Question 166
Selectable Answer
What are two Trojan malware attacks? (Choose two)
Answer:
Free Demo Questions
Test Online Free Cisco 350-701 Exam Questions and Answers
Practice a live sample before buying full access. This page keeps the free 350-701 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.
Page 12 of 15
Question 167
Written Answer
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella Roaming Client?
The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.
The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity
AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.
AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.
The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for Endpoints tracks only URL-based threats.
The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity
AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity.
AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.
Answer: B
Question 168
Selectable Answer
Which service allows a user export application usage and performance statistics with Cisco Application Visibility
and control?
and control?
Answer:
Explanation:
Application Visibility and control (AVC) supports NetFlow to export application usage and performance
statistics. This data can be used for analytics, billing, and security policies.
Explanation:
Application Visibility and control (AVC) supports NetFlow to export application usage and performance
statistics. This data can be used for analytics, billing, and security policies.
Question 169
Selectable Answer
Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?
Answer:
Explanation:
DTLS is used for delay sensitive applications (voice and video) as its UDP based while TLS is TCP based.Therefore DTLS offers strongest throughput performance. The throughput of DTLS at the time of AnyConnect connection can be expected to have processing performance close to VPN throughput.
Explanation:
DTLS is used for delay sensitive applications (voice and video) as its UDP based while TLS is TCP based.Therefore DTLS offers strongest throughput performance. The throughput of DTLS at the time of AnyConnect connection can be expected to have processing performance close to VPN throughput.
Question 170
Selectable Answer
A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. which reputation score should be selected to accomplish
this goal?
this goal?
Answer:
Question 171
Selectable Answer
How does Cisco Umbrella protect clients when they operate outside of the corporate network?
Answer:
Question 172
Selectable Answer
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inlineposture node?
Answer:
Question 173
Selectable Answer
How does DNS Tunneling exfiltrate data?
Answer:
Question 174
Selectable Answer
When a Cisco WSA checks a web request, what occurs if it is unable to match a user-defined policy?
Answer:
Question 175
Selectable Answer
Refer to the exhibit.
Consider that any feature of DNS requests, such as the length off the domain name
and the number of subdomains, can be used to construct models of expected behavior to which
observed values can be compared.
Which type of malicious attack are these values associated with?
Consider that any feature of DNS requests, such as the length off the domain name
and the number of subdomains, can be used to construct models of expected behavior to which
observed values can be compared.
Which type of malicious attack are these values associated with?
Answer:
Question 176
Written Answer
What does endpoint isolation in Cisco AMP for Endpoints security protect from?
an infection spreading across the network E
a malware spreading across the user device
an infection spreading across the LDAP or Active Directory domain from a user account
a malware spreading across the LDAP or Active Directory domain from a user account
an infection spreading across the network E
a malware spreading across the user device
an infection spreading across the LDAP or Active Directory domain from a user account
a malware spreading across the LDAP or Active Directory domain from a user account
Answer: C
Explanation:
https://community.cisco.com/t5/endpoint-security/amp-endpoint-isolation/td-p/4086674#:~:text=Isolating%20an%20endpoint%20blocks%20all,your%20IP%20isolation%20allow%20list
Explanation:
https://community.cisco.com/t5/endpoint-security/amp-endpoint-isolation/td-p/4086674#:~:text=Isolating%20an%20endpoint%20blocks%20all,your%20IP%20isolation%20allow%20list
Question 177
Selectable Answer
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quicklyidentifying all valid recipients.
What must be done on the Cisco ESA to accomplish this goal?
What must be done on the Cisco ESA to accomplish this goal?
Answer:
Explanation:
A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different
permutations of common username. Its easy for attackers to get hold of a valid email address if your
organization uses standard format for official e-mail alias (for example: [email protected]). We can
configure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.
Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here’s an LDAP search translated into plain English: “Search for all people located in Chicago who’s name contains “Fred” that have an email address. Please return their full name, email, title, and description.
Explanation:
A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different
permutations of common username. Its easy for attackers to get hold of a valid email address if your
organization uses standard format for official e-mail alias (for example: [email protected]). We can
configure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.
Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here’s an LDAP search translated into plain English: “Search for all people located in Chicago who’s name contains “Fred” that have an email address. Please return their full name, email, title, and description.
Question 178
Selectable Answer
Which CoA response code is sent if an authorization state is changed successfully on a Cisco IOS device?
Answer:
Question 179
Selectable Answer
Refer to the exhibit. When creating an access rule for URL filtering, a network engineer adds certain categories and individual URLs to block.
What is the result of the configuration?
What is the result of the configuration?
Answer:
Question 180
Selectable Answer
When Cisco and other industry organizations publish and inform users of known security findings andvulnerabilities, which name is used?
Answer:
Explanation:
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures (CVE).
CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and
Communications at the U.S. Department of Homeland Security.
The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security
services.
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Explanation:
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures (CVE).
CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and
Communications at the U.S. Department of Homeland Security.
The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security
services.
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Showing page 12 of 15