Authentic 350-701 Dumps Updated – Choose DumpsBase’s 350-701 Dumps (V26.02) to Pass Your CCNP Security 350-701 SCOR Exam

1. In which form of attack is alternate encoding, such as hexadecimal representation, most often observed?

2. Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

3. Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two)

4. Which two endpoint measures are used to minimize the chances of falling victim to phishing and social

engineering attacks? (Choose two)

5. Which two mechanisms are used to control phishing attacks? (Choose two)

6. Which two behavioral patterns characterize a ping of death attack? (Choose two)

7. Which two preventive measures are used to control cross-site scripting? (Choose two)

8. What is the difference between deceptive phishing and spear phishing?

9. Which attack is commonly associated with C and C++ programming languages?

10. What is a language format designed to exchange threat intelligence that can be transported over the

TAXII protocol?

11. Which two capabilities does TAXII support? (Choose two)

12. Which two risks is a company vulnerable to if it does not have a well-established patching solution for

endpoints? (Choose two)

13. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

14. What are two rootkit types? (Choose two)

15. Which form of attack is launched using botnets?

16. Which threat involves software being used to gain unauthorized access to a computer system?

17. Which type of attack is social engineering?

18. Which two key and block sizes are valid for AES? (Choose two)

19. Which two descriptions of AES encryption are true? (Choose two)

20. Which algorithm provides encryption and authentication for data plane communication?

21. Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

22. What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

23. Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

24. Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

25. Which VPN technology can support a multivendor environment and secure traffic between sites?

26. A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on host A. The tunnel is not being established to host B.

What action is needed to authenticate the VPN?

27. Refer to the exhibit.

A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status.

What is the problem according to this command output?

28. What is a difference between FlexVPN and DMVPN?

29. Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

30. What is a commonality between DMVPN and FlexVPN technologies?

31. The main function of northbound APIs in the SDN architecture is to enable communication between which two areas of a network?

32. Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)

33. Which functions of an SDN architecture require southbound APIs to enable communication?

34. Which API is used for Content Security?

35. Which two request of REST API are valid on the Cisco ASA Platform? (Choose two)

36. Refer to the exhibit.

What is the result of this Python script of the Cisco DNA Center API?

37. Refer to the exhibit.

What does the API do when connected to a Cisco security appliance?

38. Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

39. Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

40. Which option is the main function of Cisco Firepower impact flags?

41. On Cisco Firepower Management Center, which policy is used to collect health modules alerts from Managed devices?

42. Which license is required for Cisco Security Intelligence to work on the Cisco Next Generation Intrusion Prevention System?

43. Which two are valid suppression types on a Cisco Next Generation Intrusion Prevention System? (Choose two)

44. Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

45. Which information is required when adding a device to Firepower Management Center?

46. Which two deployment modes does the Cisco ASA FirePower module support? (Choose two)

47. The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic. Where must the ASA be added on the Cisco UC Manager platform?

48. Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

49. Which feature is supported when deploying Cisco ASAv within AWS public cloud?

50. Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

51. Which statement about IOS zone-based firewalls is true?

52. What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

53. Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

54. Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

55. Which ASA deployment mode can provide separation of management on a shared appliance?

56. Refer to the exhibit.

What is a result of the configuration?

57. Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

58. Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)

59. A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance.

Which ASA deployment mode meets these needs?

60. What is a characteristic of Firepower NGIPS inline deployment mode?

61. An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA.

Which Cisco ASA command must be used?

62. How many interfaces per bridge group does an ASA bridge group deployment support?

63. Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)

64. Which two features of Cisco Email Security can protect your organization against email threats? (Choose two)

65. Why would a user choose an on-premises ESA versus the CES solution?

66. Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)

67. What is the purpose of the Decrypt for Application Detection feature within the WSA Decryption options?

68. Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)

69. Which action controls the amount of URI text that is stored in Cisco WSA logs files?

70. An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.

Which list contains the allowed recipient addresses?

71. Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

72. Which Talos reputation center allows you to track the reputation of IP addresses for email and web

traffic?

73. Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

74. After deploying a Cisco ESA on your network, you notice that some messages fail to reach their destinations.

Which task can you perform to determine where each message was lost?

75. What is the primary benefit of deploying an ESA in hybrid mode?

76. What is the primary role of the Cisco Email Security Appliance?

77. Which technology is used to improve web traffic performance by proxy caching?

78. In which two ways does a system administrator send web traffic transparently to the Web Security

Appliance? (Choose two)

79. Which technology reduces data loss by identifying sensitive information stored in public computing environments?

80. Which deployment model is the most secure when considering risks to cloud adoption?

81. In which cloud services model is the tenant responsible for virtual machine OS patching?

82. Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

83. What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

84. Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

85. In a PaaS model, which layer is the tenant responsible for maintaining and patching?

86. On which part of the IT environment does DevSecOps focus?

87. What is the function of Cisco Cloudlock for data security?

88. An administrator wants to ensure that all endpoints are compliant before users are allowed access on the corporate network. The endpoints must have the corporate antivirus application installed and be running the latest build of Windows 10.

What must the administrator implement to ensure that all devices are compliant before they are allowed on the network?

89. An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE.

Which CoA type achieves this goal?

90. Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two)

91. Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

92. An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.

Which two solutions mitigate the risk of this ransom ware infection? (Choose two)

93. Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an

Inline posture node?

94. What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services? (Choose two)

95. For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

96. Which compliance status is shown when a configured posture policy requirement is not met?

97. Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?