SCOR 350-701

A Cisco Secure Email Gateway network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco Secure Email Gateway is not dropping files that have an undetermined verdict. What is causing this issue?. The policy was created to send a message to quarantine instead of drop. The file has a reputation score that is above the threshold. The file has a reputation score that is below the threshold. The policy was created to disable file analysis.

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?. NetFlow. Packet Tracer. Network Discovery. Access Control.

Which attack is preventable by Cisco Secure Email Gateway but not by the Cisco Secure Web Appliance?. buffer overflow. DoS. SQL injection. phishing.

An administrator has been tasked with configuring the Cisco Secure Email Gateway to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two). Use outbreak filters from SenderBase. Enable a message tracking service. Configure a recipient access table. Deploy the Cisco Secure Email Gateway in the DMZ. Scan quarantined emails using AntiVirus signatures.

Which type of dashboard does Cisco DNA Center provide for complete control of the network?. service management. centralized management. application management. distributed management.

In an IaaS cloud services model, which security function is the provider responsible for managing?. Internet proxy. firewalling virtual machines. CASB. hypervisor OS hardening.

A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?. Use MAB with profiling. Use MAB with posture assessment. Use 802.1X with posture assessment. Use 802.1X with profiling.

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?. ntp peer 1.1.1.1 key 1. ntp server 1.1.1.1 key 1. ntp server 1.1.1.2 key 1. ntp peer 1.1.1.2 key 1.

What is the role of an endpoint in protecting a user from a phishing attack?. Use Cisco Secure Network Analytics and Cisco ISE Integration. Utilize 802.1X network security to ensure unauthorized access to resources. Use machine learning models to help identify anomalies and determine expected sending behavior. Ensure that antivirus and anti malware software is up to date.

Drag and drop the NetFlow export formats from the left onto the descriptions on the right. Version 1. Version 5. Version 8. Version 9.

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?. Set content settings to High. Configure the intelligent proxy. Use destination block lists. Configure application block lists.

With which components does a southbound API within a software-defined network architecture communicate?. controllers within the network. applications. appliances. devices such as routers and switches.

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower. What must be configured to accomplish this?. a Network Discovery policy to receive data from the host. a Threat Intelligence policy to download the data from the host. a File Analysis policy to send file data into Cisco Firepower. a Network Analysis policy to receive NetFlow data from the host.

When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?. The key server that is managing the keys for the connection will be at 1.2.3.4. The remote connection will only be allowed from 1.2.3.4. The address that will be used as the crypto validation authority. All IP addresses other than 1.2.3.4 will be allowed.

Which suspicious pattern enables the Cisco Secure Workload platform to learn the normal behavior of users?. file access from a different user. interesting file access. user login suspicious behavior. privilege escalation.

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two). Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the pre configured interval. Use EEM to have the ports return to service automatically in less than 300 seconds. Enter the shutdown and no shutdown commands on the interfaces. Enable the snmp-server enable traps command and wait 300 seconds. Ensure that interfaces are configured with the error-disable detection and recovery feature.

What is the difference between Cross-site Scripting and SQL Injection attacks?. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.

A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?. Adaptive Network Control Policy List. Context Visibility. Accounting Reports. RADIUS Live Logs.

What is a prerequisite when integrating a Cisco ISE server and an AD domain?. place the Cisco ISE server and the AD server in the same subnet. Configure a common administrator account. Configure a common DNS server. Synchronize the clocks of the Cisco ISE server and the AD server.

An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this?. Use security services to configure the traffic monitor, . Use URL categorization to prevent the application traffic. Use an access policy group to configure application control settings. Use web security reporting to validate engine functionality.

Which method is used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources?. BYOD on boarding. Simple Certificate Enrollment Protocol. Client provisioning. MAC authentication bypass.

What will happen when this Python script is run?. The compromised computers and malware trajectories will be received from Cisco AMP. The list of computers and their current vulnerabilities will be received from Cisco AMP. The compromised computers and what compromised them will be received from Cisco AMP. The list of computers, policies, and connector statuses will be received from Cisco AMP.

Which factor must be considered when choosing the on-premise solution over the cloud-based one?. With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it. With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product. With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product. With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?. Cisco Umbrella. Cisco AMP. Cisco Secure Network Analytics. Cisco Secure Workload.

Which term describes when the Cisco Secure Firewall downloads threat intelligence updates from Cisco Talos?. consumption. sharing. analysis. authoring.

An organization has a Cisco Secure Cloud Analytics deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?. Configure security appliances to send syslogs to Cisco Secure Cloud Analytics. Configure security appliances to send NetFlow to Cisco Secure Cloud Analytics. Deploy a Cisco FTD sensor to send events to Cisco Secure Cloud Analytics. Deploy a Cisco Secure Cloud Analytics sensor on the network to send data to Cisco Secure Cloud Analytics.

What does Cisco Secure Endpoint use to help an organization detect different families of malware?. Ethos Engine to perform fuzzy fingerprinting. Tetra Engine to detect malware when me endpoint is connected to the cloud. Clam AV Engine to perform email scanning. Spero Engine with machine learning to perform dynamic analysis.

What are two characteristics of Cisco Catalyst Center APIs? (Choose two). Postman is required to utilize Cisco Catalyst Center API calls.val. They do not support Python scripts. They are Cisco proprietary. They quickly provision new devices. They view the overall health of the network.

What is a benefit of conducting device compliance checks?. It indicates what type of operating system is connecting to the network. It validates if anti-virus software is installed. It scans endpoints to determine if malicious activity is taking place. It detects email phishing attacks.

In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two). It allows multiple security products to share information and work together to enhance security posture in the network. It creates a dashboard in Cisco ISE that provides full visibility of all connected endpoints. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. It integrates with third-party products to provide better visibility throughout the network. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID).

What is the benefit of installing Cisco Secure Endpoint on a network?. It provides operating system patches on the endpoints for security. It provides flow-based visibility for the endpoints network connections. It enables behavioral analysis to be used for the endpoints. It protects endpoint systems through application control and real-time scanning.

An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?. Set a trusted interface for the DHCP server. Set the DHCP snooping bit to 1. Add entries in the DHCP snooping database. Enable ARP inspection for the required VLAN.

What will happen when the Python script is executed?. The hostname will be translated to an IP address and printed. The hostname will be printed for the client in the client ID field. The script will pull all computer hostnames and print them. The script will translate the IP address to FODN and print it.

When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?. Group Policy. Method. SAML Server. DHCP Servers.

An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform. What should be used to meet these requirements?. Cisco Umbrella. Cisco Cloud Email Security. Cisco NGFW. Cisco Cloudlock.

An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?. SIEM. CASB. Adaptive MFA. Cisco Cloudlock.

Why is it important to implement MFA inside of an organization?. To prevent man-the-middle attacks from being successful. To prevent DoS attacks from being successful. To prevent brute force attacks from being successful. To prevent phishing attacks from being successful.

Drag and drop the solutions from the left onto the solution’s benefits on the right. Cisco Secure Network Analytics. Cisco ISE. Cisco TrustSec. Cisco Umbrella.

A network administrator is configuring SNMPv3 on a new router. The users have already been created; however, an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?. map SNMPv3 users to SNMP views. set the password to be used for SNMPv3 authentication. define the encryption algorithm to be used by SNMPv3. specify the UDP port used by SNMP.

An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?. Cisco Defense Orchestrator. Cisco Secureworks. Cisco DNA Center. Cisco Configuration Professional.

What is a function of 3DES in reference to cryptography?. It hashes files. It creates one-time use passwords. It encrypts traffic. It generates private keys.

Which risk is created when using an Internet browser to access cloud-based service?. misconfiguration of infrastructure, which allows unauthorized access. intermittent connection to the cloud connectors. vulnerabilities within protocol. insecure implementation of API.

An organization has a Cisco Secure Email Gateway set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?. deliver and send copies to other recipients. quarantine and send a DLP violation notification. quarantine and alter the subject header with a DLP violation. deliver and add disclaimer text.

Drag and drop the common security threats from left onto the definitions on the right. botnet. worm. phishing. spam.

An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?. configure manager add DONTRESOLVE <registration key>. configure manager add <FMC IP address> <registration key> 16. configure manager add DONTRESOLVE <registration key> FTD123. configure manager add <FMC IP address> <registration key>.

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?. It forwards the packet after validation by using the MAC Binding Table. It drops the packet after validation by using the IP & MAC Binding Table. It forwards the packet without validation. It drops the packet without validation.