Plunge into the depths of certification mastery, supported by the vast ocean of knowledge within the 350-701 dumps. Tailored to perfection to match the expansive syllabus, the 350-701 dumps radiate a myriad of practice questions, fostering deep-rooted understanding. Be it the structured elegance of PDFs that resonates or the engrossing narratives of the VCE format that allure, the 350-701 dumps are a beacon. A comprehensive study guide, the cornerstone of the 350-701 dumps, acts as a lighthouse, illuminating the path ahead. With unwavering trust in these materials, we assertively put forth our 100% Pass Guarantee.
The best way to pass the test is with the latest 350-701 exam questions; free download available
Question 1:
Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically
B. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device
D. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
E. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device
Correct Answer: CE
Stateful failover for IP Security (IPsec) enables a router to continue processing and forwarding IPsec packetsafter a planned or unplanned outage occurs. Customers employ a backup (secondary) router that automaticallytakes over the tasks of the active (primary) router if the active router loses connectivity for any reason. Thisfailover process is transparent to users and does not require adjustment or reconfiguration of any remote peer.Stateful failover for IPsec requires that your network contains two identical routers that are available to be eitherthe primary or secondary device. Both routers should be the same type of device, have the same CPU andmemory, and have either no encryption accelerator or identical encryption accelerators.Prerequisites for Stateful Failover for IPsec Reference: https://www.cisco.com/c/en/us/td/docs/ios- xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpnavailability-15-mt-book/sec-state-fail- ipsec.htmlAlthough the prerequisites only stated that “Both routers should be the same type of device” but in the”Restrictions for Stateful Failover for IPsec” section of the link above, it requires “Both the active and standby devices must run the identical version of the Cisco IOS software” so answer E is better than answer B.
Question 2:
How does a cloud access security broker function?
A. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution
B. lt integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution
C. It acts as a security information and event management solution and receives syslog from other cloud solutions.
D. It scans other cloud solutions being used within the network and identifies vulnerabilities
Correct Answer: B
A Cloud Access Security Broker (CASB) is a security solution that integrates with cloud solutions such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) via APIs. It monitors cloud usage and creates incidents based on events from the cloud solution. This allows organizations to gain visibility into and control over their cloud usage, helping to protect against security threats and ensure compliance with security policies and regulations. CASBs can perform a variety of security-related functions, including identity and access management, data loss prevention, threat protection, and compliance enforcement, among others. By acting as an intermediary between cloud solutions and the organization, CASBs help to bridge the gap between security and cloud adoption, allowing organizations to securely adopt and manage cloud services.
Question 3:
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal?
A. Port Bounce
B. CoA Terminate
C. CoA Reauth
D. CoA Session Query
Correct Answer: C
Question 4:
In an IaaS cloud services model, which security function is the provider responsible for managing?
A. Internet proxy
B. firewalling virtual machines
C. CASB
D. hypervisor OS hardening
Correct Answer: B
In this IaaS model, cloud providers offer resources to users/machines that include computers as virtualmachines, raw (block) storage, firewalls , load balancers, and network devices.Note: Cloud access security broker (CASB) provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware such as ransomware.
Question 5:
Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?
A. Integration
B. Intent
C. Event
D. Multivendor
Correct Answer: B
Cisco is moving towards intent based networking and DNA center is a new addition to the solution offerings from Cisco.
Question 6:
Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the network?
A. Posture
B. Profiling
C. pxGrid
D. MAB
Correct Answer: A
Question 7:
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
A. RSA SecureID
B. Internal Database
C. Active Directory
D. LDAP
Correct Answer: A
Question 8:
Which two fields are defined in the NetFlow flow? (Choose two)
A. type of service byte
B. class of service bits
C. Layer 4 protocol type
D. destination port
E. output logical interface
Correct Answer: AD
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow:+ Ingress interface (SNMP ifIndex)+ Source IP address+ Destination IP address+ IP
protocol+ Source port for UDP or TCP, 0 for other protocols+ Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols+ IP Type of ServiceNote:
A flow is a unidirectional series of packets between a given source and destination.
Question 9:
Refer to the exhibit.
What does the API key do while working with https://api.amp.cisco.com/v1/computers?
A. displays client ID
B. HTTP authorization
C. Imports requests
D. HTTP authentication
Correct Answer: D
Question 10:
Which solution should be leveraged for secure access of a CI/CD pipeline?
A. Duo Network Gateway
B. remote access client
C. SSL WebVPN
D. Cisco FTD network gateway
Correct Answer: A
Question 11:
Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?
A. webadvancedconfig
B. websecurity advancedconfig
C. outbreakconfig
D. websecurity config
Correct Answer: B
Question 12:
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?
A. Use security services to configure the traffic monitor, .
B. Use URL categorization to prevent the application traffic.
C. Use an access policy group to configure application control settings.
D. Use web security reporting to validate engine functionality
Correct Answer: C
The Application Visibility and Control (AVC) engine lets you create policies to control application activity on the network without having to fully understand the underlying technology of each application. You can configure application control settings in Access Policy groups. You can block or allow applications individually or according to application type. You can also apply controls to particular application types.
Question 13:
Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?
A. quality of service
B. time synchronization
C. network address translations
D. intrusion policy
Correct Answer: B
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Firepower_Software_Platform_Settings.html#task_EF18AE3D5CA9457AB65791B9654FD46C
Question 14:
Which security solution is used for posture assessment of the endpoints in a BYOD solution?
A. Cisco FTD
B. Cisco ASA
C. Cisco Umbrella
D. Cisco ISE
Correct Answer: D
Question 15:
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify an access policy
B. Modify identification profiles
C. Modify outbound malware scanning policies
D. Modify web proxy settings
Correct Answer: D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc- config-guidev60/Access_Control_Rules__URL_Filtering.html