最高で有効な350-701試験問題と解答PDF 350-701問題集(最近更新された630問あります) [Q147-Q171]

Share

最高で有効な350-701試験問題と解答PDF 350-701問題集(最近更新された630問あります)

試験問題解答は350-701学習ガイド

質問 # 147
How is DNS tunneling used to exfiltrate data out of a corporate network?

  • A. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks.
  • B. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers.
  • C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network.
  • D. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data.

正解:D

解説:
ExplanationDomain name system (DNS) is the protocol that translates human-friendly URLs, such as securitytut.com, into IP addresses, such as 183.33.24.13. Because DNS messages are only used as the beginning of each communication and they are not intended for data transfer, many organizations do not monitor their DNS traffic for malicious activity. As a result, DNS-based attacks can be effective if launched against their networks. DNS tunneling is one such attack.An example of DNS Tunneling is shown below:

* The attacker incorporates one of many open-source DNS tunneling kits into an authoritative DNSnameserver (NS) and malicious payload.2. An IP address (e.g. 1.2.3.4) is allocated from the attacker's infrastructure and a domain name (e.g. attackerdomain.com) is registered or reused. The registrar informs the top-level domain (.com) nameservers to refer requests for attackerdomain.com to ns.attackerdomain.com, which has a DNS record mapped to 1.2.3.43. The attacker compromises a system with the malicious payload. Once the desired data is obtained, the payload encodes the data as a series of 32 characters (0-9, A-Z) broken into short strings (3KJ242AIE9, P028X977W,...).4. The payload initiates thousands of unique DNS record requests to the attacker's domain with each string as Reference: https://learn-umbrella.cisco.com/i/775902-dns-tunneling/0


質問 # 148
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements?

  • A. Cisco Stealthwatch Cloud PNM
  • B. Cisco Stealthwatch Cloud PCM
  • C. Cisco Umbrella On-Premises
  • D. Cisco Umbrella Cloud

正解:A

解説:
Explanation Private Network Monitoring (PNM) provides visibility and threat detection for the on-premises network, delivered from the cloud as a SaaS solution. It is the perfect solution for organizations who prefer SaaS products and desire better awareness and security in their on-premises environments while reducing capital expenditure and operational overhead. It works by deploying lightweight software in a virtual machine or server that can consume a variety of native sources of telemetry or extract metadata from network packet flow. It encrypts this metadata and sends it to the Stealthwatch Cloud analytics platform for analysis. Stealthwatch Cloud consumes metadata only. The packet payloads are never retained or transferred outside the network. This lab focuses on how to configure a Stealthwatch Cloud Private Network Monitoring (PNM) Sensor, in order to provide visibility and effectively identify active threats, and monitors user and device behavior within onpremises networks. The Stealthwatch Cloud PNM Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems. Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf Private Network Monitoring (PNM) provides visibility and threat detection for the on-premises network, delivered from the cloud as a SaaS solution. It is the perfect solution for organizations who prefer SaaS products and desire better awareness and security in their on-premises environments while reducing capital expenditure and operational overhead. It works by deploying lightweight software in a virtual machine or server that can consume a variety of native sources of telemetry or extract metadata from network packet flow. It encrypts this metadata and sends it to the Stealthwatch Cloud analytics platform for analysis. Stealthwatch Cloud consumes metadata only. The packet payloads are never retained or transferred outside the network.
This lab focuses on how to configure a Stealthwatch Cloud Private Network Monitoring (PNM) Sensor, in order to provide visibility and effectively identify active threats, and monitors user and device behavior within onpremises networks.
The Stealthwatch Cloud PNM Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems.
Explanation Private Network Monitoring (PNM) provides visibility and threat detection for the on-premises network, delivered from the cloud as a SaaS solution. It is the perfect solution for organizations who prefer SaaS products and desire better awareness and security in their on-premises environments while reducing capital expenditure and operational overhead. It works by deploying lightweight software in a virtual machine or server that can consume a variety of native sources of telemetry or extract metadata from network packet flow. It encrypts this metadata and sends it to the Stealthwatch Cloud analytics platform for analysis. Stealthwatch Cloud consumes metadata only. The packet payloads are never retained or transferred outside the network. This lab focuses on how to configure a Stealthwatch Cloud Private Network Monitoring (PNM) Sensor, in order to provide visibility and effectively identify active threats, and monitors user and device behavior within onpremises networks. The Stealthwatch Cloud PNM Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems. Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf


質問 # 149
Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

  • A. VMware ESXi
  • B. Red Hat Enterprise Visualization
  • C. Google Cloud Platform
  • D. Amazon Web Services

正解:D

解説:


質問 # 150
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

  • A. Clam AV Engine to perform email scanning
  • B. Spero Engine with machine learning to perform dynamic analysis
  • C. Ethos Engine to perform fuzzy fingerprinting
  • D. Tetra Engine to detect malware when me endpoint is connected to the cloud

正解:C

解説:
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
Reference:
ETHOS = Fuzzy Fingerprinting using static/passive heuristics
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
ETHOS = Fuzzy Fingerprinting using static/passive heuristics


質問 # 151
Which form of attack is launched using botnets?

  • A. EIDDOS
  • B. TCP flood
  • C. DDOS
  • D. virus

正解:C

解説:
A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them.
Cyber criminals use botnets to instigate botnet attacks, which include malicious activities such as credentials leaks, unauthorized access, data theft and DDoS attacks.


質問 # 152
An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?

  • A. Cisco Configuration Professional
  • B. Cisco DNA Center
  • C. Cisco Secureworks
  • D. Cisco Defense Orchestrator

正解:D

解説:
Cisco Defense Orchestrator is a cloud-based management solution that allows you to manage security policies and device configurations with ease across multiple Cisco and cloud-native security platforms.
Cisco Defense Orchestrator features:
....
Management of hybrid environments: Managing a mix of firewalls running the ASA, FTD, and Meraki MX software is now easy, with the ability to share policy elements across platforms.
Cisco Defense Orchestrator is a cloud-based management solution that allows you to manage security policies and device configurations with ease across multiple Cisco and cloud-native security platforms.
Cisco Defense Orchestrator features:
....
Management of hybrid environments: Managing a mix of firewalls running the ASA, FTD, and Meraki MX software is now easy, with the ability to share policy elements across platforms.
Reference:
736847.html
Cisco Defense Orchestrator is a cloud-based management solution that allows you to manage security policies and device configurations with ease across multiple Cisco and cloud-native security platforms.
Cisco Defense Orchestrator features:
....
Management of hybrid environments: Managing a mix of firewalls running the ASA, FTD, and Meraki MX software is now easy, with the ability to share policy elements across platforms.
736847.html


質問 # 153
Which Cisco AMP file disposition valid?

  • A. dirty
  • B. malware
  • C. pristine
  • D. nonmalicios

正解:B


質問 # 154
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

  • A. Ensure that the client computers are pointing to the on-premises DNS servers.
  • B. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
  • C. Add the public IP address that the client computers are behind to a Core Identity.
  • D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

正解:D

解説:
the routing of traffic through the Cisco Umbrella network is to browse to http://welcome.umbrella.com/.
This URL will display a message that confirms whether the new network identity is working or not.
If the message says "You're protected by Cisco Umbrella", then the traffic is being routed correctly.
If the message says "You're not using Cisco Umbrella", then the traffic is not being routed correctly and the configuration needs to be checked. The other options are not valid actions to test the routing. Option A is incorrect because the client computers should point to the Cisco Umbrella DNS servers, not the on-premises DNS servers. Option B is incorrect because the Intelligent Proxy is a feature that selectively intercepts and proxies web requests for deeper inspection, not a tool to test the routing. Option C is incorrect because adding the public IP address to a Core Identity is a way to identify the network, not a way to test the routing. References:
* How To: Successfully test to ensure you're running Umbrella correctly
* Add a Network Identity


質問 # 155
Which risk is created when using an Internet browser to access cloud-based service?

  • A. intermittent connection to the cloud connectors
  • B. misconfiguration of Infra, which allows unauthorized access
  • C. insecure implementation of API
  • D. vulnerabilities within protocol

正解:D


質問 # 156
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?

  • A. deliver and add disclaimer text
  • B. quarantine and alter the subject header with a DLP violation
  • C. quarantine and send a DLP violation notification
  • D. deliver and send copies to other recipients

正解:A

解説:
You specify primary and secondary actions that the appliance will take when it detects a possible DLP violation in an outgoing message. Different actions can be assigned for different violation types and severities. Primary actions include: - Deliver - Drop - Quarantine Secondary actions include: - Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message. - Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers. - Altering the subject header of messages containing a DLP violation. - Adding disclaimer text to messages. - Sending messages to an alternate destination mailhost. - Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.) - Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer. Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/ b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html in an outgoing message. Different actions can be assigned for different violation types and severities.
Primary actions include:
- Deliver
- Drop
- Quarantine
Secondary actions include:
- Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message.
- Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers.
- Altering the subject header of messages containing a DLP violation.
- Adding disclaimer text to messages.
- Sending messages to an alternate destination mailhost.
- Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.)
- Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer.
Reference:
You specify primary and secondary actions that the appliance will take when it detects a possible DLP violation in an outgoing message. Different actions can be assigned for different violation types and severities. Primary actions include: - Deliver - Drop - Quarantine Secondary actions include: - Sending a copy to a policy quarantine if you choose to deliver the message. The copy is a perfect clone of the original, including the Message ID. Quarantining a copy allows you to test the DLP system before deployment in addition to providing another way to monitor DLP violations. When you release the copy from the quarantine, the appliance delivers the copy to the recipient, who will have already received the original message. - Encrypting messages. The appliance only encrypts the message body. It does not encrypt the message headers. - Altering the subject header of messages containing a DLP violation. - Adding disclaimer text to messages. - Sending messages to an alternate destination mailhost. - Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with critical DLP violations to a compliance officer's mailbox for examination.) - Sending a DLP violation notification message to the sender or other contacts, such as a manager or DLP compliance officer. Reference: https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/ b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010001.html


質問 # 157
Drag and drop the exploits from the left onto the type of security vulnerability on the right.

正解:

解説:

Explanation:


質問 # 158
What is a commonality between DMVPN and FlexVPN technologies?

  • A. IOS routers run the same NHRP code for DMVPN and FlexVPN
  • B. FlexVPN and DMVPN use the same hashing algorithms
  • C. FlexVPN and DMVPN use IS-IS routing protocol to communicate with spokes
  • D. FlexVPN and DMVPN use the new key management protocol

正解:A

解説:
In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.
In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.
Reference:
In its essence, FlexVPN is the same as DMVPN. Connections between devices are still point-to-point GRE tunnels, spoke-to-spoke connectivity is still achieved with NHRP redirect message, IOS routers even run the same NHRP code for both DMVPN and FlexVPN, which also means that both are Cisco's proprietary technologies.


質問 # 159
An organization has two systems in their DMZ that have an unencrypted link between them for communication.
The organization does not have a defined password policy and uses several default accounts on the systems.
The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?

  • A. lack of input validation
  • B. missing encryption
  • C. lack of file permission
  • D. weak passwords

正解:B

解説:
Reference: https://tools.ietf.org/html/rfc3954


質問 # 160
What is a functional difference between a cisco ASA and a cisco IOS router with Zone-based policy firewall?

  • A. The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot
  • B. The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added
  • C. The Cisco ASA can be configured for high availability whereas the Cisco IOS router with Zone-Based Policy Firewall cannot
  • D. The Cisco ASA denies all traffic by default whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.

正解:D


質問 # 161
Which Dos attack uses fragmented packets to crash a target machine?

  • A. teardrop
  • B. MITM
  • C. LAND
  • D. smurf

正解:A

解説:
ExplanationExplanationA teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a targetmachine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IPfragmentation reassembly, the packets overlap one another, crashing the target network device. This generally happens on older operating systems such as Windows 3.1x, Windows 95, Windows NT and versions of the Linux kernel prior to 2.1.63.


質問 # 162
How many interfaces per bridge group does an ASA bridge group deployment support?

  • A. up to 8
  • B. up to 16
  • C. up to 4
  • D. up to 2

正解:C

解説:
Explanation
Each of the ASAs interfaces need to be grouped into one or more bridge groups. Each of these groups acts as an independent transparent firewall. It is not possible for one bridge group to communicate with another bridge group without assistance from an external router.
As of 8.4(1) upto 8 bridge groups are supported with 2-4 interface in each group. Prior to this only one bridge group was supported and only 2 interfaces.
Up to 4 interfaces are permitted per bridge-group (inside, outside, DMZ1, DMZ2)


質問 # 163
How does a WCCP-configured router identify if the Cisco WSA is functional?

  • A. The WSA sends a Here-l-Am message every 10 seconds, and the router acknowledges with an ISee-You message.
  • B. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the router.
  • C. The router sends a Here-l-Am message every 10 seconds, and the WSA acknowledges with an ISee-You message.
  • D. If an ICMP ping fails three consecutive times between a router and the WSA, traffic is no longer transmitted to the WSA.

正解:A


質問 # 164
Which command is used to log all events to a destination colector 209.165.201.107?

  • A. CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10
  • B. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.
  • C. CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10
  • D. CiscoASA(config-pmap-c)#flow-export event-type flow-update destination 209.165.201.10

正解:A


質問 # 165
Refer to the exhibit.

What is a result of the configuration?

  • A. Traffic from the inside network is redirected
  • B. All TCP traffic is redirected
  • C. Traffic from the inside and DMZ networks is redirected
  • D. Traffic from the DMZ network is redirected

正解:C

解説:
The purpose of above commands is to redirect traffic that matches the ACL "redirect-acl" to the Cisco FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission. The command "service-policy global_policy global" applies the policy to all of the interfaces. Reference: https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configurefirepower-00.html FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission.
The command "service-policy global_policy global" applies the policy to all of the interfaces.
The purpose of above commands is to redirect traffic that matches the ACL "redirect-acl" to the Cisco FirePOWER (SFR) module in the inline (normal) mode. In this mode, after the undesired traffic is dropped and any other actions that are applied by policy are performed, the traffic is returned to the ASA for further processing and ultimate transmission. The command "service-policy global_policy global" applies the policy to all of the interfaces. Reference: https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configurefirepower-00.html


質問 # 166
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

  • A. user login suspicious behavior
  • B. file access from a different user
  • C. privilege escalation
  • D. interesting file access

正解:B


質問 # 167
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?

  • A. username <username> privilege 15 password <password>
  • B. service password-encryption
  • C. username < username> password <password>
  • D. service password-recovery

正解:B


質問 # 168
Refer to the exhibit.

What does the number 15 represent in this configuration?

  • A. number of possible failed attempts until the SNMPv3 user is locked out
  • B. access list that identifies the SNMP devices that can access the router
  • C. interval in seconds between SNMPv3 authentication attempts
  • D. privilege level for an authorized user to this router

正解:B

解説:
The syntax of this command is shown below:
snmp-server group [group-name {v1 | v2c | v3 [auth | noauth | priv]}] [read read-view] [write write-view] [notify notify-view] [access access-list] The command above restricts which IP source addresses are allowed to access SNMP functions on the router. You could restrict SNMP access by simply applying an interface ACL to block incoming SNMP packets that don't come from trusted servers. However, this would not be as effective as using the global SNMP commands shown in this recipe. Because you can apply this method once for the whole router, it is much simpler than applying ACLs to block SNMP on all interfaces separately. Also, using interface ACLs would block not only SNMP packets intended for this router, but also may stop SNMP packets that just happened to be passing through on their way to some other destination device.


質問 # 169
Which function is the primary function of Cisco AMP threat Grid?

  • A. automated email encryption
  • B. monitoring network traffic
  • C. automated malware analysis
  • D. applying a real-time URI blacklist

正解:C

解説:
Cisco AMP Threat Grid is a cloud-based or on-premises solution that provides advanced malware analysis and threat intelligence. It combines static and dynamic analysis techniques to examine the behavior of malware samples and correlate them with global and historical context. It also produces detailed reports, threat scores, and behavioral indicators that help security teams prioritize and respond to threats faster and more effectively12. References: 1: Cisco Secure Malware Analytics (Threat Grid) - Cisco 2: Products - Cisco Threat Grid Cloud Data Sheet - Cisco


質問 # 170
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)

  • A. Cisco FTDv configured in routed mode and IPv6 configured
  • B. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
  • C. Cisco FTDv with two management interfaces and one traffic interface configured
  • D. Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
  • E. Cisco FTDv with one management interface and two traffic interfaces configured

正解:B、D

解説:
Cisco FTDv in AWS can be deployed in two different deployment models: single-instance and cluster. In both models, the FTDv can be configured in routed mode and managed by either an FMCv installed in AWS or a physical FMC appliance on premises. The FTDv can also use Geneve encapsulation for traffic interfaces to support AWS Gateway Load Balancer (GWLB) integration. The following table summarizes the supported deployment model configurations for FTDv in AWS:
Table
Deployment Model
Management Mode
Traffic Mode
Geneve Encapsulation
Single-instance
FMCv in AWS
Routed
Optional
Single-instance
FMC on premises
Routed
Optional
Cluster
FMCv in AWS
Routed
Required
Cluster
FMC on premises
Routed
Required
References :=
* Deploy the Threat Defense Virtual on AWS - Cisco
* Deploy a Threat Defense Virtual Cluster on AWS - Cisco
* Configure Geneve Interfaces in Secure FTDv - Cisco
* Deployment of Cisco Secure FTDv and FMCv instances in AWS - Terraform
* Solved: FTD virtual appliance in AWS - Cisco Community


質問 # 171
......

認定問題集でCCNP Security 350-701ガイド100%有効な:https://jp.fast2test.com/350-701-premium-file.html

問題集であなたの350-701 Implementing and Operating Cisco Security Core Technologiesは100%一発でパス:https://drive.google.com/open?id=1Wo479xv2H5h6kWk8XscWP6a4q_S5UBGP


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어