SCOR 350-701

What is a characteristic of a bridge group in ASA Firewall transparent mode?. It includes multiple interfaces and access rules between interfaces are customizable. It is a Layer 3 segment and includes one port and customizable access rules. It allows ARP traffic with a single access rule. It has an IP address on its BVI interface and is used for management traffic.

When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?. Common Security Exploits. Common Vulnerabilities and Exposures. Common Exploits and Vulnerabilities. Common Vulnerabilities, Exploits and Threats.

Which two fields are defined in the NetFlow flow? (Choose two). type of service byte. class of service bits. Layer 4 protocol type. destination port. output logical interface.

What provides the ability to program and monitor networks from somewhere other than the DNAC GUI?. NetFlow. desktop client. ASDM. API.

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right. Cisco Firepower. Cisco AMP.

Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right. sniffing the packets between the two hosts. sending continuous pings. overflowing the buffer’s memory. inserting malicious commands into the database.

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?. Cisco Firepower. Cisco Umbrella. ISE. AMP.

A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?. Security Manager. Cloudlock. Web Security Appliance. Cisco ISE.

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?. Disable telnet using the no ip telnet command. Enable the SSH server using the ip ssh server command. Configure the port using the ip ssh port 22 command. enerate the RSA key using the crypto key generate rsa command.

A network administrator is using the Cisco Secure Email Gateway with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco Secure Email Gateway handle any files which need analysis?. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload. The file is queued for upload when connectivity is restored. The file upload is abandoned. The Secure Email Gateway immediately makes another attempt to upload the file.

Which type of algorithm provides the highest level of protection against brute-force attacks?. PFS. HMAC. MD5. SHA.

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?. posture assessment. CoA. external identity source. SNMP probe.

Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?. PSIRT. Talos. CSIRT. DEVNET.

What are the two types of managed Intercloud Fabric deployment models? (Choose two). Service Provider managed. Public managed. Hybrid managed. User managed. Enterprise managed.

What are two DDoS attack categories? (Choose two). sequential. protocol. database. volume-based. screen-based.

Which type of authentication is in use?. LDAP authentication for Microsoft Outlook. POP3 authentication. SMTP relay server authentication. external user and relay mail authentication.

An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?. Configure the Cisco Secure Web Appliance to modify policies based on the traffic seen. Configure the Cisco Secure Email Gateway to receive real-time updates from Talos. Configure the Cisco Secure Web Appliance to receive real-time updates from Talos. Configure the Cisco Secure Email Gateway to modify policies based on the traffic seen.

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?. Encrypted Traffic Analytics. Threat Intelligence Director. Cognitive Threat Analytics. Cisco Talos Intelligence.

What are two benefits of Flexible NetFlow records? (Choose two). They allow the user to configure flow information to perform customized traffic identification. They provide attack prevention by dropping the traffic. They provide accounting and billing enhancements. They converge multiple accounting technologies into one accounting mechanism. They provide monitoring of a wider range of IP packet information from Layer 2 to 4.

What is the function of SDN southbound API protocols?. to allow for the dynamic configuration of control plane applications. to enable the controller to make changes. to enable the controller to use REST. to allow for the static configuration of control plane applications.

Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?. No split-tunnel policy is defined on the Firepower Threat Defense appliance. The access control policy is not allowing VPN traffic in. Site-to-site VPN peers are using different encryption algorithms. Site-to-site VPN preshared keys are mismatched.

An attacker needs to perform reconnaissance on a target system to help gain access to it. The system has weak passwords, no encryption on the VPN links, and software bugs on the system’s applications. Which vulnerability allows the attacker to see the passwords being transmitted in clear text?. weak passwords for authentication. unencrypted links for traffic. software bugs on applications. improper file security.

Using Cisco Firepower’s Security Intelligence policies, upon which two criteria is Firepower block based? (Choose two). URLs. protocol IDs. IP addresses. MAC addresses. port numbers.

Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?. Cisco WiSM. Cisco Secure Email Gateway. Cisco ISE. Cisco Prime Infrastructure.

How does DNS Tunneling exfiltrate data?. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.

A user has a device in the network that is receiving too many connection requests from multiple machines. Which type of attack is the device undergoing?. phishing. slowloris. pharming. SYN flood.

An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?. Configure the Cisco Secure Email Gateway to drop the malicious emails. Configure policies to quarantine malicious emails. Configure policies to stop and reject communication. Configure the Cisco Secure Email Gateway to reset the TCP connection.

A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two). permit. trust. reset. allow. monitor.

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?. mirror port. sFlow. NetFlow. VPC flow logs.

An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco Secure Email Gateway to accomplish this goal?. Configure incoming content filters. Use Bounce Verification. Configure Directory Harvest Attack Prevention. Bypass LDAP access queries in the recipient access table.

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?. Multiple NetFlow collectors are supported. Advanced NetFlow v9 templates and legacy v5 formatting are supported. Secure NetFlow connections are optimized for Cisco Prime Infrastructure. Flow-create events are delayed.

An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?. TCP 6514. UDP 1700. TCP 49. UDP 1812.

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?. Google Cloud Platform. Red Hat Enterprise Visualization. VMware ESXi. Amazon Web Services.

Drag and drop the suspicious patterns for the Cisco Secure Workload platform from the left onto the correct definitions on the right. interesting file access. file access from a different user. user login suspicious behavior. privilege escalation.

What is the purpose of the My Devices Portal in a Cisco ISE environment?. to register new laptops and mobile devices. to request a newly provisioned mobile device. to provision userless and agentless systems. to manage and deploy antivirus definitions and patches on systems owned by the end user.

An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?. ip dhcp snooping verify mac-address. ip dhcp snooping limit 41. ip dhcp snooping vlan 41. ip dhcp snooping trust.

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?. Cisco Cloudlock. Cisco Umbrella. Cisco AMP. Cisco App Dynamics.

What is managed by Cisco Security Manager?. access point. Secure Web Appliance. ASA. Secure Email Gateway.

How does Cisco Advanced Phishing Protection protect users?. It validates the sender by using DKIM. It determines which identities are perceived by the sender. It utilizes sensors that send messages securely. It uses machine learning and real-time behavior analytics.

What is a benefit of using Cisco FMC over Cisco ASDM?. Cisco FMC uses Java while Cisco ASDM uses HTML5. Cisco FMC provides centralized management while Cisco ASDM does not. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.

What is a key difference between Cisco Firepower and Cisco ASA?. Cisco ASA provides access control while Cisco Firepower does not. Cisco Firepower provides identity-based access control while Cisco ASA does not. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not. Cisco ASA provides SSL inspection while Cisco Firepower does not.

An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?. Client computers do not have the Cisco Umbrella Root CA certificate installed. IP-Layer Enforcement is not configured. Client computers do not have an SSL certificate deployed from an internal CA server. Intelligent proxy and SSL decryption is disabled in the policy.

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two). virtualization. middleware. operating systems. applications. data.

What is an attribute of the DevSecOps process?. mandated security controls and check lists. security scanning and theoretical vulnerabilities. development security. isolated security team.

An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?. Bridge Protocol Data Unit guard. embedded event monitoring. storm control. access control lists.

Which two cryptographic algorithms are used with IPsec? (Choose two). AES-BAC. AES-ABC. HMAC-SHA1/SHA2. Triple AMC-CBC. AES-CBC.

Drag and drop the descriptions from the left onto the encryption algorithms on the right. Asymmetric. Symmetric.

In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?. LDAP injection. man-in-the-middle. cross-site scripting. insecure API.

Which Dos attack uses fragmented packets to crash a target machine?. smurf. MITM. teardrop. LAND.

Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?. to prevent theft of the endpoints. because defense-in-depth stops at the network. to expose the endpoint to more threats. because human error or insider threats will still exist.

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose two). westbound AP. southbound API. northbound API. eastbound API.

When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN configuration as opposed to DMVPN?. Multiple routers or VRFs are required. Traffic is distributed statically by default. Floating static routes are required. HSRP is used for fallover.

Which algorithm provides asymmetric encryption?. RC4. AES. RSA. 3DES.

What are two functions of secret key cryptography? (Choose two). key selection without integer factorization. utilization of different keys for encryption and decryption. utilization of large prime number iterations. provides the capability to only know the key on one side. utilization of less memory.

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two). SDP. LDAP. subordinate CA. SCP. HTTP.

Which attack type attempts to shut down a machine or network so that users are not able to access it?. smurf. bluesnarfing. MAC spoofing. IP spoofing.

What is a difference between DMVPN and sVTI?. DMVPN supports tunnel encryption, whereas sVTI does not. DMVPN supports dynamic tunnel establishment, whereas sVTI does not. DMVPN supports static tunnel establishment, whereas sVTI does not. DMVPN provides interoperability with other vendors, whereas sVTI does not.

What features does Cisco FTDv provide over ASAv?. Cisco FTDv runs on VMWare while ASAv does not. Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not. Cisco FTDv runs on AWS while ASAv does not. Cisco FTDv supports URL filtering while ASAv does not.

In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform?. when there is a need for traditional anti-malware detection. when there is no need to have the solution centrally managed. when there is no firewall on the network. when there is a need to have more advanced detection capabilities.

Which type of API is being used when a controller within a software-defined network architecture dynamically makes configuration changes on switches within the network?. westbound AP. southbound API. northbound API. eastbound API.

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?. weak passwords. lack of input validation. missing encryption. lack of file permission.

What is the purpose of a Netflow version 9 template record?. It specifies the data format of NetFlow processes. It provides a standardized set of information about an IP flow. It defines the format of data records. It serves as a unique identification number to distinguish individual data records.

What is provided by the Secure Hash Algorithm in a VPN?. integrity. key exchange. encryption. authentication.

A network engineer is deciding whether to use stateful or stateless failover when configuring two ASAs for high availability. What is the connection status in both cases?. need to be reestablished with stateful failover and preserved with stateless failover. preserved with stateful failover and need to be reestablished with stateless failover. preserved with both stateful and stateless failover. need to be reestablished with both stateful and stateless failover.

Which type of protection encrypts RSA keys when they are exported and imported?. file. passphrase. NGE. nonexportable.

Drag and drop the threats from the left onto examples of that threat on the right. DoS/DDoS. Insecure APIs. data breach. compromised credentials.

Drag and drop the VPN functions from the left onto the description on the right. SHA-1. RSA. AES. ISAKMP.