350-701 Online Practice Questions and Answers

Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

A. It allows the endpoint to authenticate with 802.1x or MAB.

B. It verifies that the endpoint has the latest Microsoft security patches installed.

C. It adds endpoints to identity groups dynamically.

D. It allows CoA to be applied if the endpoint status is compliant.

Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from Cisco and other vendors to share data and interoperate with each other?

A. Advanced Malware Protection

B. Platform Exchange Grid

C. Multifactor Platform Integration

D. Firepower Threat Defense

What is the purpose of the certificate signing request when adding a new certificate for a server?

A. It is the password for the certificate that is needed to install it with.

B. It provides the server information so a certificate can be created and signed

C. It provides the certificate client information so the server can authenticate against it when installing

D. It is the certificate that will be loaded onto the server

Which type of algorithm provides the highest level of protection against brute-force attacks?

A. PFS

B. HMAC

C. MD5

D. SHA

A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?

A. DMVPN because it supports IKEv2 and FlexVPN does not

B. FlexVPN because it supports IKEv2 and DMVPN does not

C. FlexVPN because it uses multiple SAs and DMVPN does not

D. DMVPN because it uses multiple SAs and FlexVPN does not

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.

The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

A. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not

B. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.

C. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not

D. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced visibility,promote compliance,shorten response times, and provide administrators with the information needed to provide educated and automated decisions to secure the environment?

A. Cisco DNA Center

B. Cisco SDN

C. Cisco ISE

D. Cisco Security Compiance Solution

Which solution supports high availability in routed or transparent mode as well as in northbound and southbound deployments?

A. Cisco FTD with Cisco ASDM

B. Cisco FTD with Cisco FMC

C. Cisco Firepower NGFW physical appliance with Cisco. FMC

D. Cisco Firepower NGFW Virtual appliance with Cisco FMC

Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?

A. Cisco Defense Orchestrator

B. Cisco Configuration Professional

C. Cisco Secureworks

D. Cisco DNAC

Which DoS attack uses fragmented packets in an attempt to crash a target machine?

A. teardrop

B. smurf

C. LAND

D. SYN flood