• Home
  • Articles
  • 2021 350-701 Premium Files Test pdf - Free Dumps Collection [Q93-Q114]

2021 350-701 Premium Files Test pdf - Free Dumps Collection [Q93-Q114]

Share

2021 350-701 Premium Files Test pdf - Free Dumps Collection

 Get ready to pass the 350-701 Exam right now using our CCNP Security  Exam Package

NEW QUESTION 93
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

  • A. SafeSearch
  • B. File Analysis
  • C. Destination Lists
  • D. SSL Decryption

Answer: D

Explanation:
SSL Decryption is an important part of the Umbrella Intelligent Proxy. he feature allows the Intelligent Proxy to go beyond simply inspecting normal URLs and actually proxy and inspect traffic that's sent over HTTPS. The SSL Decryption feature does require the root certificate be installed.
SSL Decryption is an important part of the Umbrella Intelligent Proxy. he feature allows the Intelligent Proxy to go beyond simply inspecting normal URLs and actually proxy and inspect traffic that's sent over HTTPS. The SSL Decryption feature does require the root certificate be installed.
Reference:
SSL Decryption is an important part of the Umbrella Intelligent Proxy. he feature allows the Intelligent Proxy to go beyond simply inspecting normal URLs and actually proxy and inspect traffic that's sent over HTTPS. The SSL Decryption feature does require the root certificate be installed.

 

NEW QUESTION 94
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

  • A. Cisco App Dynamics
  • B. Cisco AMP
  • C. Cisco Cloudlock
  • D. Cisco Umbrella

Answer: C

Explanation:
Explanation
Explanation
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely.
It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.

 

NEW QUESTION 95
Refer to the exhibit.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?

  • A. ip dhcp snooping trust
  • B. ip dhcp snooping verify mac-address
  • C. ip dhcp snooping vlan 41
  • D. ip dhcp snooping limit 41

Answer: A

Explanation:
To understand DHCP snooping we need to learn about DHCP spoofing attack first.
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.
The port connected to a DHCP server should be configured as trusted port with the "ip dhcp snooping trust" command. Other ports connecting to hosts are untrusted ports by default.
In this question, we need to configure the uplink to "trust" (under interface Gi1/0/1) as shown below.

 

NEW QUESTION 96
Under which two circumstances is a CoA issued? (Choose two.)

  • A. An endpoint is profiled for the first time.
  • B. A new Identity Source Sequence is created and referenced in the authentication policy.
  • C. An endpoint is deleted on the Identity Service Engine server.
  • D. A new Identity Service Engine server is added to the deployment with the Administration personA.
  • E. A new authentication rule was added to the policy on the Policy Service node.

Answer: A,C

 

NEW QUESTION 97
What is the function of SDN southbound API protocols?

  • A. to allow for the static configuration of control plane applications
  • B. to enable the controller to use REST
  • C. to allow for the dynamic configuration of control plane applications
  • D. to enable the controller to make changes

Answer: D

Explanation:
Explanation

 

NEW QUESTION 98
An organization wants to secure data in a cloud environment Its security model requires that all users be authenticated and authorized Security configuration and posture must be continuously validated before access is granted or maintained to applications and data There is also a need to allow certain application traffic and deny all other traffic by default Which technology must be used to implement these requirements?

  • A. access control policy
  • B. virtual routing and forwarding
  • C. microsegmentation
  • D. virtual LAN

Answer: A

 

NEW QUESTION 99
What is the primary role of the Cisco Email Security Appliance?

  • A. Mail User Agent
  • B. Mail Transfer Agent
  • C. Mail Delivery Agent
  • D. Mail Submission Agent

Answer: B

Explanation:
Cisco Email Security Appliance (ESA) protects the email infrastructure and employees who use email at work by filtering unsolicited and malicious email before it reaches the user. Cisco ESA easily integrates into existing email infrastructures with a high degree of flexibility. It does this by acting as a Mail Transfer Agent (MTA) within the email-delivery chain. Another name for an MTA is a mail relay.
Cisco Email Security Appliance (ESA) protects the email infrastructure and employees who use email at work by filtering unsolicited and malicious email before it reaches the user. Cisco ESA easily integrates into existing email infrastructures with a high degree of flexibility. It does this by acting as a Mail Transfer Agent (MTA) within the email-delivery chain. Another name for an MTA is a mail relay.
Reference:
Cisco_SBA_BN_EmailSecurityUsingCiscoESADeploymentGuide-Feb2013.pdf
Cisco Email Security Appliance (ESA) protects the email infrastructure and employees who use email at work by filtering unsolicited and malicious email before it reaches the user. Cisco ESA easily integrates into existing email infrastructures with a high degree of flexibility. It does this by acting as a Mail Transfer Agent (MTA) within the email-delivery chain. Another name for an MTA is a mail relay.
Cisco_SBA_BN_EmailSecurityUsingCiscoESADeploymentGuide-Feb2013.pdf

 

NEW QUESTION 100
How does Cisco Umbrella archive logs to an enterprise owned storage?

  • A. by the system administrator downloading the logs from the Cisco Umbrella web portal
  • B. by sending logs via syslog to an on-premises or cloud-based syslog server
  • C. by using the Application Programming Interface to fetch the logs
  • D. by being configured to send logs to a self-managed AWS S3 bucket

Answer: D

Explanation:
Explanation The Cisco Umbrella Multi-Org console has the ability to upload, store, and archive traffic activity logs from your organizations' Umbrella dashboards to the cloud through Amazon S3. CSV formatted Umbrella logs are compressed (gzip) and uploaded every ten minutes so that there's a minimum of delay between traffic from the organization's Umbrella dashboard being logged and then being available to download from an S3 bucket. By having your organizations' logs uploaded to an S3 bucket, you can then download logs automatically to keep in perpetuity in backup storage. Reference: https://docs.umbrella.com/deployment-umbrella/docs/manage-logs The Cisco Umbrella Multi-Org console has the ability to upload, store, and archive traffic activity logs from your organizations' Umbrella dashboards to the cloud through Amazon S3. CSV formatted Umbrella logs are compressed (gzip) and uploaded every ten minutes so that there's a minimum of delay between traffic from the organization's Umbrella dashboard being logged and then being available to download from an S3 bucket.
By having your organizations' logs uploaded to an S3 bucket, you can then download logs automatically to keep in perpetuity in backup storage.
Explanation The Cisco Umbrella Multi-Org console has the ability to upload, store, and archive traffic activity logs from your organizations' Umbrella dashboards to the cloud through Amazon S3. CSV formatted Umbrella logs are compressed (gzip) and uploaded every ten minutes so that there's a minimum of delay between traffic from the organization's Umbrella dashboard being logged and then being available to download from an S3 bucket. By having your organizations' logs uploaded to an S3 bucket, you can then download logs automatically to keep in perpetuity in backup storage. Reference: https://docs.umbrella.com/deployment-umbrella/docs/manage-logs

 

NEW QUESTION 101
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?

  • A. Configure the Cisco WSA to receive real-time updates from Talos
  • B. Configure the Cisco WSA to modify policies based on the traffic seen
  • C. Configure the Cisco ESA to receive real-time updates from Talos
  • D. Configure the Cisco ESA to modify policies based on the traffic seen

Answer: D

Explanation:
The Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it's likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.

 

NEW QUESTION 102
An organization is implementing URL blocking using Cisco Umbrell
a. The users are able to go to some sites
but other sites are not accessible due to an error. Why is the error occurring?

  • A. Intelligent proxy and SSL decryption is disabled in the policy
  • B. IP-Layer Enforcement is not configured.
  • C. Client computers do not have an SSL certificate deployed from an internal CA server.
  • D. Client computers do not have the Cisco Umbrella Root CA certificate installed.

Answer: D

Explanation:
Explanation Explanation Other features are dependent on SSL Decryption functionality, which requires the Cisco Umbrella root certificate. Having the SSL Decryption feature improves: Custom URL Blocking-Required to block the HTTPS version of a URL. ... Umbrella's Block Page and Block Page Bypass features present an SSL certificate to browsers that make connections to HTTPS sites. This SSL certificate matches the requested site but will be signed by the Cisco Umbrella certificate authority (CA). If the CA is not trusted by your browser, an error page may be displayed. Typical errors include "The security certificate presented by this website was not issued by a trusted certificate authority" (Internet Explorer), "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (Mozilla Firefox). Although the error page is expected, the message displayed can be confusing and you may wish to prevent it from appearing. To avoid these error pages, install the Cisco Umbrella root certificate into your browser or the browsers of your users-if you're a network admin. Reference: https://docs.umbrella.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-information Explanation Other features are dependent on SSL Decryption functionality, which requires the Cisco Umbrella root certificate. Having the SSL Decryption feature improves:
Custom URL Blocking-Required to block the HTTPS version of a URL.
...
Umbrella's Block Page and Block Page Bypass features present an SSL certificate to browsers that make connections to HTTPS sites. This SSL certificate matches the requested site but will be signed by the Cisco Umbrella certificate authority (CA). If the CA is not trusted by your browser, an error page may be displayed.
Typical errors include "The security certificate presented by this website was not issued by a trusted certificate authority" (Internet Explorer), "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (Mozilla Firefox). Although the error page is expected, the message displayed can be confusing and you may wish to prevent it from appearing.
To avoid these error pages, install the Cisco Umbrella root certificate into your browser or the browsers of your users-if you're a network admin.
Explanation Explanation Other features are dependent on SSL Decryption functionality, which requires the Cisco Umbrella root certificate. Having the SSL Decryption feature improves: Custom URL Blocking-Required to block the HTTPS version of a URL. ... Umbrella's Block Page and Block Page Bypass features present an SSL certificate to browsers that make connections to HTTPS sites. This SSL certificate matches the requested site but will be signed by the Cisco Umbrella certificate authority (CA). If the CA is not trusted by your browser, an error page may be displayed. Typical errors include "The security certificate presented by this website was not issued by a trusted certificate authority" (Internet Explorer), "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (Mozilla Firefox). Although the error page is expected, the message displayed can be confusing and you may wish to prevent it from appearing. To avoid these error pages, install the Cisco Umbrella root certificate into your browser or the browsers of your users-if you're a network admin. Reference: https://docs.umbrella.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-information

 

NEW QUESTION 103
What is the purpose of the My Devices Portal in a Cisco ISE environment?

  • A. to register new laptops and mobile devices
  • B. to provision userless and agentless systems
  • C. to manage and deploy antivirus definitions and patches on systems owned by the end user
  • D. to request a newly provisioned mobile device

Answer: D

Explanation:

 

NEW QUESTION 104
Drag and drop the common security threats from the left onto the definitions on the right.

Answer:

Explanation:

 

NEW QUESTION 105
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

  • A. URL filtering
  • B. impact flags
  • C. security intelligence
  • D. health monitoring

Answer: B

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/introduction_to_network_discovery_and_identity.html?bookSearch=true

 

NEW QUESTION 106
Which action controls the amount of URI text that is stored in Cisco WSA logs files?

  • A. Configure a small log-entry size.
  • B. Configure a maximum packet size.
  • C. Configure the advancedproxyconfig command with the HTTPS subcommand
  • D. Configure the datasecurityconfig command

Answer: C

 

NEW QUESTION 107
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network.
Which action tests the routing?

  • A. Add the public IP address that the client computers are behind to a Core Identity.
  • B. Ensure that the client computers are pointing to the on-premises DNS servers.
  • C. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
  • D. Enable the Intelligent Proxy to validate that traffic is being routed correctly.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 108
Drag and drop the capabilities from the left onto the correct technologies on the right.

Answer:

Explanation:

 

NEW QUESTION 109
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?

  • A. CASB
  • B. Adaptive MFA
  • C. Cisco Cloudlock
  • D. SIEM

Answer: C

Explanation:
Explanation
+ Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy.
+ Cloudlock is API-based.
+ Incidents are a key resource in the Cisco Cloudlock application. They are triggered by the Cloudlock policy engine when a policy detection criteria result in a match in an object (document, field, folder, post, or file).
Reference:
Note:
+ Security information and event management (SIEM) platforms collect log and event data from security systems, networks and computers, and turn it into actionable security insights.
+ An incident is a record of the triggering of an alerting policy. Cloud Monitoring opens an incident when a condition of an alerting policy has been met.

 

NEW QUESTION 110
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)

  • A. IP Device tracking
  • B. Port security
  • C. Dynamic ARP inspection
  • D. DHCP Snooping
  • E. 802.1AE MacSec
  • F. Private VLANs

Answer: C,D

 

NEW QUESTION 111
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

  • A. file access from a different user
  • B. user login suspicious behavior
  • C. privilege escalation
  • D. interesting file access

Answer: B

Explanation:
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.

 

NEW QUESTION 112
Which statement about IOS zone-based firewalls is true?

  • A. An interface can be assigned only to one zone.
  • B. An unassigned interface can communicate with assigned interfaces
  • C. Only one interface can be assigned to a zone.
  • D. An interface can be assigned to multiple zones.

Answer: A

 

NEW QUESTION 113
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?

  • A. Configure the Cisco ESA to modify policies based on the traffic seen.
  • B. Configure the Cisco ESA to receive real-time updates from Talos
  • C. Configure the Cisco WSA to receive real-time updates from Talos.
  • D. Configure the Cisco WSA to modify policies based on the traffic seen.

Answer: A

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa120/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_01100.html

 

NEW QUESTION 114
......


Cisco Certified Specialist-Security Core

Finally, the Cisco Certified Specialist-Security Core is a deserved recognition for passing the CCNP Security core exam. This is in line with the current exam guidelines, which state that all candidates who pass a professional-level test will gain a specialist title within the chosen field. This title is awarded to mid-level IT specialists who demonstrate knowledge of core security technologies such as endpoint protection, content security, and cloud security.


Understanding functional and technical aspects of Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) Secure Network Access, Visibility, and Enforcement

The following will be discussed in CISCO 350-701 dumps:

  • Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
  • Describe the benefits of network telemetry
  • Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
  • Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
  • Describe the benefits of device compliance and application control
  • Describe network access with CoA

 

Master 2021 Latest The Questions CCNP Security and Pass 350-701  Real Exam!: https://www.dumpsvalid.com/350-701-still-valid-exam.html

A fully updated 2021 350-701 Exam Dumps exam guide from training expert DumpsValid: https://drive.google.com/open?id=1d0oeR5zk_pcEluy01Unb4pDDzbadfh7r

Related Articles

more
Cisco 350-701 Certification Practice Exam

Copyright © 2026 DumpsValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy