合格させる350-701試験問題で実際テストエンジンPDFには600問題あります
最新をゲットせよ!350-701認定練習テスト問題の試験問題集
Cisco 350-701 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
質問 359
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
- A. WCCP on switch
- B. MDA on the router
- C. DNS resolution on Cisco WSA
- D. PBR on Cisco WSA
正解: A
質問 360
An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?
- A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.
- B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE
- C. Modify the current policy with the condition MFASourceSequence DUO=true in the authorization conditions within Cisco ISE
- D. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.
正解: D
質問 361
A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16.
What is the cause of this issue?
- A. An access list entry for UDP port 123 on the outside interface is missing.
- B. An access list entry for UDP port 123 on the inside interface is missing.
- C. Resynchronization of NTP is not forced
- D. NTP is not configured to use a working server.
正解: D
質問 362
What is the function of SDN southbound API protocols?
- A. to allow for the static configuration of control plane applications
- B. to enable the controller to make changes
- C. to enable the controller to use REST
- D. to allow for the dynamic configuration of control plane applications
正解: B
解説:
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs. Reference: https://www.ciscopress.com/articles/article.asp?p=3004581&seqNum=2 scalability needs.
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs. Reference: https://www.ciscopress.com/articles/article.asp?p=3004581&seqNum=2
Note: Southbound APIs helps us communicate with data plane (not control plane) applications
質問 363
Refer to the exhibit.
A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?
- A. complete no configurations
- B. add subinterfaces
- C. set the IP address of an interface
- D. complete all configurations
正解: A
質問 364
Which technology is used to improve web traffic performance by proxy caching?
- A. WSA
- B. FireSIGHT
- C. Firepower
- D. ASA
正解: A
質問 365
An engineer needs to configure a Cisco Secure Email Gateway (SEG) to prompt users to enter multiple forms of identification before gaining access to the SEG. The SEG must also join a cluster using the preshared key of cisc421555367. What steps must be taken to support this?
- A. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG GUI.
- B. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG CLI
- C. Enable two-factor authentication through a RADIUS server, and then join the cluster via the SEG GUI.
- D. Enable two-factor authentication through a TACACS+ server, and then join the cluster via the SEG CLI.
正解: B
質問 366
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?
- A. DHCP snooping has not been enabled on all VLANs.
- B. The no ip arp inspection trust command is applied on all user host interfaces
- C. Dynamic ARP Inspection has not been enabled on all VLANs
- D. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
正解: B
質問 367
What are two benefits of Flexible NetFlow records? (Choose two)
- A. They provide monitoring of a wider range of IP packet information from Layer 2 to 4
- B. They converge multiple accounting technologies into one accounting mechanism
- C. They provide accounting and billing enhancements
- D. They provide attack prevention by dropping the traffic
- E. They allow the user to configure flow information to perform customized traffic identification
正解: B,E
解説:
NetFlow is typically used for several key customer applications, including the following:
...
Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.
Reference:
If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields.
cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these layers.
質問 368
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
正解:
解説:

質問 369
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?
- A. Fuzzing Framework
- B. Radamsa
- C. OWASP
- D. AFL
正解: C
質問 370
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
- A. Add entries in the DHCP snooping database
- B. Enable ARP inspection for the required VLAN
- C. Set the DHCP snooping bit to 1
- D. Set a trusted interface for the DHCP server
正解: D
解説:
To understand DHCP snooping we need to learn about DHCP spoofing attack first.
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.
質問 371
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
- A. simple custom detections
- B. URL
- C. blocked ports
- D. allowed applications
- E. command and control
正解: A,D
解説:
Advanced Malware Protection (AMP) for Endpoints offers a variety of lists, referred to as Outbreak Control, that allow you to customize it to your needs. The main lists are: Simple Custom Detections, Blocked Applications, Allowed Applications, Advanced Custom Detections, and IP Blocked and Allowed Lists. A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine. Allowed applications lists are for files you never want to convict. Some examples are a custom application that is detected by a generic engine or a standard image that you use throughout the company Reference: https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine.
Advanced Malware Protection (AMP) for Endpoints offers a variety of lists, referred to as Outbreak Control, that allow you to customize it to your needs. The main lists are: Simple Custom Detections, Blocked Applications, Allowed Applications, Advanced Custom Detections, and IP Blocked and Allowed Lists. A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine. Allowed applications lists are for files you never want to convict. Some examples are a custom application that is detected by a generic engine or a standard image that you use throughout the company Reference: https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf
質問 372
What is the function of SDN southbound API protocols?
- A. to enable the controller to make changes
- B. to allow for the static configuration of control plane applications
- C. to allow for the dynamic configuration of control plane applications
- D. to enable the controller to use REST
正解: C
解説:
Explanation
質問 373
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
- A. Configure Directory Harvest Attack Prevention
- B. Use Bounce Verification
- C. Bypass LDAP access queries in the recipient access table
- D. Configure incoming content filters
正解: A
解説:
Explanation
Explanation
A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different permutations of common username. Its easy for attackers to get hold of a valid email address if your organization uses standard format for official e-mail alias (for example: [email protected]). We can configure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.
Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here's an LDAP search translated into plain English: "Search for all people located in Chicago who's name contains "Fred" that have an email address. Please return their full name, email, title, and description.
質問 374
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?
- A. Bridge Protocol Data Unit guard
- B. Storm Control
- C. embedded event monitoring
- D. access control lists
正解: B
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr-book/eem-cr-e1.html
質問 375
A user has a device in the network that is receiving too many connection requests from multiple machines.
Which type of attack is the device undergoing?
- A. phishing
- B. slowloris
- C. pharming
- D. SYN flood
正解: D
解説:
Explanation
https://www.cisco.com/c/en/us/products/security/what-is-a-ddos-attack.html#~types-of-ddos-attacks
質問 376
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?
- A. Intelligent proxy and SSL decryption is disabled in the policy.
- B. IP-Layer Enforcement is not configured.
- C. Client computers do not have the Cisco Umbrella Root CA certificate installed.
- D. Client computers do not have an SSL certificate deployed from an internal CA server.
正解: A
解説:
Explanation
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-Intelligent-Proxy
質問 377
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
- A. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval.
- B. Enter the shutdown and no shutdown commands on the interfaces.
- C. Enable the snmp-server enable traps command and wait 300 seconds
- D. Use EEM to have the ports return to service automatically in less than 300 seconds.
- E. Ensure that interfaces are configured with the error-disable detection and recovery feature Explanation
正解: B,E
解説:
Explanation
You can also bring up the port by using these commands:
+ The "shutdown" interface configuration command followed by the "no shutdown" interface configuration command restarts the disabled port.
+ The "errdisable recovery cause ..." global configuration command enables the timer to automatically recover error-disabled state, and the "errdisable recovery interval interval" global configuration command specifies the time to recover error-disabled state.
質問 378
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
正解:
解説:
質問 379
What are two rootkit types? (Choose two)
- A. user mode
- B. virtual
- C. bootloader
- D. registry
- E. buffer mode
正解: A,E
質問 380
Which two activities can be done using Cisco DNA Center? (Choose two.)
- A. provision
- B. design
- C. DHCP
- D. accounting
- E. DNS
正解: A,B
解説:
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and- management/dna-center/1-2-1/user_guide/b_dnac_ug_1_2_1/b_dnac_ug_1_2_chapter_00.pdf
質問 381
......
350-701試験問題集でPDF問題とテストエンジン:https://jp.fast2test.com/350-701-premium-file.html
リアル350-701試験問題集解答で有効な350-701問題集PDF:https://drive.google.com/open?id=1Wo479xv2H5h6kWk8XscWP6a4q_S5UBGP