[2025] Use Valid 350-701 Exam - Actual Exam Question & Answer [Q328-Q349]

Share

[2025] Use Valid 350-701 Exam - Actual Exam Question & Answer

Test Engine to Practice 350-701 Test Questions

NEW QUESTION # 328
What are two rootkit types? (Choose two)

  • A. buffer mode
  • B. virtual
  • C. user mode
  • D. registry
  • E. bootloader

Answer: C,E

Explanation:
ExplanationThe term 'rootkit' originally comes from the Unix world, where the word 'root' is used to describe a user with thehighest possible level of access privileges, similar to an 'Administrator' in Windows. The word
'kit' refers to thesoftware that grants root-level access to the machine. Put the two together and you get
'rootkit', a program thatgives someone - with legitimate or malicious intentions - privileged access to a computer.There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits, Memory rootkits


NEW QUESTION # 329
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.

Answer:

Explanation:


NEW QUESTION # 330
In which cloud services model is the tenant responsible for virtual machine OS patching?

  • A. PaaS
  • B. SaaS
  • C. IaaS
  • D. UCaaS

Answer: C

Explanation:
Explanation
Only in On-site (on-premises) and IaaS we (tenant) manage O/S (Operating System).


NEW QUESTION # 331
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

  • A. Ethos Engine to perform fuzzy fingerprinting
  • B. Tetra Engine to detect malware when me endpoint is connected to the cloud
  • C. Clam AV Engine to perform email scanning
  • D. Spero Engine with machine learning to perform dynamic analysis

Answer: A

Explanation:
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
Reference:
ETHOS = Fuzzy Fingerprinting using static/passive heuristics
ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
ETHOS = Fuzzy Fingerprinting using static/passive heuristics


NEW QUESTION # 332
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?

  • A. RSA is a symmetric key establishment algorithm intended to output asymmetric keys
  • B. DH is a symmetric key establishment algorithm intended to output asymmetric keys
  • C. RSA is an asymmetric key establishment algorithm intended to output symmetric keys
  • D. DH is on asymmetric key establishment algorithm intended to output symmetric keys

Answer: D

Explanation:
Diffie Hellman (DH) uses a private-public key pair to establish a shared secret, typically a symmetric key. DH is not a symmetric algorithm - it is an asymmetric algorithm used to establish a shared secret for a symmetric key algorithm.


NEW QUESTION # 333
Under which two circumstances is a CoA issued? (Choose two)

  • A. A new Identity Service Engine server is added to the deployment with the Administration persona
  • B. A new authentication rule was added to the policy on the Policy Service node.
  • C. An endpoint is deleted on the Identity Service Engine server.
  • D. A new Identity Source Sequence is created and referenced in the authentication policy.
  • E. An endpoint is profiled for the first time.

Answer: C,E

Explanation:
The profiling service issues the change of authorization in the following cases:
- Endpoint deleted-When an endpoint is deleted from the Endpoints page and the endpoint is disconnected or removed from the network.
An exception action is configured-If you have an exception action configured per profile that leads to an unusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to the corresponding static profile by issuing a CoA.
- An endpoint is profiled for the first time-When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile.
+ An endpoint identity group has changed-When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy.
The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:
++ The endpoint identity group changes for endpoints when they are dynamically profiled
++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint - An endpoint profiling policy has changed and the policy is used in an authorization policy-When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy.
Reference:
b_ise_admin_guide_20_chapter_010100.html


NEW QUESTION # 334
Which technology provides a combination of endpoint protection endpoint detection, and response?

  • A. Cisco Umbrella
  • B. Cisco Threat Grid
  • C. Cisco Talos
  • D. Cisco AMP

Answer: D


NEW QUESTION # 335
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment Which tool should be used to accomplish this goal?

  • A. Cisco ISE
  • B. Cloudlock
  • C. Security Manager
  • D. Web Security Appliance

Answer: B

Explanation:
https://www.cisco.com/c/dam/en/us/products/collateral/security/cloudlock/cisco-cloudlock-cloud-data-securitydatasheet.pdf


NEW QUESTION # 336
Which Dos attack uses fragmented packets to crash a target machine?

  • A. smurf
  • B. LAND
  • C. teardrop
  • D. MITM

Answer: C

Explanation:
ExplanationExplanationA teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a targetmachine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IPfragmentation reassembly, the packets overlap one another, crashing the target network device. This generally happens on older operating systems such as Windows 3.1x, Windows 95, Windows NT and versions of the Linux kernel prior to 2.1.63.


NEW QUESTION # 337
Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

  • A. phishing
  • B. man-in-the-middle
  • C. DDOS
  • D. brute force
  • E. tear drop

Answer: B,D


NEW QUESTION # 338
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?

  • A. Client computers do not have the Cisco Umbrella Root CA certificate installed.
  • B. IP-Layer Enforcement is not configured.
  • C. Client computers do not have an SSL certificate deployed from an internal CA server.
  • D. Intelligent proxy and SSL decryption is disabled in the policy.

Answer: A

Explanation:
Explanation
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the-Intelligent-Proxy


NEW QUESTION # 339
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements?

  • A. Cisco NGFW
  • B. Cisco Umbrella
  • C. Cisco Cloud Email Security
  • D. Cisco Cloudlock

Answer: D

Explanation:
Explanation
Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.


NEW QUESTION # 340
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.

Answer:

Explanation:


NEW QUESTION # 341
What are two benefits of using Cisco Duo as an MFA solution? (Choose two.)

  • A. provides simple and streamlined login experience for multiple applications and users
  • B. allows for centralized management of endpoint device applications and configurations
  • C. encrypts data that is stored on endpoints
  • D. native integration that helps secure applications across multiple cloud platforms or on-premises environments
  • E. grants administrators a way to remotely wipe a lost or stolen device

Answer: A,D

Explanation:
Cisco Duo is a multi-factor authentication (MFA) solution that verifies the identity of all users with Duo's easy, one-tap-approval MFA app. It also provides device visibility and adaptive policies to ensure that only trusted devices can access corporate applications and networks. Some of the benefits of using Cisco Duo as an MFA solution are:
* It provides a simple and streamlined login experience for multiple applications and users. Users can access all their applications from a single dashboard, and authenticate with a simple push notification or other convenient methods. Duo also supports single sign-on (SSO) for integrated applications, reducing the need for multiple passwords and logins12.
* It offers native integration that helps secure applications across multiple cloud platforms or on-premises environments. Duo can be easily integrated with most major apps and custom applications, enabling a secure access solution that can be implemented with minimal IT involvement. Duo also supports various protocols and standards, such as SAML, RADIUS, LDAP, and WebAuthn, to enable seamless integration with different environments13.
References: 1: Multi-Factor Authentication (MFA) | Duo Security 2: Multi-Factor Authentication (MFA) | Duo Security - Cisco 3: What Is Duo? Two-Factor Authentication From Cisco - Cisco


NEW QUESTION # 342
What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?

  • A. After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL1
  • B. After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL
  • C. lf four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt.
  • D. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds.

Answer: D


NEW QUESTION # 343
What is a key difference between Cisco Firepower and Cisco ASA?

  • A. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.
  • B. Cisco ASA provides access control while Cisco Firepower does not.
  • C. Cisco Firepower provides identity-based access control while Cisco ASA does not.
  • D. Cisco ASA provides SSL inspection while Cisco Firepower does not.

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-firepowerservices/200451-Configure-Intrusion-Policy-and-Signature.html


NEW QUESTION # 344
Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?

  • A. private cloud
  • B. public cloud
  • C. network AMP
  • D. cloud web services

Answer: A

Explanation:
Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-based solution that provides endpoint protection against malware and advanced threats. It can be deployed in different architectures depending on the customer's needs and preferences. One of the deployment options is the private cloud, which is designed to keep data within a network perimeter. In this option, the customer hosts the AMP for Endpoints console and the AMP cloud on their own infrastructure, and the endpoints connect to the private cloud for analysis and policy enforcement. This option provides more control and privacy over the data, but also requires more resources and maintenance from the customer. The other deployment options are the public cloud, which uses the Cisco-hosted AMP cloud and console, and the hybrid cloud, which uses a combination of the public and private clouds123 References: 1: Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) course overview 2: Cisco Secure Endpoint (Formerly AMP for Endpoints) - Cisco 3: Cisco Advanced Malware Protection for Endpoints - Zones


NEW QUESTION # 345
What is the function of Cisco Cloudlock for data security?

  • A. controls malicious cloud apps
  • B. data loss prevention
  • C. user and entity behavior analytics
  • D. detects anomalies

Answer: B

Explanation:
The function of Cisco Cloudlock for data security is data loss prevention (DLP). Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cloudlock's simple, open, and automated approach uses APIs to manage the risks in your cloud app ecosystem1. One of the key features of Cloudlock is its DLP technology, which continuously monitors cloud environments to detect and secure sensitive information. It provides countless out-of-the-box policies as well as highly tunable custom policies. You can use Cloudlock's DLP to prevent data breaches, comply with regulations, and enforce data governance across SaaS, PaaS, and IaaS platforms2. References: 1: Cisco Cloudlock - Cisco2: Cloudlock: Cloud User Security - Cisco Umbrella.


NEW QUESTION # 346
Why is it important to patch endpoints consistently?

  • A. Patching allows for creating a honeypot.
  • B. Patching is required per the vendor contract.
  • C. Patching helps to mitigate vulnerabilities.
  • D. Patching reduces the attack surface of the infrastructure.

Answer: C


NEW QUESTION # 347
Drag and drop the security responsibilities from the left onto the corresponding cloud service models on the right.

Answer:

Explanation:

Explanation:

The cloud security shared responsibility model is a way of describing how the security tasks and obligations are divided between the cloud service provider (CSP) and the customer, depending on the type of cloud service model used. The cloud service models are:
* Software as a Service (SaaS): The CSP provides and manages the entire software stack, including the applications, data, runtime, middleware, operating system, virtualization, servers, storage, and networking. The customer only needs to access the software through a web browser or an application.
The customer is responsible for managing their own data and identities, as well as configuring the security settings of the software. The CSP is responsible for everything else, including patching the operating system and the applications12
* Platform as a Service (PaaS): The CSP provides and manages the platform layer, including the runtime, middleware, operating system, virtualization, servers, storage, and networking. The customer can deploy and run their own applications and data on the platform, using the tools and languages supported by the CSP. The customer is responsible for managing their own applications and data, as well as configuring
* the security settings of the platform. The CSP is responsible for patching the operating system and the middleware12
* Infrastructure as a Service (IaaS): The CSP provides and manages the infrastructure layer, including the virtualization, servers, storage, and networking. The customer can provision and use virtual machines, containers, or bare metal servers, and install their own operating system, middleware, applications, and data. The customer is responsible for managing and patching their own operating system, middleware, applications, and data, as well as configuring the security settings of the infrastructure. The CSP is responsible for the physical security and availability of the infrastructure12 References := 1: Shared responsibility in the cloud - Microsoft Azure 2: Cloud security shared responsibility model - NCSC


NEW QUESTION # 348
Which API is used for Content Security?

  • A. NX-OS API
  • B. AsyncOS API
  • C. IOS XR API
  • D. OpenVuln API

Answer: B

Explanation:
Content Security is a term that encompasses various security features and solutions that protect the data and applications from threats such as malware, ransomware, phishing, data loss, and unauthorized access. Content Security includes products such as Cisco Email Security, Cisco Web Security, Cisco Cloudlock, and Cisco Umbrella. These products use the AsyncOS API, which is a RESTful API that allows administrators and developers to programmatically interact with the content security appliances and services. The AsyncOS API enables tasks such as configuration, reporting, monitoring, troubleshooting, and automation of content security policies and actions. The AsyncOS API is based on the HTTP protocol and uses JSON or XML as the data format. The AsyncOS API also supports authentication, authorization, rate limiting, and error handling mechanisms. The AsyncOS API documentation provides the details of the available resources, methods, parameters, and responses for each content security product. References :=
* Cisco Content Security Products
* AsyncOS API Overview
* AsyncOS API Documentation
1: https://www.cisco.com/c/en/us/products/security/content-security/index.html 2:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-0/API/b_ESA_API_13_0_1/b_ESA_API_13_0_1_cha
https://developer.cisco.com/docs/email-security/#!asyncos-api-overview


NEW QUESTION # 349
......

350-701 Actual Questions Answers PDF 100% Cover Real Exam Questions: https://www.torrentvce.com/350-701-valid-vce-collection.html

350-701 Real Exam Questions Test Engine Dumps Training With 630 Questions: https://drive.google.com/open?id=1wQW91DNZRiUbLJsp8xSLIvxwWPO5_GXi