Login / Register   My Cart (0)

DumpExams is an authorized company offering valid and latest dump exams & dumps VCE materials. Our dump exams & dumps VCE materials are high-quality; our passing rate is higher than others.

All Products Contact now
  • Home
  • Articles
  • [Oct-2021] Dumps Brief Outline Of The 350-701 Exam - Dumpexams [Q122-Q140]

[Oct-2021] Dumps Brief Outline Of The 350-701 Exam - Dumpexams [Q122-Q140]

Share

[Oct-2021] Dumps Brief Outline Of The 350-701 Exam - Dumpexams

350-701 Training & Certification Get Latest CCNP Security 

NEW QUESTION 122
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

  • A. virtualization
  • B. operating systems
  • C. applications
  • D. data
  • E. middleware

Answer: C,D

Explanation:
https://apprenda.com/library/paas/iaas-paas-saas-explained-compared/

 

NEW QUESTION 123
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.)

  • A. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.
  • B. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
  • C. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.
  • D. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.
  • E. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

Answer: C,D

 

NEW QUESTION 124
An organization is implementing URL blocking using Cisco Umbrell
a. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

  • A. IP-Layer Enforcement is not configured.
  • B. Client computers do not have the Cisco Umbrella Root CA certificate installed.
  • C. Client computers do not have an SSL certificate deployed from an internal CA server.
  • D. Intelligent proxy and SSL decryption is disabled in the policy.

Answer: B

Explanation:
Reference:
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-Intelligent-Proxy

 

NEW QUESTION 125
Drag and drop the VPN functions from the left onto the description on the right.

Answer:

Explanation:

 

NEW QUESTION 126
What is the difference between deceptive phishing and spear phishing?

  • A. Spear phishing is when the attack is aimed at the C-level executives of an organization.
  • B. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
  • C. A spear phishing campaign is aimed at a specific person versus a group of people.
  • D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Answer: C

Explanation:
Explanation
In deceptive phishing, fraudsters impersonate a legitimate company in an attempt to steal people's personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.
Spear phishing is carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information - and craft a fake email tailored for that person.

 

NEW QUESTION 127
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

  • A. DHCP
  • B. RADIUS
  • C. sFlow
  • D. TACACS+
  • E. SMTP

Answer: A,B

Explanation:
Explanation/Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

 

NEW QUESTION 128
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)

  • A. 802.1AE MacSec
  • B. Dynamic ARP inspection
  • C. Port security
  • D. Private VLANs
  • E. DHCP Snooping
  • F. IP Device track

Answer: B,E

 

NEW QUESTION 129
Which compliance status is shown when a configured posture policy requirement is not met?

  • A. compliant
  • B. authorized
  • C. noncompliant
  • D. unknown

Answer: C

Explanation:
Explanation Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies. A posture policy is a collection of posture requirements that are associated with one or more identity groups and operating systems. Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies. + If a mandatory requirement fails, the user will be moved to Non-Compliant state + If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user is moved to Compliant state This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the user can be in Non-compliant or compliant state. But "noncompliant" is the best answer here. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_010111.html Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies.
A posture policy is a collection of posture requirements that are associated with one or more identity groups and operating systems.
Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies.
+ If a mandatory requirement fails, the user will be moved to Non-Compliant state
+ If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user is moved to Compliant state This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the user can be in Non-compliant or compliant state. But "noncompliant" is the best answer here.
Reference:
Explanation Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies. A posture policy is a collection of posture requirements that are associated with one or more identity groups and operating systems. Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies. + If a mandatory requirement fails, the user will be moved to Non-Compliant state + If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user is moved to Compliant state This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the user can be in Non-compliant or compliant state. But "noncompliant" is the best answer here. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_010111.html

 

NEW QUESTION 130
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

  • A. CSIRT
  • B. Talos
  • C. PSIRT
  • D. DEVNET

Answer: B

Explanation:
Reference:
https://talosintelligence.com/

 

NEW QUESTION 131
What is the result of running thecrypto isakmp key ciscXXXXXXXX address 172.16.0.0command?

  • A. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
  • B. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
  • C. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
  • D. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

Answer: A

 

NEW QUESTION 132
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

  • A. Cognitive Threat Analytics
  • B. Encrypted Traffic Analytics
  • C. Cisco Talos Intelligence
  • D. Threat Intelligence Director

Answer: D

Explanation:
Explanation

https://www.cisco.com/c/en/us/support/docs/storage-networking/security/214859-configure-and-troubleshoot-cis

 

NEW QUESTION 133
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)

  • A. DDoS
  • B. antispam
  • C. antivirus
  • D. DLP
  • E. encryption

Answer: D,E

Explanation:
Explanation Cisco Hybrid Email Security is a unique service offering that combines a cloud-based email security deployment with an appliance-based email security deployment (on premises) to provide maximum choice and control for your organization. The cloud-based infrastructure is typically used for inbound email cleansing, while the onpremises appliances provide granular control - protecting sensitive information with data loss prevention (DLP) and encryption technologies. Reference: https://www.cisco.com/c/dam/en/us/td/docs/security/ces/overview_guide/ Cisco_Cloud_Hybrid_Email_Security_Overview_Guide.pdf Cisco Hybrid Email Security is a unique service offering that combines a cloud-based email security deployment with an appliance-based email security deployment (on premises) to provide maximum choice and control for your organization. The cloud-based infrastructure is typically used for inbound email cleansing, while the onpremises appliances provide granular control - protecting sensitive information with data loss prevention (DLP) and encryption technologies.
Reference:
Explanation Cisco Hybrid Email Security is a unique service offering that combines a cloud-based email security deployment with an appliance-based email security deployment (on premises) to provide maximum choice and control for your organization. The cloud-based infrastructure is typically used for inbound email cleansing, while the onpremises appliances provide granular control - protecting sensitive information with data loss prevention (DLP) and encryption technologies. Reference: https://www.cisco.com/c/dam/en/us/td/docs/security/ces/overview_guide/ Cisco_Cloud_Hybrid_Email_Security_Overview_Guide.pdf

 

NEW QUESTION 134
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

  • A. Cisco FTDv with one management interface and two traffic interfaces configured
  • B. Cisco FTDv with two management interfaces and one traffic interface configured
  • C. . Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
  • D. Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
  • E. Cisco FTDv configured in routed mode and IPv6 configured

Answer: C,D

 

NEW QUESTION 135
Using Cisco Firepower's Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two.)

  • A. protocol IDs
  • B. IP addresses
  • C. port numbers
  • D. MAC addresses
  • E. URLs

Answer: B,E

Explanation:

 

NEW QUESTION 136
Refer to the exhibit.

A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?

  • A. add subinterfaces
  • B. complete all configurations
  • C. complete no configurations
  • D. set the IP address of an interface

Answer: C

Explanation:
Explanation The user "admin5" was configured with privilege level 5. In order to allow configuration (enter global configuration mode), we must type this command: (config)#privilege exec level 5 configure terminal Without this command, this user cannot do any configuration. Note: Cisco IOS supports privilege levels from 0 to 15, but the privilege levels which are used by default are privilege level 1 (user EXEC) and level privilege 15 (privilege EXEC)

 

NEW QUESTION 137
With which components does a southbound API within a software-defined network architecture communicate?

  • A. devices such as routers and switches
  • B. controllers within the network
  • C. applications
  • D. appliances

Answer: A

Explanation:

The Southbound API is used to communicate between Controllers and network devices.

 

NEW QUESTION 138
What are two Trojan malware attacks? (Choose two)

  • A. rootkit
  • B. smurf
  • C. sync
  • D. frontdoor
  • E. backdoor

Answer: A,E

 

NEW QUESTION 139
Which function is the primary function of Cisco AMP threat Grid?

  • A. monitoring network traffic
  • B. applying a real-time URI blacklist
  • C. automated malware analysis
  • D. automated email encryption

Answer: C

 

NEW QUESTION 140
......

Certification Training for 350-701 Exam Dumps Test Engine: https://www.dumpexams.com/350-701-real-answers.html

CCNP Security 350-701 Real Exam Questions and Answers FREE Updated: https://drive.google.com/open?id=1Dd85hg1GvDm-2AnNAjEmcmjPHgfBGEti

Related Articles

more
Cisco 350-701 Certification Practice Exam

DumpExams is an authorized company offering valid and latest dump exams & dumps VCE materials. Our dump exams & dumps VCE materials are high-quality; our passing rate is higher than others.

Latest Dumps Exams

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Dumpexams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy