最新2024年05月08日リアルな350-701試験問題集解答で有効な350-701問題集PDF
Cisco 350-701試験問題集でPDF問題とテストエンジン
Cisco 350-701試験は、Cisco Security Solutionsの実装と運用に関する専門知識を実証したいIT専門家にとって重要な認証です。この試験は、幅広いセキュリティテクノロジーとベストプラクティスをカバーしており、エンタープライズ環境で複雑なセキュリティソリューションを操作する候補者の能力を評価するように設計されています。適切な準備と研究により、候補者は試験に合格し、CCNPセキュリティ認証を獲得できます。
シスコ350-701試験は、Ciscoセキュリティコアテクノロジーの実装と運用に関する知識とスキルを証明したいネットワークセキュリティ専門家向けの認定試験です。この試験は、Cisco Certified Network Professional Security(CCNP Security)認定プログラムの一部であり、Ciscoテクノロジーを使用したセキュリティソリューションの実装における候補者の熟練度を検証します。試験は、候補者のネットワークセキュリティのコンセプト、ネットワークインフラストラクチャ、暗号化、VPN、SIEM、およびエンドポイントセキュリティの理解を検証します。
Cisco 350-701 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
| トピック 11 |
|
| トピック 12 |
|
| トピック 13 |
|
| トピック 14 |
|
質問 # 323
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing. Which action should be taken to accomplish this goal?
- A. Configure the port using the ip ssh port 22 command.
- B. Enable the SSH server using the ip ssh server command.
- C. Generate the RSA key using the crypto key generate rsa command.
- D. Disable telnet using the no ip telnet command.
正解:C
解説:
Explanation
https://learningnetwork.cisco.com/s/question/0D53i00000KsrhK/rsa-key
質問 # 324
What is an advantage of network telemetry over SNMP pulls?
- A. encapsulation
- B. accuracy
- C. scalability
- D. security
正解:C
解説:
Network telemetry is a technology that allows network devices to push data to a collector in real time, rather than waiting for the collector to pull data from them. This improves the efficiency and accuracy of data collection, and enables the monitoring of a large number of network devices. SNMP, on the other hand, is a protocol that uses a pull model, where the collector requests data from the devices periodically. This can cause delays, gaps, and overhead in data collection, and limit the scalability of network monitoring. Therefore, network telemetry has an advantage over SNMP pulls in terms of scalability. References:
* What Is Telemetry? Telemetry vs. SNMP - Huawei
* Streaming telemetry challenges SNMP in large, complex networks
* Network streaming telemetry: Monitoring in "real-time" - Paessler
* An Overview of Network Telemetry - Geek Speak - Resources - THWACK
質問 # 325
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
- A. Modify identification profiles
- B. Modify outbound malware scanning policies
- C. Modify web proxy settings
- D. Modify an access policy
正解:C
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guidev60/Access_
質問 # 326
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
- A. Set a trusted interface for the DHCP server
- B. Enable ARP inspection for the required VLAN
- C. Add entries in the DHCP snooping database
- D. Set the DHCP snooping bit to 1
正解:A
解説:
To understand DHCP snooping we need to learn about DHCP spoofing attack first.
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.
質問 # 327
An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?
- A. Create a new site within Cisco Umbrella to block requests from those categories so they can be sent to the proxy device.
- B. Configure URL filtering within Cisco Umbrella to track the URLs and proxy the requests for those categories and below.
- C. Upload the threat intelligence database to Cisco Umbrella for the most current information on reputations and to have the destination lists block them.
- D. Configure intelligent proxy within Cisco Umbrella to intercept and proxy the requests for only those categories.
正解:A
解説:
The intelligent proxy is a feature of Cisco Umbrella that allows it to selectively inspect and proxy web requests for domains that are classified as risky or potentially malicious. These domains may contain both safe and harmful content, and the intelligent proxy can filter out the malicious files or URLs while allowing the benign ones to pass through. The intelligent proxy can also apply SSL decryption to inspect encrypted traffic and enforce policies based on the content or destination of the web requests. To enable the intelligent proxy, an engineer needs to configure it within the Cisco Umbrella dashboard and select the categories of domains that should be proxied. The categories are based on the domain reputation and security risk, and range from High Risk to Low Risk. The engineer can also customize the list of domains to include or exclude from the intelligent proxy. By configuring the intelligent proxy, the engineer can achieve the objectives of identifying and proxying traffic that is categorized as risky domains and may contain safe and malicious content. References := Some possible references are:
* Enable the Intelligent Proxy - Umbrella User Guide, Cisco
* Manage the Intelligent Proxy - Umbrella User Guide, Cisco
* Intelligent Proxy in Cisco Umbrella how it works, Cisco Learning Network
* What is the Intelligent Proxy? - MSP User Guide, Cisco
* Cisco Umbrella Intelligent Proxy and SSL Decryption implementation, Cisco Community
質問 # 328
Which type of attack is social engineering?
- A. MITM
- B. trojan
- C. malware
- D. phishing
正解:D
解説:
Explanation
Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem.
質問 # 329
An MDM provides which two advantages to an organization with regards to device management? (Choose two.)
- A. asset inventory management
- B. critical device management
- C. network device management
- D. allowed application management
- E. Active Directory group policy management
正解:A、D
解説:
Explanation
質問 # 330
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two.)
- A. reference a Proxy Auto Config file
- B. configure policy-based routing on the network infrastructure
- C. use Web Cache Communication Protocol
- D. configure the proxy IP address in the web-browser settings
- E. configure Active Directory Group Policies to push proxy settings
正解:A、C
質問 # 331
A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?
- A. Send the file to Cisco Threat Grid for dynamic analysis
- B. Upload the hash for the file into the policy
- C. Block the application that the file was using to open
- D. Create an IP block list for the website from which the file was downloaded
正解:B
質問 # 332
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?
- A. access control lists
- B. Storm Control
- C. Bridge Protocol Data Unit guard
- D. embedded event monitoring
正解:D
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr-book/eem-cr-e1.html
質問 # 333
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
- A. Cisco Duo
- B. Cisco NGFW
- C. Cisco AnyConnect
- D. Cisco AMP for Endpoints
正解:A
質問 # 334 
正解:
解説:
質問 # 335
An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?
- A. Cisco DNA Center
- B. Cisco Defense Orchestrator
- C. Cisco Configuration Professional
- D. Cisco Secureworks
正解:A
質問 # 336
A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?
- A. need to be reestablished with both stateful and stateless failover
- B. preserved with stateful failover and need to be reestablished with stateless failover
- C. need to be reestablished with stateful failover and preserved with stateless failover
- D. preserved with both stateful and stateless failover
正解:B
質問 # 337
What are two list types within AMP for Endpoints Outbreak Control? (Choose two)
- A. allowed applications
- B. blocked ports
- C. simple custom detections
- D. command and control
- E. URL
正解:A、C
解説:
Advanced Malware Protection (AMP) for Endpoints offers a variety of lists, referred to as Outbreak Control, that allow you to customize it to your needs. The main lists are: Simple Custom Detections, Blocked Applications, Allowed Applications, Advanced Custom Detections, and IP Blocked and Allowed Lists. A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine. Allowed applications lists are for files you never want to convict. Some examples are a custom application that is detected by a generic engine or a standard image that you use throughout the company Reference: https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine.
Advanced Malware Protection (AMP) for Endpoints offers a variety of lists, referred to as Outbreak Control, that allow you to customize it to your needs. The main lists are: Simple Custom Detections, Blocked Applications, Allowed Applications, Advanced Custom Detections, and IP Blocked and Allowed Lists. A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine. Allowed applications lists are for files you never want to convict. Some examples are a custom application that is detected by a generic engine or a standard image that you use throughout the company Reference: https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf
質問 # 338
Which functions of an SDN architecture require southbound APIs to enable communication?
- A. SDN controller and the cloud
- B. SDN controller and the network elements
- C. management console and the SDN controller
- D. management console and the cloud
正解:B
解説:
The Southbound API is used to communicate between Controllers and network devices
質問 # 339
During a recent security audit a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command The VPN peer is a SOHO router with a dynamically assigned IP address Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn sohoroutercompany.com In addition to the command crypto isakmp key Cisc425007536 hostname vpn.sohoroutercompany.com what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)
- A. crypto isakmp identity hostname
- B. ip host vpn.sohoroutercompany.eom <VPN Peer IP Address>
- C. Add the dynamic keyword to the existing crypto map command
- D. fqdn vpn.sohoroutercompany.com <VPN Peer IP Address>
- E. ip name-server <DNS Server IP Address>
正解:C、E
質問 # 340
......
信頼できるCCNP Security 350-701問題集PDF2024年05月08日最近更新された問題:https://jp.fast2test.com/350-701-premium-file.html
最新350-701試験問題集には合格保証付きます:https://drive.google.com/open?id=1Wo479xv2H5h6kWk8XscWP6a4q_S5UBGP