350-701試験問題集でPDF問題とテストエンジン [Q371-Q396]

Share

350-701試験問題集でPDF問題とテストエンジン

350-701問題集で必ず試験合格させる


シスコ350-701試験は、Ciscoセキュリティコアテクノロジーの実装と運用に関する知識とスキルを証明したいネットワークセキュリティ専門家向けの認定試験です。この試験は、Cisco Certified Network Professional Security(CCNP Security)認定プログラムの一部であり、Ciscoテクノロジーを使用したセキュリティソリューションの実装における候補者の熟練度を検証します。試験は、候補者のネットワークセキュリティのコンセプト、ネットワークインフラストラクチャ、暗号化、VPN、SIEM、およびエンドポイントセキュリティの理解を検証します。


Cisco 350-701試験は120分の試験で、90〜110の問題から成り立っています。試験はコンピュータベースで、世界中のPearson VUEテストセンターで受験できます。試験問題は選択式形式で、合格点は通常70%ほどです。試験費用は国や通貨によって異なりますが、一般的には400〜500ドルです。

 

質問 # 371
What is a difference between an XSS attack and an SQL injection attack?

  • A. SQL injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal data from them
  • B. SQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist in many different types of applications
  • C. XSS attacks are used to steal information from databases whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them
  • D. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications

正解:A

解説:
In XSS, an attacker will try to inject his malicious code (usually malicious links) into a database. When other users follow his links, their web browsers are redirected to websites where attackers can steal data from them.
In a SQL Injection, an attacker will try to inject SQL code (via his browser) into forms, cookies, or HTTP headers that do not use data sanitizing or validation methods of GET/POST parameters.


質問 # 372
What is a feature of NetFlow Secure Event Logging?

  • A. It filters NSEL events based on the traffic and event type through RSVP.
  • B. It supports v5 and v8 templates.
  • C. It exports only records that indicate significant events in a flow.
  • D. It delivers data records to NSEL collectors through NetFlow over TCP only.

正解:C

解説:
NetFlow Secure Event Logging (NSEL) is a security logging mechanism that is built on NetFlow Version 9 technology. It provides a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow, such as flow-create, flow-teardown, and flow-denied. NSEL events are triggered by the event that caused the state change in the flow. This reduces the amount of data that is exported and provides more relevant information for security analysis. NSEL also supports periodic flow-update events, which provide byte counters over the duration of the flow. These events are usually time-driven, but may also be triggered by state changes in the flow. NSEL uses templates to describe the format of the data records that are exported through NetFlow. Each event has several record formats or templates associated with it. NSEL delivers templates and data records to configured NSEL collectors through NetFlow over UDP only. NSEL also allows filtering of NSEL events based on the traffic and event type through Modular Policy Framework, and then sends records to different collectors. The supported event types are flow-create, flow-denied, flow-teardown, flow-update, and all. References := Some possible references are:
* NetFlow Secure Event Logging (NSEL) - Cisco
* NetFlow Secure Event Logging (NSEL) - Cisco
* Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 (source book)


質問 # 373
What is managed by Cisco Security Manager?

  • A. ESA
  • B. WSA
  • C. ASA
  • D. access point

正解:C

解説:
Explanation Explanation Cisco Security Manager provides a comprehensive management solution for: - Cisco ASA 5500 Series Adaptive Security Appliances - Cisco intrusion prevention systems 4200 and 4500 Series Sensors - Cisco AnyConnect Secure Mobility Client Reference: https://www.cisco.com/c/en/us/products/security/security-manager/index.html Explanation Cisco Security Manager provides a comprehensive management solution for:
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco intrusion prevention systems 4200 and 4500 Series Sensors
- Cisco AnyConnect Secure Mobility Client
Explanation Explanation Cisco Security Manager provides a comprehensive management solution for: - Cisco ASA 5500 Series Adaptive Security Appliances - Cisco intrusion prevention systems 4200 and 4500 Series Sensors - Cisco AnyConnect Secure Mobility Client Reference: https://www.cisco.com/c/en/us/products/security/security-manager/index.html


質問 # 374
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

  • A. Modify outbound malware scanning policies
  • B. Modify identification profiles.
  • C. Modify an access policy.
  • D. Modify web proxy settings

正解:A

解説:
Explanation


質問 # 375
Which two protocols must be configured to authenticate end users to the Web Security Appliance? (Choose two.)

  • A. Kerberos
  • B. TACACS+
  • C. NTLMSSP
  • D. RADIUS
  • E. CHAP

正解:A、C

解説:
The Web Security Appliance (WSA) supports different authentication protocols and schemes to acquire end-user credentials. The most common protocols are NTLMSSP and Kerberos, which are both supported by Active Directory realms. NTLMSSP is a challenge-response authentication protocol that uses a hash of the user's password to authenticate. Kerberos is a ticket-based authentication protocol that uses a trusted third-party (the Key Distribution Center) to issue tickets to the user and the service. Both protocols are more secure and widely supported than Basic authentication, which sends the user's credentials in clear text. CHAP, TACACS+, and RADIUS are not supported by the WSA for end-user authentication, although they can be used for external authentication of administrators or for credential encryption. References: 1, 2, 3
https://www.cisco.com/c/en/us/products/collateral/security/web-security-appliance/guide-c07-742373.html
https://frontegg.com/blog/authentication


質問 # 376
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?

  • A. Cisco Dynamic
  • B. Cisco anyconnect
  • C. Cisco AMP
  • D. Cisco Talos

正解:D


質問 # 377
Drag and drop the posture assessment flow actions from the left into a sequence on the right.

正解:

解説:


質問 # 378
Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

  • A. Mandatory
  • B. Audit
  • C. Optional
  • D. Visibility

正解:A

解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_client_posture_policies.html#:~:text=Policy%20Requirement%20Types-,Mandatory%20Requirements,the%20requirements%20within%20the%20time%20specified%20in%20the%20remediation%20timer%20settings.,-For%20example%2C%20you Mandatory Requirements During policy evaluation, the agent provides remediation options to clients who fail to meet the mandatory requirements defined in the posture policy. End users must remediate to meet the requirements within the time specified in the remediation timer settings


質問 # 379
Drag and drop the threats from the left onto examples of that threat on the right

正解:

解説:


質問 # 380
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

  • A. Network Discovery
  • B. Correlation
  • C. Intrusion
  • D. Access Control

正解:A

解説:
Explanation The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible. You can configure your network discovery policy to perform host and application detection. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide-v64/introduction_to_network_discovery_and_identity.html The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.
You can configure your network discovery policy to perform host and application detection.
Explanation The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible. You can configure your network discovery policy to perform host and application detection. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-configguide-v64/introduction_to_network_discovery_and_identity.html


質問 # 381
Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

  • A. consumption
  • B. authoring
  • C. sharing
  • D. deployment

正解:A

解説:
Cisco SensorBase gathers threat information from a variety of Cisco products and services, such as Cisco IPS, Cisco ASA, Cisco IronPort, Cisco Umbrella, and Cisco Talos, and performs analytics to find patterns on threats. This process is called consumption, which is one of the four phases of the Cisco Security Intelligence Operations (SIO) framework. The consumption phase involves collecting, aggregating, and analyzing threat data from multiple sources and providing actionable intelligence and tools to customers and partners. The consumption phase also leverages the Cisco SensorBase Network, which is the world's largest threat monitoring network that tracks millions of domains and IP addresses around the world and maintains a global watch list for Internet traffic. SensorBase provides Cisco with an assessment of reliability for known Internet domains and IP addresses, based on their reputation score, category, volume, and threat level. SensorBase also provides threat data overviews, such as the top email and spam senders by country, and the standard categories used to classify website content and attack types1234. References := 1: How Cisco's SensorBase works | Network World 2: What is Cisco SensorBase? - networklore.com 3: User Guide for AsyncOS 15.0 for Cisco Secure Web Appliance - GD ... 4: Cisco Security Intelligence Operations At-A-Glance


質問 # 382
Drag and drop the threats from the left onto examples of that threat on the right

正解:

解説:

Explanation:

ExplanationA data breach is the intentional or unintentional release of secure or private/confidential information to anuntrusted environment.When your credentials have been compromised, it means someone other than you may be in possession of your account information, such as your username and/or password.


質問 # 383
A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue?

  • A. An access list entry for UDP port 123 on the inside interface is missing.
  • B. NTP is not configured to use a working server.
  • C. Resynchronization of NTP is not forced
  • D. An access list entry for UDP port 123 on the outside interface is missing.

正解:B

解説:
NTP uses UDP port 123 to communicate with its servers and peers. If the Cisco ASA has IP reachability to the NTP server and is not filtering any traffic, then the most likely cause of the unsynchronized state and the stratum of 16 is that the NTP server is not working properly or is not configured to provide NTP service. A stratum of 16 means that the NTP server is unreachable or is not considered a viable candidate1. The value.INIT. in the refid column indicates that NTP is initializing, and the server has not yet been reached1. To resolve this issue, the network engineer should verify the status and configuration of the NTP server, and use a different server if needed. Alternatively, the network engineer can use the ntp server command with the prefer keyword to specify a preferred NTP server, or use the ntp update-calendar command to force a resynchronization of NTP2. References:
* 1: NTP server is unsynchronized or unreachable, a Wireshark perspective.
* 2: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Network Security, Lesson 1.3: Configuring Network Time Protocol.


質問 # 384
Drag and drop the descriptions from the left onto the encryption algorithms on the right.

正解:

解説:


質問 # 385
Refer to the exhibit. All servers are in the same VLAN/Subnet. DNS Server-1 and DNS Server-2 must communicate with each other, and communicate with default gateway multilayer switch. Which type of private VLAN ports should be configured to prevent communication and the file server?

  • A. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet...OA ports.
  • B. Configure GigabitEthernet0/1 as community port, GigabitEthernet0/2 as promiscuous port, GigabitEthernet0/3 and GigabitEthernet...0/
  • C. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as community port, and GigabitEthernet0/3 and GigabitEthen... ports.
  • D. Configure GigabitEthernet0/1 as promiscuous port, GigabitEthernet0/2 as isolated port, and GigabitEthernet0/3 and GigabitEthernet... ports.

正解:C


質問 # 386
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?

  • A. Cloudlock
  • B. Cisco ISE
  • C. Web Security Appliance
  • D. Security Manager

正解:A

解説:
ExplanationCisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.


質問 # 387
A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?

  • A. set the password to be used for SNMPv3 authentication
  • B. map SNMPv3 users to SNMP views
  • C. specify the UDP port used by SNMP
  • D. define the encryption algorithm to be used by SNMPv3

正解:A


質問 # 388
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

  • A. Cisco NGFW
  • B. Cisco AnyConnect
  • C. Cisco AMP for Endpoints
  • D. Cisco Duo

正解:D


質問 # 389
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

  • A. Cisco Umbrella
  • B. Cisco Firepower
  • C. ISE
  • D. AMP

正解:A

解説:
Explanation
Explanation
Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations - before a connection is ever made. Thus it can protect from phishing attacks by blocking suspicious domains when users click on the given links that an attacker sent.


質問 # 390
Which risk is created when using an Internet browser to access cloud-based service?

  • A. intermittent connection to the cloud connectors
  • B. insecure implementation of API
  • C. misconfiguration of Infra, which allows unauthorized access
  • D. vulnerabilities within protocol

正解:D


質問 # 391
Which two criteria must a certificate meet before the WSA uses it to decrypt application traffic? (Choose two.)

  • A. it must contain a SAN.
  • B. It must reside in the trusted store of the endpoint.
  • C. It must include the current date.
  • D. It must have been signed by an internal CA.
  • E. It must reside in the trusted store of the WSA.

正解:A、E

解説:
The WSA uses a root certificate and a private key to decrypt HTTPS traffic. The root certificate must reside in the trusted store of the WSA, and it must be able to sign server certificates on the fly. The server certificates that the WSA generates must contain a SAN (Subject Alternative Name) field, which specifies the hostnames or IP addresses that the certificate is valid for. The SAN field is required by modern browsers and applications to verify the identity of the server. If the WSA does not include a SAN field in the server certificate, the browser or application may reject the connection or display a warning message.
The other options are not correct because:
* A. The current date is not a criterion for the WSA to use a certificate to decrypt application traffic. The WSA checks the validity period of the certificate, which includes the start date and the end date. The current date must be within the validity period, but it does not have to be the same as the start date or the end date.
* C. The root certificate that the WSA uses to decrypt HTTPS traffic does not have to reside in the trusted store of the endpoint. However, the endpoint must trust the root certificate in order to accept the server certificate that the WSA generates. This can be achieved by manually installing the root certificate on the endpoint, or by using a group policy or a certificate management system to distribute the root certificate to the endpoints.
* D. The root certificate that the WSA uses to decrypt HTTPS traffic does not have to be signed by an internal CA. The WSA can generate its own self-signed root certificate, or it can use a root certificate that is signed by an external CA. However, the root certificate must be trusted by the endpoints, as explained in option C.
References := : WSA Certificate Usage for HTTPS Decryption : [User Guide for AsyncOS 12.0 for Cisco Web Security Appliances - GD (General Deployment) - Create Decryption Policies to Control HTTPS Traffic]


質問 # 392
What is the purpose of CA in a PKI?

  • A. To certify the ownership of a public key by the named subject
  • B. To create the private key for a digital certificate
  • C. To issue and revoke digital certificates
  • D. To validate the authenticity of a digital certificate

正解:C

解説:
A trusted CA is the only entity that can issue trusted digital certificates. This is extremely important because while PKI manages more of the encryption side of these certificates, authentication is vital to understanding which entities own what keys. Without a trusted CA, anyone can issue their own keys, authentication goes out the window and chaos ensues.
A trusted CA is the only entity that can issue trusted digital certificates. This is extremely important because while PKI manages more of the encryption side of these certificates, authentication is vital to understanding which entities own what keys. Without a trusted CA, anyone can issue their own keys, authentication goes out the window and chaos ensues.
Reference:
A trusted CA is the only entity that can issue trusted digital certificates. This is extremely important because while PKI manages more of the encryption side of these certificates, authentication is vital to understanding which entities own what keys. Without a trusted CA, anyone can issue their own keys, authentication goes out the window and chaos ensues.


質問 # 393
What must be used to share data between multiple security products?

  • A. Cisco Advanced Malware Protection
  • B. Cisco Platform Exchange Grid
  • C. Cisco Rapid Threat Containment
  • D. Cisco Stealthwatch Cloud

正解:B


質問 # 394
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

  • A. data exfiltration
  • B. intelligent proxy
  • C. URL categorization
  • D. snort
  • E. command and control communication

正解:A、E

解説:
Cisco Cognitive Threat Analytics helps you quickly detect and respond to sophisticated, clandestine attacks that are already under way or are attempting to establish a presence within your environment. The solution automatically identifies and investigates suspicious or malicious web-based traffic. It identifies both potential and confirmed threats, allowing you to quickly remediate the infection and reduce the scope and damage of an attack, whether it's a known threat campaign that has spread across multiple organizations or a unique threat you've never seen before. Detection and analytics features provided in Cognitive Threat Analytics are shown below: + Data exfiltration: Cognitive Threat Analytics uses statistical modeling of an organization's network to identify anomalous web traffic and pinpoint the exfiltration of sensitive data. It recognizes data exfiltration even in HTTPS-encoded traffic, without any need for you to decrypt transferred content + Command-and-control (C2) communication: Cognitive Threat Analytics combines a wide range of data, ranging from statistics collected on an Internet-wide level to host-specific local anomaly scores. Combining these indicators inside the statistical detection algorithms allows us to distinguish C2 communication from benign traffic and from other malicious activities. Cognitive Threat Analytics recognizes C2 even in HTTPSencoded or anonymous traffic, including Tor, without any need to decrypt transferred content, detecting a broad range of threats ... Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-aglance-c45-736555.pdf Detection and analytics features provided in Cognitive Threat Analytics are shown below:
+ Data exfiltration: Cognitive Threat Analytics uses statistical modeling of an organization's network to identify anomalous web traffic and pinpoint the exfiltration of sensitive data. It recognizes data exfiltration even in HTTPS-encoded traffic, without any need for you to decrypt transferred content
+ Command-and-control (C2) communication: Cognitive Threat Analytics combines a wide range of data, ranging from statistics collected on an Internet-wide level to host-specific local anomaly scores. Combining these indicators inside the statistical detection algorithms allows us to distinguish C2 communication from benign traffic and from other malicious activities. Cognitive Threat Analytics recognizes C2 even in HTTPSencoded or anonymous traffic, including Tor, without any need to decrypt transferred content, detecting a broad range of threats
...
Cisco Cognitive Threat Analytics helps you quickly detect and respond to sophisticated, clandestine attacks that are already under way or are attempting to establish a presence within your environment. The solution automatically identifies and investigates suspicious or malicious web-based traffic. It identifies both potential and confirmed threats, allowing you to quickly remediate the infection and reduce the scope and damage of an attack, whether it's a known threat campaign that has spread across multiple organizations or a unique threat you've never seen before. Detection and analytics features provided in Cognitive Threat Analytics are shown below: + Data exfiltration: Cognitive Threat Analytics uses statistical modeling of an organization's network to identify anomalous web traffic and pinpoint the exfiltration of sensitive data. It recognizes data exfiltration even in HTTPS-encoded traffic, without any need for you to decrypt transferred content + Command-and-control (C2) communication: Cognitive Threat Analytics combines a wide range of data, ranging from statistics collected on an Internet-wide level to host-specific local anomaly scores. Combining these indicators inside the statistical detection algorithms allows us to distinguish C2 communication from benign traffic and from other malicious activities. Cognitive Threat Analytics recognizes C2 even in HTTPSencoded or anonymous traffic, including Tor, without any need to decrypt transferred content, detecting a broad range of threats ... Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-aglance-c45-736555.pdf


質問 # 395
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

正解:

解説:

Explanation:
Graphical user interface, text, application Description automatically generated


質問 # 396
......


Cisco 350-701試験に合格した候補者は、Ciscoセキュリティテクノロジーの実装と運用に関する知識とスキルを実証することができます。ネットワークセキュリティソリューションを構成および管理し、さまざまなセキュリティテクノロジーを使用して脅威から保護し、セキュリティの問題をトラブルシューティングすることができます。また、さまざまなツールやテクノロジーを使用して、セキュリティの自動化とプログラム性を実装することもできます。試験に合格すると、候補者がITセキュリティの分野でキャリアを前進させ、潜在的な雇用主に専門知識を実証するのに役立ちます。

 

合格させるCisco 350-701試験最速合格にはFast2test:https://jp.fast2test.com/350-701-premium-file.html

350-701試験問題(更新されたのは2025年)100%リアル問題解答:https://drive.google.com/open?id=1DaRuGygIhRd3Z4slTxsz-yDnSKgt04Q8


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어