350-701 PDFで合格させるスゴ問題集で350-701最新のリアル試験問題 [Q233-Q254]

Share

350-701 PDFで合格させるスゴ問題集で350-701最新のリアル試験問題

有効な350-701テスト解答350-701試験PDF問題を試そう


Cisco 350-701試験は、Cisco Security Technologiesの確固たる理解が必要な厳密な試験です。試験に合格したITの専門家は、Cisco Technologiesを使用してセキュリティソリューションを設計、実装、およびトラブルシューティングする能力を実証することができます。この認定は、Cisco Security Core Technologiesの実装と運営におけるIT専門家のスキルと知識を検証するため、雇用主によって高く評価されています。また、この認定は、ITの専門家に、職業へのコミットメントと、業界の最新のトレンドを最新の状態に保つ能力を示しているため、雇用市場の競争力を提供します。


Cisco 350-701試験は、Implementing and Operating Cisco Security Core Technologiesとしても知られており、候補者のコアセキュリティテクノロジーの実装と運用に関する知識とスキルを検証する認定試験です。この試験は、Cisco Certified Network Professional(CCNP)SecurityおよびCisco Certified Specialist-Security Core認定を取得するための要件の1つです。この試験は、ネットワークセキュリティ、クラウドセキュリティ、コンテンツセキュリティ、エンドポイント保護と検出、安全なネットワークアクセス、可視性、執行などのトピックに焦点を当てています。

 

質問 # 233
Under which two circumstances is a CoA issued? (Choose two.)

  • A. A new Identity Service Engine server is added to the deployment with the Administration personA.
  • B. A new Identity Source Sequence is created and referenced in the authentication policy.
  • C. A new authentication rule was added to the policy on the Policy Service node.
  • D. An endpoint is deleted on the Identity Service Engine server.
  • E. An endpoint is profiled for the first time.

正解:B、C


質問 # 234
What is the purpose of the My Devices Portal in a Cisco ISE environment?

  • A. to request a newly provisioned mobile device
  • B. to manage and deploy antivirus definitions and patches on systems owned by the end user
  • C. to provision userless and agentless systems
  • D. to register new laptops and mobile devices

正解:D

解説:
Reference:


質問 # 235
Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?

  • A. MAC authentication bypass
  • B. Simple Certificate Enrollment Protocol
  • C. Client provisioning
  • D. BYOD on boarding

正解:D

解説:
When supporting personal devices on a corporate network, you must protect network services and enterprise data by authenticating and authorizing users (employees, contractors, and guests) and their devices. Cisco ISE provides the tools you need to allow employees to securely use personal devices on a corporate network.
Guests can add their personal devices to the network by running the native supplicant provisioning (Network Setup Assistant), or by adding their devices to the My Devices portal.
Because native supplicant profiles are not available for all devices, users can use the My Devices portal to add these devices manually; or you can configure Bring Your Own Device (BYOD) rules to register these devices.
When supporting personal devices on a corporate network, you must protect network services and enterprise data by authenticating and authorizing users (employees, contractors, and guests) and their devices. Cisco ISE provides the tools you need to allow employees to securely use personal devices on a corporate network.
Guests can add their personal devices to the network by running the native supplicant provisioning (Network Setup Assistant), or by adding their devices to the My Devices portal.
Because native supplicant profiles are not available for all devices, users can use the My Devices portal to add these devices manually; or you can configure Bring Your Own Device (BYOD) rules to register these devices.
Reference:
m_ise_devices_byod.html
When supporting personal devices on a corporate network, you must protect network services and enterprise data by authenticating and authorizing users (employees, contractors, and guests) and their devices. Cisco ISE provides the tools you need to allow employees to securely use personal devices on a corporate network.
Guests can add their personal devices to the network by running the native supplicant provisioning (Network Setup Assistant), or by adding their devices to the My Devices portal.
Because native supplicant profiles are not available for all devices, users can use the My Devices portal to add these devices manually; or you can configure Bring Your Own Device (BYOD) rules to register these devices.
m_ise_devices_byod.html


質問 # 236
Drag and drop the common security threats from the left onto the definitions on the right.

正解:

解説:


質問 # 237
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?

  • A. RAT
  • B. SAT
  • C. HAT
  • D. BAT

正解:A


質問 # 238
An organization configures Cisco Umbrella to be used for its DNS services. The organization must be able to block traffic based on the subnet that the endpoint is on but it sees only the requests from its public IP address instead of each internal IP address. What must be done to resolve this issue?

  • A. Set up a Cisco Umbrella virtual appliance to internally field the requests and see the traffic of each IP address
  • B. Use the tenant control features to identify each subnet being used and track the connections within the Cisco Umbrella dashboard
  • C. Install the Microsoft Active Directory Connector to give IP address information stitched to the requests in the Cisco Umbrella dashboard
  • D. Configure an internal domain within Cisco Umbrella to help identify each address and create policy from the domains

正解:D


質問 # 239
What is a function of 3DES in reference to cryptography?

  • A. It creates one-time use passwords.
  • B. It hashes files.
  • C. It generates private keys.
  • D. It encrypts traffic.

正解:D


質問 # 240
With which components does a southbound API within a software-defined network architecture communicate?

  • A. devices such as routers and switches
  • B. applications
  • C. appliances
  • D. controllers within the network

正解:A

解説:

The Southbound API is used to communicate between Controllers and network devices.


質問 # 241
How many interfaces per bridge group does an ASA bridge group deployment support?

  • A. up to 8
  • B. up to 4
  • C. up to 2
  • D. up to 16

正解:B

解説:
ExplanationEach of the ASAs interfaces need to be grouped into one or more bridge groups. Each of these groups acts as an independent transparent firewall. It is not possible for one bridge group to communicate with another bridge group without assistance from an external router.As of 8.4(1) upto 8 bridge groups are supported with 2-4 interface in each group. Prior to this only one bridge group was supported and only 2 interfaces.Up to 4 interfaces are permitted per bridge-group (inside, outside, DMZ1, DMZ2)


質問 # 242
What is the purpose of the Cisco Endpoint IoC feature?

  • A. It is an incident response tool.
  • B. It is a signature-based engine.
  • C. It provides precompromise detection.
  • D. It provides stealth threat prevention.

正解:A

解説:
The Cisco Endpoint IoC feature is a powerful incident response tool for scanning of post-compromise indicators across multiple computers. Endpoint IoCs are imported through the console from OpenIOC-based files written to trigger on file properties such as name, size, hash, and other attributes and system properties such as process information, running services, and Windows Registry entries. The IoC syntax can be used by incident responders to find specific artifacts or use logic to create sophisticated, correlated detections for families of malware. Endpoint IoCs have the advantage of being portable to share within your organization or in industry vertical forums and mailing lists. The Endpoint IoC scanner is available in AMP for Endpoints Windows Connector versions 4 and higher. Running Endpoint IoC scans may require up to 1 GB of free drive space. The Endpoint IoC feature is based on the openioc.com framework, which is an open standard for sharing threat intelligence. References:
* Cisco Endpoint IOC Attributes, User Guide
* What Are Indicators of Compromise (IOC)? - Cisco, Security Indicators of Compromise
* General questions about AMP - Cisco Community, Post by Cisco Employee Reference: https://docs.amp.cisco.com/Cisco%20Endpoint%20IOC%20Attributes.pdf The Endpoint Indication of Compromise (IOC) feature is a powerful incident response tool for scanning of post-compromise indicators across multiple computers.


質問 # 243
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.

正解:

解説:


質問 # 244
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

  • A. Network Discovery
  • B. Access Control
  • C. Intrusion
  • D. Correlation

正解:A

解説:
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.
You can configure your network discovery policy to perform host and application detection.
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.
You can configure your network discovery policy to perform host and application detection.
Reference:
The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.
You can configure your network discovery policy to perform host and application detection.


質問 # 245
What is the function of Cisco Cloudlock for data security?

  • A. controls malicious cloud apps
  • B. data loss prevention
  • C. user and entity behavior analytics
  • D. detects anomalies

正解:B

解説:
The function of Cisco Cloudlock for data security is data loss prevention (DLP). Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cloudlock's simple, open, and automated approach uses APIs to manage the risks in your cloud app ecosystem1. One of the key features of Cloudlock is its DLP technology, which continuously monitors cloud environments to detect and secure sensitive information. It provides countless out-of-the-box policies as well as highly tunable custom policies. You can use Cloudlock's DLP to prevent data breaches, comply with regulations, and enforce data governance across SaaS, PaaS, and IaaS platforms2. References: 1: Cisco Cloudlock - Cisco2: Cloudlock: Cloud User Security - Cisco Umbrella.


質問 # 246
Refer to the exhibit.

What will happen when the Python script is executed?

  • A. The hostname will be translated to an IP address and printed.
  • B. The script will translate the IP address to FODN and print it
  • C. The script will pull all computer hostnames and print them.
  • D. The hostname will be printed for the client in the client ID field.

正解:C


質問 # 247
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?

  • A. retrospective detection
  • B. elastic search
  • C. file trajectory
  • D. indication of compromise

正解:A

解説:
Retrospective detection is a feature of Cisco Advanced Malware Protection (AMP) for Endpoints that performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches.
Retrospective detection allows AMP to continuously analyze file activity across the network and identify malicious behavior that was previously undetected. Retrospective detection can also trigger alerts and remediation actions when a file's disposition changes from clean to malicious12. References: 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 4: Endpoint Protection and Detection, Lesson 4.1: Cisco AMP for Endpoints Overview, Topic 4.1.3: Retrospective Detection 2: Cisco AMP for Endpoints User Guide, Chapter: Retrospective Detection, URL: 3


質問 # 248
In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)

  • A. It secures all passwords that are shared in video conferences.
  • B. It prevents use of compromised accounts and social engineering.
  • C. It prevents all zero-day attacks coming from the Internet.
  • D. It prevents trojan horse malware using sensors.
  • E. It automatically removes malicious emails from users' inbox.

正解:C、E


質問 # 249
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?

  • A. The file has a reputation score that is above the threshold
  • B. The file has a reputation score that is below the threshold
  • C. The policy was created to send a message to quarantine instead of drop
  • D. The policy was created to disable file analysis

正解:D

解説:
Explanation
Maybe the "newly installed service" in this Qmentions about Advanced Malware Protection (AMP) which can be used along with ESA. AMP allows superior protection across the attack continuum.
+ File Reputation - captures a fingerprint of each file as it traverses the ESA and sends it to AMP's cloudbased intelligence network for a reputation verdict. Given these results, you can automatically block malicious files and apply administrator-defined policy.
+ File Analysis - provides the ability to analyze unknown files that are traversing the ESA. A highly secure sandbox environment enables AMP to glean precise details about the file's behavior and to combine that data with detailed human and machine analysis to determine the file's threat level. This disposition is then fed into AMP cloud-based intelligence network and used to dynamically update and expand the AMP cloud data set for enhanced protection


質問 # 250
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements?

  • A. Cisco Stealthwatch Cloud PNM
  • B. Cisco Umbrella On-Premises
  • C. Cisco Umbrella Cloud
  • D. Cisco Stealthwatch Cloud PCM

正解:A

解説:
Private Network Monitoring (PNM) provides visibility and threat detection for the on-premises network, delivered from the cloud as a SaaS solution. It is the perfect solution for organizations who prefer SaaS products and desire better awareness and security in their on-premises environments while reducing capital expenditure and operational overhead. It works by deploying lightweight software in a virtual machine or server that can consume a variety of native sources of telemetry or extract metadata from network packet flow. It encrypts this metadata and sends it to the Stealthwatch Cloud analytics platform for analysis. Stealthwatch Cloud consumes metadata only. The packet payloads are never retained or transferred outside the network. This lab focuses on how to configure a Stealthwatch Cloud Private Network Monitoring (PNM) Sensor, in order to provide visibility and effectively identify active threats, and monitors user and device behavior within onpremises networks. The Stealthwatch Cloud PNM Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems. Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf operational overhead. It works by deploying lightweight software in a virtual machine or server that can consume a variety of native sources of telemetry or extract metadata from network packet flow. It encrypts this metadata and sends it to the Stealthwatch Cloud analytics platform for analysis. Stealthwatch Cloud consumes metadata only. The packet payloads are never retained or transferred outside the network.
This lab focuses on how to configure a Stealthwatch Cloud Private Network Monitoring (PNM) Sensor, in order to provide visibility and effectively identify active threats, and monitors user and device behavior within onpremises networks.
The Stealthwatch Cloud PNM Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems.
Private Network Monitoring (PNM) provides visibility and threat detection for the on-premises network, delivered from the cloud as a SaaS solution. It is the perfect solution for organizations who prefer SaaS products and desire better awareness and security in their on-premises environments while reducing capital expenditure and operational overhead. It works by deploying lightweight software in a virtual machine or server that can consume a variety of native sources of telemetry or extract metadata from network packet flow. It encrypts this metadata and sends it to the Stealthwatch Cloud analytics platform for analysis. Stealthwatch Cloud consumes metadata only. The packet payloads are never retained or transferred outside the network. This lab focuses on how to configure a Stealthwatch Cloud Private Network Monitoring (PNM) Sensor, in order to provide visibility and effectively identify active threats, and monitors user and device behavior within onpremises networks. The Stealthwatch Cloud PNM Sensor is an extremely flexible piece of technology, capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete Ubuntu based virtual appliance on different hypervisors (e.g. -VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems. Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf


質問 # 251

Refer to the exhibit. What does the number 15 represent in this configuration?

  • A. privilege level for an authorized user to this router
  • B. number of possible failed attempts until the SNMPv3 user is locked out
  • C. access list that identifies the SNMP devices that can access the router
  • D. interval in seconds between SNMPv3 authentication attempts

正解:C


質問 # 252
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

  • A. syslog
  • B. model-driven telemetry
  • C. SNMP
  • D. SMTP

正解:B

解説:
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data. Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.
Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics.
Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming.


質問 # 253
What does endpoint isolation in Cisco AMP for Endpoints security protect from?

  • A. a malware spreading across the user device
  • B. a malware spreading across the LDAP or Active Directory domain from a user account
  • C. an infection spreading across the network E
  • D. an infection spreading across the LDAP or Active Directory domain from a user account

正解:D

解説:
https://community.cisco.com/t5/endpoint-security/amp-endpoint-isolation/td-p/4086674#:~:text=Isolating%20an%20endpoint%20blocks%20all,your%20IP%20isolation%20allow%20list


質問 # 254
......

350-701問題集はあなたの合格を必ず保証します:https://jp.fast2test.com/350-701-premium-file.html

350-701テスト問題集とオンライン試験エンジン:https://drive.google.com/open?id=1zI5lw8_dlJqqneZ_1mvk4I-Xu1fk9zND


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어