If you are looking for free 350-701 dumps than here we have some sample question answers available. You can prepare from our Cisco 350-701 exam questions notes and prepare exam with this practice test. Check below our updated 350-701 exam dumps.
DumpsGroup are top class study material providers and our inclusive range of 350-701 Real exam questions would be your key to success in Cisco CCNP Security Certification Exam in just first attempt. We have an excellent material covering almost all the topics of Cisco 350-701 exam. You can get this material in Cisco 350-701 PDF and 350-701 practice test engine formats designed similar to the Real Exam Questions. Free 350-701 questions answers and free Cisco 350-701 study material is available here to get an idea about the quality and accuracy of our study material.
Sample Question 4
What provides total management for mobile and PC including managing inventory and
device tracking, remote view, and live troubleshooting using the included native remote
desktop support?
A. mobile device management B. mobile content management C. mobile application management D. mobile access management
Answer: A
Sample Question 5
Which two commands are required when configuring a flow-export action on a Cisco ASA?
(Choose two.)
A. flow-export event-type B. policy-map C. access-list D. flow-export template timeout-rate 15 E. access-group
Answer: A,B
Sample Question 6
Which characteristic is unique to a Cisco WSAv as compared to a physical appliance?
A. supports VMware vMotion on VMware ESXi
B. requires an additional license
C. performs transparent redirection
D. supports SSL decryption A. supports VMware vMotion on VMware ESXi B. requires an additional license C. performs transparent redirection D. supports SSL decryption
Answer: A
Sample Question 7
What is the most commonly used protocol for network telemetry?
A. SMTP B. SNMP C. TFTP D. NctFlow
Answer: D
Sample Question 8
A network security engineer must export packet captures from the Cisco FMC web browser
while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file.
Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser B. Disable the HTTPS server and use HTTP instead C. Use the Cisco FTD IP address as the proxy server setting on the browser D. Enable the HTTPS server for the device platform policy
Answer: D
Sample Question 9
What is a functional difference between Cisco AMP for Endpoints and Cisco Umbrella
Roaming Client?
A. The Umbrella Roaming client stops and tracks malicious activity on hosts, and AMP for
Endpoints tracks only URL-based threats. B. The Umbrella Roaming Client authenticates users and provides segmentation, and AMP for Endpoints allows only for VPN connectivity C. AMP for Endpoints authenticates users and provides segmentation, and the Umbrella Roaming Client allows only for VPN connectivity. D. AMP for Endpoints stops and tracks malicious activity on hosts, and the Umbrella Roaming Client tracks only URL-based threats.
Answer: D
Sample Question 10
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be
taken before granting API access in the Dropbox admin console?
A. Authorize Dropbox within the Platform settings in the Cisco Cloudlock portal. B. Add Dropbox to the Cisco Cloudlock Authentication and API section in the Cisco Cloudlock portal. C. Send an API request to Cisco Cloudlock from Dropbox admin portal. D. Add Cisco Cloudlock to the Dropbox admin portal.
Answer: A
Sample Question 11
Which API method and required attribute are used to add a device into Cisco DNA Center
with the native API?
A. GET and serialNumber B. userSudiSerlalNos and deviceInfo C. POST and name D. lastSyncTime and pid
Answer: A
Sample Question 12
What does endpoint isolation in Cisco AMP for Endpoints security protect from?
A. an infection spreading across the network E B. a malware spreading across the user device C. an infection spreading across the LDAP or Active Directory domain from a user account D. a malware spreading across the LDAP or Active Directory domain from a user account
What are two benefits of using an MDM solution? (Choose two.)
A. grants administrators a way to remotely wipe a lost or stolen device B. provides simple and streamlined login experience for multiple applications and users C. native integration that helps secure applications across multiple cloud platforms or onpremises environments D. encrypts data that is stored on endpoints E. allows for centralized management of endpoint device applications and configurations
Answer: A,E
Sample Question 14
An engineer is configuring cloud logging using a company-managed Amazon S3 bucket for
Cisco Umbrella logs. What benefit does this configuration provide for accessing log data?
A. It is included m the license cost for the multi-org console of Cisco Umbrella B. It can grant third-party SIEM integrations write access to the S3 bucket C. No other applications except Cisco Umbrella can write to the S3 bucket D. Data can be stored offline for 30 days.
Answer: D
Sample Question 15
Email security has become a high priority task for a security engineer at a large multinational organization due to ongoing phishing campaigns. To help control this, the engineer
has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the
Cisco ESA Which action will the system perform to disable any links in messages that
match the filter?
A. Defang B. Quarantine C. FilterAction D. ScreenAction
Client workstations are experiencing extremely poor response time. An engineer suspects
that an attacker is eavesdropping and making independent connections while relaying
messages between victims to make them think they are talking to each other over a private
connection. Which feature must be enabled and configured to provide relief from this type
of attack?
A. Link Aggregation B. Reverse ARP C. private VLANs D. Dynamic ARP Inspection
Answer: D
Sample Question 17
Which two protocols must be configured to authenticate end users to the Web Security
Appliance? (Choose two.)
A. NTLMSSP B. Kerberos C. CHAP D. TACACS+ E. RADIUS
Answer: A,B
Sample Question 18
Which action must be taken in the AMP for Endpoints console to detect specific MD5
signatures on endpoints and then quarantine the files?
A. Configure an advanced custom detection list. B. Configure an IP Block & Allow custom detection list C. Configure an application custom detection list D. Configure a simple custom detection list
Answer: A
Sample Question 19
How does Cisco Workload Optimization portion of the network do EPP solutions solely
performance issues?
A. It deploys an AWS Lambda system B. It automates resource resizing C. It optimizes a flow path D. It sets up a workload forensic score
Answer: B
Sample Question 20
Which Cisco Firewall solution requires zone definition?
A. CBAC B. Cisco AMP C. ZBFW D. Cisco ASA
Answer: C
Sample Question 21
Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?
A. api/v1/fie/config B. api/v1/onboarding/pnp-device/import C. api/v1/onboarding/pnp-device D. api/v1/onboarding/workflow
Answer: B
Sample Question 22
Which capability is provided by application visibility and control?
A. reputation filtering B. data obfuscation C. data encryption D. deep packet inspection
Answer: D
Sample Question 23
When network telemetry is implemented, what is important to be enabled across all
network infrastructure devices to correlate different sources?
A. CDP B. NTP C. syslog D. DNS
Answer: B
Sample Question 24
What is a benefit of using Cisco Umbrella?
A. DNS queries are resolved faster. B. Attacks can be mitigated before the application connection occurs. C. Files are scanned for viruses before they are allowed to run. D. It prevents malicious inbound traffic.
Answer: B
Sample Question 25
Which two criteria must a certificate meet before the WSA uses it to decrypt application
traffic? (Choose two.)
A. It must include the current date. B. It must reside in the trusted store of the WSA. C. It must reside in the trusted store of the endpoint. D. It must have been signed by an internal CA. E. it must contain a SAN.
Answer: A,B
Sample Question 26
A company has 5000 Windows users on its campus. Which two precautions should IT take
to prevent WannaCry ransomware from spreading to all clients? (Choose two.)
A. Segment different departments to different IP blocks and enable Dynamic ARp
inspection on all VLANs B. Ensure that noncompliant endpoints are segmented off to contain any potential damage. C. Ensure that a user cannot enter the network of another department. D. Perform a posture check to allow only network access to (hose Windows devices that are already patched. E. Put all company users in the trusted segment of NGFW and put all servers to the DMZ segment of the Cisco NGFW. ni
Answer: B,D
Sample Question 27
Email security has become a high priority task for a security engineer at a large multinational organization due to ongoing phishing campaigns. To help control this, the engineer
has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the
Cisco ESA Which action will the system perform to disable any links in messages that
match the filter?
A. Defang B. Quarantine C. FilterAction D. ScreenAction
Answer: A
Sample Question 28
What are two workloaded security models? (Choose two)
A. SaaS B. IaaS C. on-premises D. off-premises E. PaaS
Answer: C,D
Sample Question 29
Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to
force a session to be adjusted after a policy change is made? (Choose two)
A. posture assessment B. aaa authorization exec default local C. tacacs-server host 10.1.1.250 key password D. aaa server radius dynamic-author E. CoA
Answer: D,E
Sample Question 30
Which open standard creates a framework for sharing threat intelligence in a machinedigestible format?
A. OpenC2 B. OpenlOC C. CybOX D. STIX
Answer: D
Sample Question 31
What is a characteristic of an EDR solution and not of an EPP solution?
A. stops all ransomware attacks B. retrospective analysis C. decrypts SSL traffic for better visibility D. performs signature-based detection
Answer: B
Sample Question 32
What is the purpose of the Cisco Endpoint loC feature?
A. It provides stealth threat prevention. B. lt is a signature-based engine. C. lt is an incident response tool D. It provides precompromise detection.
An organization is implementing AAA for their users. They need to ensure that
authorization is verified for every command that is being entered by the network
administrator. Which protocol must be configured in order to provide this capability?
A. EAPOL B. SSH C. RADIUS D. TACACS+
Answer: D
Sample Question 34
Which feature is used in a push model to allow for session identification, host
reauthentication, and session termination?
A. AAA attributes B. CoA request C. AV pair D. carrier-grade NAT
Answer: C
Sample Question 35
How does Cisco AMP for Endpoints provide next-generation protection?
A. It encrypts data on user endpoints to protect against ransomware. B. It leverages an endpoint protection platform and endpoint detection and response. C. It utilizes Cisco pxGrid, which allows Cisco AMP to pull threat feeds from threat intelligence centers. D. It integrates with Cisco FTD devices.
Answer: B
Sample Question 36
Which two capabilities does an MDM provide? (Choose two.)
A. delivery of network malware reports to an inbox in a schedule B. unified management of mobile devices, Macs, and PCs from a centralized dashboard C. enforcement of device security policies from a centralized dashboard D. manual identification and classification of client devices E. unified management of Android and Apple devices from a centralized dashboard
Answer: B,C
Sample Question 37
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)
A. grants administrators a way to remotely wipe a lost or stolen device B. provides simple and streamlined login experience for multiple applications and users C. native integration that helps secure applications across multiple cloud platforms or onpremises environments D. encrypts data that is stored on endpoints E. allows for centralized management of endpoint device applications and configurations
Answer: B,C
Sample Question 38
Which security solution is used for posture assessment of the endpoints in a BYOD
solution?
A. Cisco FTD B. Cisco ASA C. Cisco Umbrella D. Cisco ISE
Answer: D
Sample Question 39
What are two characteristics of the RESTful architecture used within Cisco DNA Center?
(Choose two.)
A. REST uses methods such as GET, PUT, POST, and DELETE. B. REST codes can be compiled with any programming language. C. REST is a Linux platform-based architecture. D. The POST action replaces existing data at the URL path. E. REST uses HTTP to send a request to a web service.
Answer: A,E
Sample Question 40
Which command is used to log all events to a destination colector 209.165.201.107?
A. CiscoASA(config-pmap-c)#flow-export event-type flow-update destination
209.165.201.10 B. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201. C. CiscoASA(config-pmap-c)#flow-export event-type all destination 209.165.201.10 D. CiscoASA(config-cmap)#flow-export event-type flow-update destination 209.165.201.10
Answer: C
Sample Question 41
Which open standard creates a framework for sharing threat intelligence in a machinedigestible format?
A. OpenC2 B. OpenlOC C. CybOX D. STIX
Answer: D
Sample Question 42
During a recent security audit a Cisco IOS router with a working IPSEC configuration using
IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command The
VPN peer is a SOHO router with a dynamically assigned IP address Dynamic DNS has
been configured on the SOHO router to map the dynamic IP address to the host name of
vpn sohoroutercompany.com In addition to the command crypto isakmp key
Cisc425007536 hostname vpn.sohoroutercompany.com what other two commands are
now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)
A. ip host vpn.sohoroutercompany.eom B. crypto isakmp identity hostname C. Add the dynamic keyword to the existing crypto map command D. fqdn vpn.sohoroutercompany.com E. ip name-server
Answer: C,E
Sample Question 43
What is the process In DevSecOps where all changes In the central code repository are
merged and synchronized?
A. CD B. EP C. CI D. QA
Answer: C
Sample Question 44
Which algorithm is an NGE hash function?
A. HMAC B. SHA-1 C. MD5 D. SISHA-2
Answer: D
Sample Question 45
Which function is performed by certificate authorities but is a limitation of registration
authorities?
A. accepts enrollment requests B. certificate re-enrollment C. verifying user identity D. CRL publishing
Answer: C
Sample Question 46
What is the purpose of a NetFlow version 9 template record?
A. It specifies the data format of NetFlow processes. B. It provides a standardized set of information about an IP flow. C. lt defines the format of data records. D. It serves as a unique identification number to distinguish individual data records
Answer: C
Sample Question 47
What is the term for the concept of limiting communication between applications or
containers on the same node?
A. container orchestration B. software-defined access C. microservicing D. microsegmentation
Answer: D
Sample Question 48
Which Cisco security solution stops exfiltration using HTTPS?
A. Cisco FTD B. Cisco AnyConnect C. Cisco CTA D. Cisco ASA
A company identified a phishing vulnerability during a pentest What are two ways the
company can protect employees from the attack? (Choose two.)
A. using Cisco Umbrella B. using Cisco ESA C. using Cisco FTD D. using an inline IPS/IDS in the network E. using Cisco ISE
Answer: A,B
Sample Question 50
An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and
wants to create a policy that prevents users from executing file named abc424952615.exe
without quarantining that file What type of Outbreak Control list must the SHA.-256 hash
value for the file be added to in order to accomplish this?
A. Advanced Custom Detection B. Blocked Application C. Isolation D. Simple Custom Detection
Answer: B
Sample Question 51
Which Cisco solution integrates Encrypted Traffic Analytics to perform enhanced
visibility,promote compliance,shorten response times, and provide administrators with the
information needed to provide educated and automated decisions to secure the
environment?
A. Cisco DNA Center B. Cisco SDN C. Cisco ISE D. Cisco Security Compiance Solution
Answer: A
Sample Question 52
Which type of data does the Cisco Stealthwatch system collect and analyze from routers,
switches, and firewalls?
A. NTP B. syslog C. SNMP D. NetFlow
Answer: D
Sample Question 53
An engineer musà set up 200 new laptops on a network and wants to prevent the users
from moving their laptops around to simplify administration Which switch port MAC address
security setting must be used?
A. sticky B. static C. aging D. maximum
Answer: A
Sample Question 54
What is a function of Cisco AMP for Endpoints?
A. It detects DNS attacks B. It protects against web-based attacks C. It blocks email-based attacks D. It automates threat responses of an infected host
Answer: D
Sample Question 55
Which feature requires that network telemetry be enabled?
A. per-interface stats B. SNMP trap notification C. Layer 2 device discovery D. central syslog system
Answer: D
Sample Question 56
An engineer is adding a Cisco router to an existing environment. NTP authentication is
configured on all devices in the environment with the command ntp authentication-key 1
md5 Clsc427128380. There are two routers on the network that are configured as NTP
servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as
the authoritative time source. What command must be configured on the new router to use
192.168.1.110 as its primary time source without the new router attempting to offer time to
existing devices?
A. ntp server 192.168.1.110 primary key 1 B. ntp peer 192.168.1.110 prefer key 1 C. ntp server 192.168.1.110 key 1 prefer D. ntp peer 192.168.1.110 key 1 primary
Answer: A
Sample Question 57
DoS attacks are categorized as what?
A. phishing attacks B. flood attacks C. virus attacks D. trojan attacks
Answer: B
Sample Question 58
Which ESA implementation method segregates inbound and outbound email?
A. one listener on a single physical Interface B. pair of logical listeners on a single physical interface with two unique logical IPv4 addresses and one IPv6 address C. pair of logical IPv4 listeners and a pair Of IPv6 listeners on two physically separate interfaces D. one listener on one logical IPv4 address on a single logical interface
Answer: D
Sample Question 59
DoS attacks are categorized as what?
A. phishing attacks B. flood attacks C. virus attacks D. trojan attacks
Answer: B
Sample Question 60
Which feature does the laaS model provide?
A. granular control of data B. dedicated, restricted workstations C. automatic updates and patching of software D. software-defined network segmentation
Answer: C
Sample Question 61
Which threat intelligence standard contains malware hashes?
A. structured threat information expression B. advanced persistent threat C. trusted automated exchange or indicator information D. open command and control
Answer: A
Sample Question 62
An engineer is implementing DHCP security mechanisms and needs the ability to add
additional attributes to profiles that are created within Cisco ISE Which action accomplishes
this task?
A. Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot
get an IP address B. Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE C. Modify the DHCP relay and point the IP address to Cisco ISE. D. Configure DHCP snooping on the switch VLANs and trust the necessary interfaces
Answer: D
Sample Question 63
An engineer recently completed the system setup on a Cisco WSA Which URL information
does the system send to SensorBase Network servers?
A. Summarized server-name information and MD5-hashed path information B. complete URL,without obfuscating the path segments C. URL information collected from clients that connect to the Cisco WSA using Cisco
AnyConnect D. none because SensorBase Network Participation is disabled by default
Answer: B
Sample Question 64
What is a benefit of using GET VPN over FlexVPN within a VPN deployment?
A. GET VPN supports Remote Access VPNs B. GET VPN natively supports MPLS and private IP networks C. GET VPN uses multiple security associations for connections D. GET VPN interoperates with non-Cisco devices
Answer: B
Sample Question 65
Why should organizations migrate to a multifactor authentication strategy?
A. Multifactor authentication methods of authentication are never compromised B. Biometrics authentication leads to the need for multifactor authentication due to its ability to be hacked easily C. Multifactor authentication does not require any piece of evidence for an authentication mechanism D. Single methods of authentication can be compromised more easily than multifactor authentication
Answer: D
Sample Question 66
Which API method and required attribute are used to add a device into DNAC with the
native API?
A. lastSyncTime and pid B. POST and name C. userSudiSerialNos and devicelnfo D. GET and serialNumber
Answer: B
Sample Question 67
What is the difference between EPP and EDR?
A. EPP focuses primarily on threats that have evaded front-line defenses that entered the
environment. B. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats. C. EDR focuses solely on prevention at the perimeter. D. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.
Answer: B
Sample Question 68
What is a benefit of flexible NetFlow records?
A. They are used for security B. They are used for accounting C. They monitor a packet from Layer 2 to Layer 5 D. They have customized traffic identification
Which feature must be configured before implementing NetFlow on a router?
A. SNMPv3 B. syslog C. VRF D. IP routing
Answer: D
Sample Question 70
A company recently discovered an attack propagating throughout their Windows network
via a file named abc428565580xyz exe The malicious file was uploaded to a Simple
Custom Detection list in the AMP for Endpoints Portal and the currently applied policy for
the Windows clients was updated to reference the detection list Verification testing scans
on known infected systems shows that AMP for Endpoints is not detecting the presence of
this file as an indicator of compromise What must be performed to ensure detection of the
malicious file?
A. Upload the malicious file to the Blocked Application Control List B. Use an Advanced Custom Detection List instead of a Simple Custom Detection List C. Check the box in the policy configuration to send the file to Cisco Threat Grid for dynamic analysis D. Upload the SHA-256 hash for the file to the Simple Custom Detection List
Answer: D
Sample Question 71
An engineer is configuring Cisco Umbrella and has an identity that references two different
policies. Which action ensures that the policy that the identity must use takes precedence
over the second one?
A. Configure the default policy to redirect the requests to the correct policy B. Place the policy with the most-specific configuration last in the policy order C. Configure only the policy with the most recently changed timestamp D. Make the correct policy first in the policy order
Answer: D
Sample Question 72
Which cloud service offering allows customers to access a web application that is being
hosted, managed, and maintained by a cloud service provider?
A. IaC B. SaaS C. IaaS D. PaaS
Answer: B
Sample Question 73
Which cloud service offering allows customers to access a web application that is being
hosted, managed, and maintained by a cloud service provider?
A. IaC B. SaaS C. IaaS D. PaaS
Answer: B
Sample Question 74
What is the concept of Cl/CD pipelining?
A. The project is split into several phases where one phase cannot start before the
previous phase finishes successfully. B. The project code is centrally maintained and each code change should trigger an automated build and test sequence C. The project is split into time-limited cycles and focuses on pair programming for
continuous code review D. Each project phase is independent from other phases to maintain adaptiveness and continual improvement
Answer: A
Sample Question 75
An organization deploys multiple Cisco FTD appliances and wants to manage them using
one centralized
solution. The organization does not have a local VM but does have existing Cisco ASAs
that must migrate over
to Cisco FTDs. Which solution meets the needs of the organization?
A. Cisco FMC B. CSM C. Cisco FDM D. CDO
Answer: B
Sample Question 76
Which solution allows an administrator to provision, monitor, and secure mobile devices on
Windows and Mac computers from a centralized dashboard?
A. Cisco Umbrella B. Cisco AMP for Endpoints C. Cisco ISE D. Cisco Stealthwatch
Answer: C
Sample Question 77
An engineer is trying to decide whether to use Cisco Umbrella, Cisco CloudLock, Cisco
Stealthwatch, or Cisco AppDynamics Cloud Monitoring for visibility into data transfers as
well as protection against data exfiltration Which solution best meets these requirements?
A. Cisco CloudLock B. Cisco AppDynamics Cloud Monitoring C. Cisco Umbrella D. Cisco Stealthwatch
Answer: D
Sample Question 78
A large organization wants to deploy a security appliance in the public cloud to form a siteto-site VPN
and link the public cloud environment to the private cloud in the headquarters data center.
Which Cisco
security appliance meets these requirements?
A. Cisco Cloud Orchestrator B. Cisco ASAV C. Cisco WSAV D. Cisco Stealthwatch Cloud
Answer: B
Sample Question 79
An engineer needs to detect and quarantine a file named abc424400664 zip based on the
MD5 signature of the file using the Outbreak Control list feature within Cisco Advanced
Malware Protection (AMP) for Endpoints The configured detection method must work on
files of unknown disposition Which Outbreak Control list must be configured to provide
this?
A. Blocked Application B. Simple Custom Detection C. Advanced Custom Detection D. Android Custom Detection
Answer: C
Sample Question 80
What are two functions of IKEv1 but not IKEv2? (Choose two)
A. NAT-T is supported in IKEv1 but rot in IKEv2. B. With IKEv1, when using aggressive mode, the initiator and responder identities are passed cleartext C. With IKEv1, mode negotiates faster than main mode D. IKEv1 uses EAP authentication E. IKEv1 conversations are initiated by the IKE_SA_INIT message
Answer: C,E
Sample Question 81
What is the most common type of data exfiltration that organizations currently experience?
A. HTTPS file upload site B. Microsoft Windows network shares C. SQL database injections D. encrypted SMTP
Answer: A
Sample Question 82
For a given policy in Cisco Umbrella, how should a customer block website based on a
custom list?
A. by specifying blocked domains in me policy settings B. by specifying the websites in a custom blocked category C. by adding the websites to a blocked type destination list D. by adding the website IP addresses to the Cisco Umbrella blocklist
Answer: C
Sample Question 83
Which Cisco ISE feature helps to detect missing patches and helps with remediation?
A. posture assessment B. profiling policy C. authentication policy D. enabling probes
Answer: A
Sample Question 84
When a Cisco WSA checks a web request, what occurs if it is unable to match a userdefined policy?
A. It blocks the request. B. It applies the global policy. C. It applies the next identification profile policy. D. It applies the advanced policy.
Answer: B
Sample Question 85
Based on the NIST 800-145 guide, which cloud architecture may be owned, managed, and
operated by one or more of the organizations in the community, a third party, or some
combination of them, and it may exist on or off premises?
A. hybrid cloud B. private cloud C. public cloud D. community cloud
Answer: D
Sample Question 86
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while
also automatically configuring endpoint network settings to use the signed endpoint
certificate, allowing the endpoint to gain network access?
A. Cisco ISE B. Cisco NAC C. Cisco TACACS+ D. Cisco WSA
Answer: A
Sample Question 87
A network security engineer must export packet captures from the Cisco FMC web browser
while troubleshooting an issue. When navigating to the address https:///capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file.
Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser B. Disable the HTTPS server and use HTTP instead C. Use the Cisco FTD IP address as the proxy server setting on the browser D. Enable the HTTPS server for the device platform policy
Answer: D
Sample Question 88
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility,
provide policy integration and deployment, and implement security policies with access
lists?
A. VMware APIC B. VMwarevRealize C. VMware fusion D. VMware horizons
Answer: B
Sample Question 89
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which
configuration component must be used to accomplish this goal?
A. MDA on the router B. PBR on Cisco WSA C. WCCP on switch D. DNS resolution on Cisco WSA
Answer: C
Sample Question 90
A network engineer is tasked with configuring a Cisco ISE server to implement external
authentication against Active Directory. What must be considered about the authentication
requirements? (Choose two.)
A. RADIUS communication must be permitted between the ISE server and the domain
controller. B. The ISE account must be a domain administrator in Active Directory to perform JOIN
operations. C. Active Directory only supports user authentication by using MSCHAPv2. D. LDAP communication must be permitted between the ISE server and the domain
controller. E. Active Directory supports user and machine authentication by using MSCHAPv2.
Answer: B,C
Sample Question 91
Cisco SensorBase gaihers threat information from a variety of Cisco products and services
and performs analytics to find patterns on threats Which term describes this process?
A. deployment B. consumption C. authoring D. sharing
Answer: A
Sample Question 92
Why is it important to have a patching strategy for endpoints?
A. to take advantage of new features released with patches B. so that functionality is increased on a faster scale when it is used B. so that functionality is increased on a faster scale when it is used D. so that patching strategies can assist with disabling nonsecure protocols in applications
Answer: C
Sample Question 93
How does the Cisco WSA enforce bandwidth restrictions for web applications?
A. It implements a policy route to redirect application traffic to a lower-bandwidth link. B. It dynamically creates a scavenger class QoS policy and applies it to each client that
connects through the WSA. C. It sends commands to the uplink router to apply traffic policing to the application traffic. D. It simulates a slower link by introducing latency into application traffic.
Answer: C
Sample Question 94
What is a description of microsegmentation?
A. Environments deploy a container orchestration platform, such as Kubernetes, to
manage the application delivery. B. Environments apply a zero-trust model and specify how applications on different servers
or containers can communicate C. Environments deploy centrally managed host-based firewall rules on each server or
container. D. Environments implement private VLAN segmentation to group servers with similar
applications.
Answer: B
Sample Question 95
An engineer is configuring their router to send NetfFow data to Stealthwatch which has an
IP address of 1 1 11 using the flow record Stea!thwatch406397954 command Which
additional command is required to complete the flow record?
A. transport udp 2055 B. match ipv4 ttl C. cache timeout active 60 D. destination 1.1.1.1
Answer: B
Sample Question 96
An administrator configures new authorization policies within Cisco ISE and has difficulty
profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the
RADIUS authentication are seen however the attributes for CDP or DHCP are not. What
should the administrator do to address this issue?
An administrator configures new authorization policies within Cisco ISE and has difficulty
profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the
RADIUS authentication are seen however the attributes for CDP or DHCP are not. What
should the administrator do to address this issue? B. Configure the authentication port-control auto feature within Cisco ISE to identify the
devices that are trying to connect C. Configure a service template within the switch to standardize the port configurations so
that the correct
information is sent to Cisco ISE C. Configure a service template within the switch to standardize the port configurations so
that the correct
information is sent to Cisco ISE