or Wi-Fi, users must have data access on their mobile devices to use the 2FA functionality.
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. MFA requires means of verification that unauthorized users won't have.
Proper multi-factor authentication uses factors from at least two different categories.
MFA methods:
+ Knowledge - usually a password - is the most commonly used tool in MFA solutions. However, despite their simplicity, passwords have become a security problem and slow down productivity.
+ Physical factors - also called possession factors-use tokens, such as a USB dongle or a portable device, that generate a temporary QR (quick response) code. Mobile phones are commonly used, as they have the advantage of being readily available in most situations.
+ Inherent - This category includes biometrics like fingerprint, face, and retina scans. As technology advances, it may also include voice ID or other behavioral inputs like keystroke metrics. Because inherent factors are reliably unique, always present, and secure, this category shows promise.
+ Location-based and time-based - Authentication systems can use GPS coordinates, network parameters, and metadata for the network in use, and device recognition for MFA. Adaptive authentication combines these data points with historical or contextual user data.
A time factor in conjunction with a location factor could detect an attacker attempting to authenticate in Europe when the user was last authenticated in California an hour prior, for example.
+ Time-based one-time password (TOTP) - This is generally used in 2FA but could apply to any MFA method where a second step is introduced dynamically at login upon completing a first step. The wait for a second step-in which temporary passcodes are sent by SMS or email-is usually brief, and the process is easy to use for a wide range of users and devices. This method is currently widely used.
+ Social media - In this case a user grants permission for a website to use their social media username and password for login. This provide an easy login process, and one generally available to all users.
+ Risk-based authentication - Sometimes called adaptive multi-factor authentication, this method combines adaptive authentication and algorithms that calculate risk and observe the context of specific login requests.
The goal of this method is to reduce redundant logins and provide a more user-friendly workflow.
+ Push-based 2FA - Push-based 2FA improves on SMS and TOTP 2FA by adding additional layers of security while improving ease of use. It confirms a user's identity with multiple factors of authentication that other methods cannot. Because push-based 2FA sends notifications through data networks like cellular or Wi-Fi, users must have data access on their mobile devices to use the 2FA functionality.
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. MFA requires means of verification that unauthorized users won't have.
Proper multi-factor authentication uses factors from at least two different categories.
MFA methods:
+ Knowledge - usually a password - is the most commonly used tool in MFA solutions. However, despite their simplicity, passwords have become a security problem and slow down productivity.
+ Physical factors - also called possession factors-use tokens, such as a USB dongle or a portable device, that generate a temporary QR (quick response) code. Mobile phones are commonly used, as they have the advantage of being readily available in most situations.
+ Inherent - This category includes biometrics like fingerprint, face, and retina scans. As technology advances, it may also include voice ID or other behavioral inputs like keystroke metrics. Because inherent factors are reliably unique, always present, and secure, this category shows promise.
+ Location-based and time-based - Authentication systems can use GPS coordinates, network parameters, and metadata for the network in use, and device recognition for MFA. Adaptive authentication combines these data points with historical or contextual user data.
A time factor in conjunction with a location factor could detect an attacker attempting to authenticate in Europe when the user was last authenticated in California an hour prior, for example.
+ Time-based one-time password (TOTP) - This is generally used in 2FA but could apply to any MFA method where a second step is introduced dynamically at login upon completing a first step. The wait for a second step-in which temporary passcodes are sent by SMS or email-is usually brief, and the process is easy to use for a wide range of users and devices. This method is currently widely used.
+ Social media - In this case a user grants permission for a website to use their social media username and password for login. This provide an easy login process, and one generally available to all users.
+ Risk-based authentication - Sometimes called adaptive multi-factor authentication, this method combines adaptive authentication and algorithms that calculate risk and observe the context of specific login requests.
The goal of this method is to reduce redundant logins and provide a more user-friendly workflow.
+ Push-based 2FA - Push-based 2FA improves on SMS and TOTP 2FA by adding additional layers of security while improving ease of use. It confirms a user's identity with multiple factors of authentication that other methods cannot. Because push-based 2FA sends notifications through data networks like cellular or Wi-Fi, users must have data access on their mobile devices to use the 2FA functionality.
Reference:
The two most popular authentication factors are knowledge and inherent (including biometrics like fingerprint, face, and retina scans. Biometrics is used commonly in mobile devices).
The two most popular authentication factors are knowledge and inherent (including biometrics like fingerprint, The two most popular authentication factors are knowledge and inherent (including biometrics like fingerprint, face, and retina scans. Biometrics is used commonly in mobile devices).

 

NEW QUESTION 109
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

  • A. inline normalization
  • B. SIP
  • C. packet decoder
  • D. SSL
  • E. modbus

Answer: A,C

 

NEW QUESTION 110
......

Pass Your 350-701 Exam Easily With 100% Exam Passing Guarantee: https://www.guidetorrent.com/350-701-pdf-free-download.html

350-701 Dumps are Available for Instant Access: https://drive.google.com/open?id=13Ws_h25Lq3SsvAre2HDNcBsRfLHOTNWX

Related Articles

more
Cisco 350-701 Certification Practice Exam