350-701 Exam Preparation Material with New 350-701 Dumps Questions [Q269-Q290]

Share

350-701 Exam Preparation Material with New 350-701 Dumps Questions

350-701 2026 Training With 727 QA's

NEW QUESTION # 269
How does DNS Tunneling exfiltrate data?

  • A. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.
  • B. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
  • C. An attacker opens a reverse DNS shell to get into the client's system and install malware on it.
  • D. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

Answer: B

Explanation:
DNS tunneling is a technique that exploits the DNS protocol to tunnel malware and other data through a client-server model. DNS tunneling can be used for data exfiltration, command and control, or IP-over-DNS tunneling. DNS tunneling works by encoding the information of other protocols or programs in DNS queries and responses. An attacker registers a domain, such as badsite.com, and sets up a malicious DNS server that can interpret the encoded data. The attacker then infects a client with malware that can send and receive DNS queries to the attacker's domain. The malware can use DNS queries to request commands from the attacker, or to send sensitive data to the attacker. The DNS queries and responses look like normal DNS traffic, but they contain hidden data that can bypass network defenses123. References := 1: What Is DNS Tunneling? - Palo Alto Networks 2: What is DNS Tunneling? - Check Point Software 3: What Is DNS Tunneling and How to Detect and Prevent Attacks


NEW QUESTION # 270
Which two activities can be done using Cisco DNA Center? (Choose two)

  • A. Accounting
  • B. DHCP
  • C. Design
  • D. DNS
  • E. Provision

Answer: C,E

Explanation:
Explanation Cisco DNA Center has four general sections aligned to IT workflows: Design: Design your network for consistent configurations by device and by site. Physical maps and logical topologies help provide quick visual reference. The direct import feature brings in existing maps, images, and topologies directly from Cisco Prime Infrastructure and the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), making upgrades easy and quick. Device configurations by site can be consolidated in a "golden image" that can be used to automatically provision new network devices. These new devices can either be pre-staged by associating the device details and mapping to a site. Or they can be claimed upon connection and mapped to the site. Policy: Translate business intent into network policies and apply those policies, such as access control, traffic routing, and quality of service, consistently over the entire wired and wireless infrastructure. Policy-based access control and network segmentation is a critical function of the Cisco Software-Defined Access (SDAccess) solution built from Cisco DNA Center and Cisco Identity Services Engine (ISE). Cisco AI Network Analytics and Cisco Group-Based Policy Analytics running in the Cisco DNA Center identify endpoints, group similar endpoints, and determine group communication behavior. Cisco DNA Center then facilitates creating policies that determine the form of communication allowed between and within members of each group. ISE then activates the underlying infrastructure and segments the network creating a virtual overlay to follow these policies consistently. Such segmenting implements zero-trust security in the workplace, reduces risk, contains threats, and helps verify regulatory compliance by giving endpoints just the right level of access they need. Provision: Once you have created policies in Cisco DNA Center, provisioning is a simple drag-and-drop task. The profiles (called scalable group tags or "SGTs") in the Cisco DNA Center inventory list are assigned a policy, and this policy will always follow the identity. The process is completely automated and zero-touch. New devices added to the network are assigned to an SGT based on identity-greatly facilitating remote office setups. Assurance: Cisco DNA Assurance, using AI/ML, enables every point on the network to become a sensor, sending continuous streaming telemetry on application performance and user connectivity in real time. The clean and simple dashboard shows detailed network health and flags issues. Then, guided remediation automates resolution to keep your network performing at its optimal with less mundane troubleshooting work. The outcome is a consistent experience and proactive optimization of your network, with less time spent on troubleshooting tasks. Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06- dna-center-so-cte-en.html Cisco DNA Center has four general sections aligned to IT workflows:
Design: Design your network for consistent configurations by device and by site. Physical maps and logical topologies help provide quick visual reference. The direct import feature brings in existing maps, images, and topologies directly from Cisco Prime Infrastructure and the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), making upgrades easy and quick. Device configurations by site can be consolidated in a "golden image" that can be used to automatically provision new network devices. These new devices can either be pre-staged by associating the device details and mapping to a site. Or they can be claimed upon connection and mapped to the site.
Policy: Translate business intent into network policies and apply those policies, such as access control, traffic routing, and quality of service, consistently over the entire wired and wireless infrastructure. Policy-based access control and network segmentation is a critical function of the Cisco Software-Defined Access (SDAccess) solution built from Cisco DNA Center and Cisco Identity Services Engine (ISE). Cisco AI Network Analytics and Cisco Group-Based Policy Analytics running in the Cisco DNA Center identify endpoints, group similar endpoints, and determine group communication behavior. Cisco DNA Center then facilitates creating policies that determine the form of communication allowed between and within members of each group. ISE then activates the underlying infrastructure and segments the network creating a virtual overlay to follow these policies consistently. Such segmenting implements zero-trust security in the workplace, reduces risk, contains threats, and helps verify regulatory compliance by giving endpoints just the right level of access they need.
Provision: Once you have created policies in Cisco DNA Center, provisioning is a simple drag-and-drop task.
The profiles (called scalable group tags or "SGTs") in the Cisco DNA Center inventory list are assigned a policy, and this policy will always follow the identity. The process is completely automated and zero-touch. New devices added to the network are assigned to an SGT based on identity-greatly facilitating remote office setups.
Assurance: Cisco DNA Assurance, using AI/ML, enables every point on the network to become a sensor, sending continuous streaming telemetry on application performance and user connectivity in real time. The clean and simple dashboard shows detailed network health and flags issues. Then, guided remediation automates resolution to keep your network performing at its optimal with less mundane troubleshooting work.
The outcome is a consistent experience and proactive optimization of your network, with less time spent on troubleshooting tasks.
Explanation Cisco DNA Center has four general sections aligned to IT workflows: Design: Design your network for consistent configurations by device and by site. Physical maps and logical topologies help provide quick visual reference. The direct import feature brings in existing maps, images, and topologies directly from Cisco Prime Infrastructure and the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), making upgrades easy and quick. Device configurations by site can be consolidated in a "golden image" that can be used to automatically provision new network devices. These new devices can either be pre-staged by associating the device details and mapping to a site. Or they can be claimed upon connection and mapped to the site. Policy: Translate business intent into network policies and apply those policies, such as access control, traffic routing, and quality of service, consistently over the entire wired and wireless infrastructure. Policy-based access control and network segmentation is a critical function of the Cisco Software-Defined Access (SDAccess) solution built from Cisco DNA Center and Cisco Identity Services Engine (ISE). Cisco AI Network Analytics and Cisco Group-Based Policy Analytics running in the Cisco DNA Center identify endpoints, group similar endpoints, and determine group communication behavior. Cisco DNA Center then facilitates creating policies that determine the form of communication allowed between and within members of each group. ISE then activates the underlying infrastructure and segments the network creating a virtual overlay to follow these policies consistently. Such segmenting implements zero-trust security in the workplace, reduces risk, contains threats, and helps verify regulatory compliance by giving endpoints just the right level of access they need. Provision: Once you have created policies in Cisco DNA Center, provisioning is a simple drag-and-drop task. The profiles (called scalable group tags or "SGTs") in the Cisco DNA Center inventory list are assigned a policy, and this policy will always follow the identity. The process is completely automated and zero-touch. New devices added to the network are assigned to an SGT based on identity-greatly facilitating remote office setups. Assurance: Cisco DNA Assurance, using AI/ML, enables every point on the network to become a sensor, sending continuous streaming telemetry on application performance and user connectivity in real time. The clean and simple dashboard shows detailed network health and flags issues. Then, guided remediation automates resolution to keep your network performing at its optimal with less mundane troubleshooting work. The outcome is a consistent experience and proactive optimization of your network, with less time spent on troubleshooting tasks. Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06- dna-center-so-cte-en.html


NEW QUESTION # 271
Drag and drop the threats from the left onto examples of that threat on the right

Answer:

Explanation:


NEW QUESTION # 272
Drag and drop the deployment models from the left onto the explanations on the right.

Answer:

Explanation:


NEW QUESTION # 273
What is the most commonly used protocol for network telemetry?

  • A. NctFlow
  • B. SMTP
  • C. SNMP
  • D. TFTP

Answer: A


NEW QUESTION # 274
What is the purpose of joining Cisco WSAs to an appliance group?

  • A. The group supports improved redundancy
  • B. All WSAs in the group can view file analysis results.
  • C. It simplifies the task of patching multiple appliances.
  • D. It supports cluster operations to expedite the malware analysis process.

Answer: A


NEW QUESTION # 275
Email security has become a high priority task for a security engineer at a large multi-national organization due to ongoing phishing campaigns. To help control this, the engineer has deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on the Cisco ESA Which action will the system perform to disable any links in messages that match the filter?

  • A. Defang
  • B. Quarantine
  • C. ScreenAction
  • D. FilterAction

Answer: A

Explanation:
Defanging is the process of modifying a URL in a message to prevent it from being clickable. This can help protect users from malicious links that have a low URL reputation score. Defanging is one of the actions that can be configured in the Incoming Content Filter on the Cisco ESA. The other actions are Quarantine, FilterAction, and ScreenAction. Quarantine sends the message to a quarantine area for further inspection.
FilterAction applies a predefined action such as drop, bounce, or deliver. ScreenAction displays a warning message to the user before allowing them to access the URL. Defanging is the only action that disables the links in the message without affecting the delivery or visibility of the message12. References: 1: URL Filtering on the Cisco IronPort ESA - Mikail's Blog 2: Configure URL Filtering for Secure Email Gateway and Cloud Gateway - Cisco Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/esa-content-filters.pdf


NEW QUESTION # 276
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?

  • A. RSA is an asymmetric key establishment algorithm intended to output symmetric keys
  • B. DH is an asymmetric key establishment algorithm intended to output symmetric keys
  • C. RSA is a symmetric key establishment algorithm intended to output asymmetric keys
  • D. DH is a symmetric key establishment algorithm intended to output asymmetric keys

Answer: B

Explanation:
ExplanationDiffie Hellman (DH) uses a private-public key pair to establish a shared secret, typically a symmetric key. DH is not a symmetric algorithm - it is an asymmetric algorithm used to establish a shared secret for a symmetric key algorithm.


NEW QUESTION # 277
An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?

  • A. Change the IP address of the new Cisco ISE node to the same network as the others.
  • B. Open port 8905 on the firewall between the Cisco ISE nodes
  • C. Make the new Cisco ISE node a secondary PAN before registering it with the primary.
  • D. Add the DNS entry for the new Cisco ISE node into the DNS server

Answer: C


NEW QUESTION # 278
An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?

  • A. Isolation
  • B. Blocked Application
  • C. Simple Custom Detection
  • D. Advanced Custom Detection

Answer: C

Explanation:
This is a type of Outbreak Control list that allows the administrator to create a list of files based on their SHA-256 hash values that will be detected, blocked, and quarantined by the AMP for Endpoints connectors.
The Simple Custom Detection list can be applied to a policy and synchronized with the devices that have the AMP connectors installed. This way, the administrator can prevent the execution of specific files without having to quarantine them on the devices.
The other options are incorrect because:
* Advanced Custom Detection is a type of Outbreak Control list that allows the administrator to create custom rules based on file attributes, such as file name, size, path, or parent process. These rules can be used to detect and block files that match certain criteria, but they cannot be used to quarantine them.
* Blocked Application is a type of Outbreak Control list that allows the administrator to create a list of applications based on their SHA-256 hash values that will be blocked from running on the devices that have the AMP connectors installed. However, this list does not detect or quarantine the applications, only prevents them from executing.
* Isolation is a feature of AMP for Endpoints that allows the administrator to isolate a device from the network if it is compromised by malware. This prevents the device from communicating with other devices or the internet, but does not affect the files on the device.
References:
* https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215176-configure-a-simple-custom-d
* https://community.cisco.com/t5/endpoint-security/block-list-data-source-in-cisco-amp/td-p/4077205
* https://community.cisco.com/t5/security-videos/amp4e-outbreak-control/ba-p/4071894


NEW QUESTION # 279
Drag and drop the solutions from the left onto the solution's benefits on the right.

Answer:

Explanation:


NEW QUESTION # 280
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

  • A. Add entries in the DHCP snooping database
  • B. Set a trusted interface for the DHCP server
  • C. Enable ARP inspection for the required VLAN
  • D. Set the DHCP snooping bit to 1

Answer: B

Explanation:
ExplanationTo understand DHCP snooping we need to learn about DHCP spoofing attack first.

DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature thatdetermines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCPmessages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP responseis seen on an untrusted port, the port is shut down.


NEW QUESTION # 281
In an IaaS cloud services model, which security function is the provider responsible for managing?

  • A. CASB
  • B. firewalling virtual machines
  • C. Internet proxy
  • D. hypervisor OS hardening

Answer: D

Explanation:
Infrastructure as a Service (IaaS) in cloud computing is one of the most significant and fastest growing field. In this service model, cloud providers offer resources to users/machines that include computers as virtual machines, raw (block) storage, firewalls, load balancers, and network devices.


NEW QUESTION # 282
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

  • A. Option
  • B. Push
  • C. Put
  • D. Get
  • E. Connect

Answer: C,D


NEW QUESTION # 283
Why is it important to implement MFA inside of an organization?

  • A. To prevent man-the-middle attacks from being successful.
  • B. To prevent brute force attacks from being successful.
  • C. To prevent phishing attacks from being successful.
  • D. To prevent DoS attacks from being successful.

Answer: B

Explanation:
Multi-factor authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy1. MFA is important to implement inside of an organization because it can prevent brute force attacks from being successful. A brute force attack is a type of cyberattack that tries to guess the user's password or PIN by trying different combinations until it finds the correct one. This can be done manually or with automated tools. MFA can stop brute force attacks by requiring an additional factor of authentication that the attacker does not have, such as a phone, a token, a biometric, or a location. MFA can also reduce the risk of other types of attacks that rely on stealing or compromising the user's credentials, such as phishing, keylogging, or credential stuffing. References := 1:
What is Multi-Factor Authentication (MFA)? | OneLogin


NEW QUESTION # 284
Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Answer:

Explanation:


NEW QUESTION # 285
Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?

  • A. southbound API
  • B. eastbound API
  • C. northbound API
  • D. westbound AP

Answer: A

Explanation:
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs.


NEW QUESTION # 286
Which attack is preventable by Cisco ESA but not by the Cisco WSA?

  • A. phishing
  • B. SQL injection
  • C. DoS
  • D. buffer overflow

Answer: A

Explanation:
The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
Prevents the following:
+ Attacks that use compromised accounts and social engineering.
+ Phishing, ransomware, zero-day attacks and spoofing.
+ BEC with no malicious payload or URL.
The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
Prevents the following:
+ Attacks that use compromised accounts and social engineering.
+ Phishing, ransomware, zero-day attacks and spoofing.
+ BEC with no malicious payload or URL.
The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
Prevents the following:
+ Attacks that use compromised accounts and social engineering.
+ Phishing, ransomware, zero-day attacks and spoofing.
+ BEC with no malicious payload or URL.
Reference:
5/m_advanced_phishing_protection.html
5/m_advanced_phishing_protection.html


NEW QUESTION # 287
Drag and drop the concepts from the left onto the correct descriptions on the right

Answer:

Explanation:


NEW QUESTION # 288
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

  • A. Spero Engine with machine learning to perform dynamic analysis
  • B. Ethos Engine to perform fuzzy fingerprinting
  • C. Clam AV Engine to perform email scanning
  • D. Tetra Engine to detect malware when me endpoint is connected to the cloud

Answer: B

Explanation:
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
Reference:
ETHOS = Fuzzy Fingerprinting using static/passive heuristics


NEW QUESTION # 289
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Answer:

Explanation:


NEW QUESTION # 290
......


Cisco 350-701 exam is an industry-standard certification that tests the knowledge and skills of IT professionals on the principles of implementing and operating Cisco Security Core Technologies. 350-701 exam is designed to assess the individual’s ability to manage complex security solutions, identify network vulnerabilities, and implement security policies to mitigate security threats. 350-701 exam is a core requirement for the CCNP Security certification and is ideal for IT professionals who want to advance their careers in security.


Upon passing the Cisco 350-701 Certification Exam, candidates earn the Cisco Certified Specialist - Security Core certification. Implementing and Operating Cisco Security Core Technologies certification demonstrates to employers that the candidate has a solid understanding of network security concepts and skills in implementing and operating Cisco Security Core Technologies.

 

Quickly and Easily Pass Cisco Exam with 350-701 real Dumps: https://actualanswers.pass4surequiz.com/350-701-exam-quiz.html