[May-2024 Newly Released] 350-701 Dumps for CCNP Security Certified [Q178-Q202]

[May-2024 Newly Released] 350-701 Dumps for CCNP Security Certified

Updated Verified 350-701 dumps Q&As - 100% Pass

NEW QUESTION # 178
A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?

• A. denial -of-service
• B. cross-site request forgery
• C. SQL injection
• D. man-in-the-middle

Answer: C

Explanation:
An application that does not validate user input is particularly susceptible to SQL injection attacks. In an SQL injection attack, an attacker can insert or "inject" a SQL query via the input data from the client to the application. Due to the lack of validation, the malicious SQL commands are executed by the database server, leading to unauthorized access or manipulation of the database.

NEW QUESTION # 179
A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1. Which command achieves this goal?

• A. snmp-server host inside 10.255.254.1 snmpv3 andy
• B. snmp-server host inside 10.255.254.1 version 3 andy
• C. snmp-server host inside 10.255.254.1 snmpv3 myv3
• D. snmp-server host inside 10.255.254.1 version 3 myv3

Answer: B

Explanation:
Explanation
The command "snmp-server user user-name group-name [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access access-list]" adds a new user (in this case "andy") to an SNMPv3 group (in this case group name "myv3") and configures a password for the user.
In the "snmp-server host" command, we need to:
+ Specify the SNMP version with key word "version {1 | 2 | 3}"
+ Specify the username ("andy"), not group name ("myv3").
Note: In "snmp-server host inside ..." command, "inside" is the interface name of the ASA interface through which the NMS (located at 10.255.254.1) can be reached.

NEW QUESTION # 180
What is a difference between GRE over IPsec and IPsec with crypto map?

• A. GRE provides its own encryption mechanism.
• B. GRE over IPsec supports non-IP protocols.
• C. IPsec with crypto map oilers better scalability.
• D. Multicast traffic is supported by IPsec with crypto map.

Answer: B

Explanation:
The difference between GRE over IPsec and IPsec with crypto map is that GRE (Generic Routing Encapsulation) over IPsec can encapsulate and transport non-IP protocols across an IP network, whereas IPsec with crypto map is typically used for IP traffic. GRE tunnels wrapped in IPsec provide a way to transport multicast traffic and other protocol types across an IPsec VPN, offering greater flexibility in the types of traffic that can be secured.

NEW QUESTION # 181
Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

• A. interesting file access
• B. privilege escalation
• C. user login suspicious behavior
• D. file access from a different user

Answer: C

Explanation:
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.
The various suspicious patterns for which the Cisco Tetration platform looks in the current release are:
+ Shell code execution: Looks for the patterns used by shell code.
+ Privilege escalation: Watches for privilege changes from a lower privilege to a higher privilege in the process lineage tree.
+ Side channel attacks: Cisco Tetration platform watches for cache-timing attacks and page table fault bursts.
Using these, it can detect Meltdown, Spectre, and other cache-timing attacks.
+ Raw socket creation: Creation of a raw socket by a nonstandard process (for example, ping).
+ User login suspicious behavior: Cisco Tetration platform watches user login failures and user login methods.
+ Interesting file access: Cisco Tetration platform can be armed to look at sensitive files.
+ File access from a different user: Cisco Tetration platform learns the normal behavior of which file is accessed by which user.
+ Unseen command: Cisco Tetration platform learns the behavior and set of commands as well as the lineage of each command over time. Any new command or command with a different lineage triggers the interest of the Tetration Analytics platform.

NEW QUESTION # 182
Drag and drop the concepts from the left onto the correct descriptions on the right

Answer:

Explanation:

NEW QUESTION # 183
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

• A. Cisco Umbrella
• B. Cisco Threat Grid
• C. External Threat Feeds
• D. Cisco Stealthwatch

Answer: B

Explanation:
Explanation Cisco Threat Intelligence Director (CTID) can be integrated with existing Threat Intelligence Platforms deployed by your organization to ingest threat intelligence automatically. Reference: https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligencedirector Cisco Threat Intelligence Director (CTID) can be integrated with existing Threat Intelligence Platforms deployed by your organization to ingest threat intelligence automatically.
Explanation Cisco Threat Intelligence Director (CTID) can be integrated with existing Threat Intelligence Platforms deployed by your organization to ingest threat intelligence automatically. Reference: https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligencedirector

NEW QUESTION # 184
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?

• A. SDLC
• B. Lambda
• C. Docker
• D. Contiv

Answer: C

NEW QUESTION # 185
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?

• A. RADIUS Live Logs
• B. Adaptive Network Control Policy List
• C. Accounting Reports
• D. Context Visibility

Answer: A

Explanation:
How To Troubleshoot ISE Failed Authentications & Authorizations
Check the ISE Live Logs
Login to the primary ISE Policy Administration Node (PAN).
Go to Operations > RADIUS > Live Logs
(Optional) If the event is not present in the RADIUS Live Logs, go to Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications Check for Any Failed Authentication Attempts in the Log

NEW QUESTION # 186
Which threat involves software being used to gain unauthorized access to a computer system?

• A. ping of death
• B. virus
• C. HTTP flood
• D. NTP amplification

Answer: B

Explanation:
A virus is a type of malware that infects a computer system by attaching itself to another program or file. Once executed, the virus can replicate itself and spread to other files or systems. A virus can be used to gain unauthorized access to a computer system by exploiting software vulnerabilities, stealing credentials, or installing backdoors. A virus can also cause damage to the system by deleting, modifying, or encrypting data, or consuming system resources. According to the Implementing and Operating Cisco Security Core Technologies (SCOR) course, viruses are one of the most common forms of malware and can be classified into different types based on their behavior, such as boot sector viruses, file infectors, macro viruses, or polymorphic viruses1. References: 1: Implementing and Operating Cisco Security Core Technologies (SCOR) course, Module 1: Malware Analysis, Lesson 1: Malware Types and Characteristics, Topic: Virus.

NEW QUESTION # 187
Drag and drop the VPN functions from the left onto the description on the right.

Answer:

Explanation:

NEW QUESTION # 188
What is the benefit of integrating cisco ISE with a MDM solution?

• A. It provides network device administration access
• B. It provides compliance checks for access to the network
• C. It provides the ability to add applications to the mobile device through Cisco ISE
• D. It provides the ability to update other applications on the mobile device

Answer: B

NEW QUESTION # 189
Drag and drop the descriptions from the left onto the correct protocol versions on the right.

Answer:

Explanation:

Explanation:
Graphical user interface Description automatically generated with low confidence

NEW QUESTION # 190
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

• A. mirror port
• B. Flow
• C. NetFlow
• D. VPC flow logs

Answer: D

Explanation:
https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/q-and-a-c67-737402.html

NEW QUESTION # 191
An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE Which action accomplishes this task?

• A. Modify the DHCP relay and point the IP address to Cisco ISE.
• B. Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot get an IP address
• C. Configure DHCP snooping on the switch VLANs and trust the necessary interfaces
• D. Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE

Answer: C

NEW QUESTION # 192
What provides visibility and awareness into what is currently occurring on the network?

• A. WMI
• B. Telemetry
• C. Prime Infrastructure
• D. CMX

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/dam/en_us/about/doing_business/legal/service_descriptions/docs/activethreat-analytics

NEW QUESTION # 193
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network. Which action tests the routing?

• A. Ensure that the client computers are pointing to the on-premises DNS servers.
• B. Add the public IP address that the client computers are behind to a Core Identity.
• C. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
• D. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Answer: D

NEW QUESTION # 194
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

• A. Cisco Duo
• B. Cisco AnyConnect
• C. Cisco AMP for Endpoints
• D. Cisco Umbrella

Answer: C

Explanation:
Cisco AMP for Endpoints is a solution that enables protection, detection, and response on the endpoint against known and unknown threats. It provides continuous visibility and analysis of endpoint activity, as well as automated threat prevention and response capabilities. It leverages cloud-based intelligence, sandboxing, and machine learning to block malware, fileless attacks, ransomware, and other advanced threats. It also allows security teams to quickly investigate and remediate incidents, as well as hunt for indicators of compromise across all endpoints. Cisco AMP for Endpoints is part of the Cisco SecureX platform, which integrates with other Cisco security solutions to provide a unified and simplified security experience. The other options are not correct because they do not offer the same level of endpoint protection, detection, and response as Cisco AMP for Endpoints. Cisco AnyConnect is a VPN solution that provides secure access to the network for remote workers, but it does not monitor or respond to endpoint threats. Cisco Umbrella is a DNS security solution that blocks malicious domains, IPs, and URLs, but it does not analyze or remediate endpoint activity.
Cisco Duo is a multi-factor authentication solution that verifies the identity of users and devices, but it does not protect or detect endpoint attacks. References := Some possible references are:
* Cisco AMP for Endpoints
* Cisco SecureX
* Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 - Module 5: Endpoint Protection and Detection

NEW QUESTION # 195
An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth.
Which product meets all of these requirements?

• A. Cisco Prime Infrastructure
• B. Cisco Identity Services Engine
• C. Cisco Stealthwatch
• D. Cisco AMP for Endpoints

Answer: B

NEW QUESTION # 196
A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?

• A. a File Analysis policy to send file data into Cisco Firepower
• B. a Threat Intelligence policy to download the data from the host
• C. a Network Discovery policy to receive data from the host
• D. a Network Analysis policy to receive NetFlow data from the host

Answer: C

Explanation:
You can configure discovery rules to tailor the discovery of host and application data to your needs.
The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map.
A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt

NEW QUESTION # 197
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

• A. Set a trusted interface for the DHCP server
• B. Enable ARP inspection for the required VLAN
• C. Add entries in the DHCP snooping database
• D. Set the DHCP snooping bit to 1

Answer: A

Explanation:
To understand DHCP snooping we need to learn about DHCP spoofing attack first.

DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.

NEW QUESTION # 198
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.
How does the switch behave in this situation?

• A. It drops the packet without validation.
• B. It forwards the packet after validation by using the MAC Binding Table.
• C. It forwards the packet without validation.
• D. It drops the packet after validation by using the IP & MAC Binding Table.

Answer: D

NEW QUESTION # 199
How does a cloud access security broker function?

• A. It acts as a security information and event management solution and receives syslog from other cloud solutions.
• B. It scans other cloud solutions being used within the network and identifies vulnerabilities
• C. It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution
• D. lt integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution

Answer: D

NEW QUESTION # 200
What is the function of SDN southbound API protocols?

• A. to enable the controller to use REST
• B. to enable the controller to make changes
• C. to allow for the static configuration of control plane applications
• D. to allow for the dynamic configuration of control plane applications

Answer: B

Explanation:
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs.
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs.
Reference:
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs.

Note: Southbound APIs helps us communicate with data plane (not control plane) applications

NEW QUESTION # 201
A network administrator is configuring a role in an access control policy to block certain URLs and selects the
"Chat and instant Messaging" category. which reputation score should be selected to accomplish this goal?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

NEW QUESTION # 202
......

Latest 350-701 Exam Dumps Cisco Exam from Training: https://www.testvalid.com/350-701-exam-collection.html

New 2024 Latest Questions 350-701 Dumps - Use Updated Cisco Exam: https://drive.google.com/open?id=19GrfV2GNA3GkEqNLfECXqA6cmsyfWCBm