Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONSCOR Q201- Q250

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
SCOR Q201- Q250

Description:
SCOR 350-701

Author:
samscor
(Other tests from this author)

Creation Date:
04/03/2023

Category:
Others

Number of questions: 50
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis? The ESA immediately makes another attempt to upload the file. The file upload is abandoned. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload. The file is queued for upload when connectivity is restored.
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address. Which list contains the allowed recipient addresses? SAT BAT HAT RAT.
Why would a user choose an on-premises ESA versus the Cisco Cloud Email Security CES solution? Sensitive data must remain onsite. Demand is unpredictable. The server team wants to outsource this service. ESA is deployed inline.
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.) Sophos engine white list RAT outbreak filters DLP.
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future? Modify web proxy settings. Modify outbound malware scanning policies. Modify identification profiles. Modify an access policy.
An engineer has enabled LDAP to accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal? Configure Directory Harvest Attack Prevention Bypass LDAP access queries in the recipient access table. Use Bounce Verification. Configure incoming content filters.
In which two ways does a system administrator send web traffic transparently to the Cisco WSA? (Choose two.) use Web Cache Communication Protocol configure AD Group Policies to push proxy settings configure the proxy IP address in the web-browser settings configure policy-based routing on the network infrastructure reference a Proxy Auto Config file.
What is the function of the Context Directory Agent? reads the AD logs to map IP addresses to usernames relays user authentication requests from Cisco WSA to AD maintains users' group memberships accepts user authentication requests on behalf of Cisco WSA for user identification.
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the `Chat and Instant Messaging` category. Which reputation score should be selected to accomplish this goal? 5 10 3 1.
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue? The policy was created to send a message to quarantine instead of drop. The file has a reputation score that is below the threshold. The file has a reputation score that is above the threshold. The policy was created to disable file analysis.
An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability? deliver and add disclaimer text quarantine and send a DLP violation notification quarantine and alter the subject header with a DLP violation deliver and send copies to other recipients.
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, the delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two.) Deploy the Cisco ESA in the DMZ. Use outbreak filters from SenderBase. Configure a recipient access table. Enable a message tracking service. Scan quarantined emails using AntiVirus signatures.
An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task? Use destination block lists. Configure application block lists. Configure the intelligent proxy. Set content settings to High.
Which attack is preventable by Cisco ESA but not by the Cisco WSA? SQL injection phishing buffer overflow DoS.
An organization recently installed a Cisco WSA and would like to take advantage of the AVC engine to allow the organization to create a policy to control application specific activity. After enabling the AVC engine, what must be done to implement this? Use security services to configure the traffic monitor. Use URL categorization to prevent the application traffic. Use an access policy group to configure application control settings. Use web security reporting to validate engine functionality.
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint? to establish secure VPN connectivity to the corporate network to enforce posture compliance and mandatory software to ensure that assets are secure from malicious links on and off the corporate network to protect the endpoint against malicious file transfers.
An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users. What must be done on the Cisco WSA to support these requirements? Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device.
An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked? Configure the domain.com address in the block list. Configure the *.domain.com address in the block list. Configure the *.com address in the block list. Configure the *domain.com address in the block list.
An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy. Which solution should be used to meet this requirement? Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD does not Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not.
Which component of Cisco Umbrella architecture increases the reliability of the service? BGP route reflector anycast IP AMP Threat Grid Cisco Talos.
A customer has various external HTTP resources available including Intranet, Extranet, and Internet, with a proxy configuration running in explicit mode. Which method allows the client desktop browsers to be configured to select when to connect direct or when to use proxy? Bridge mode Transparent mode PAC file Forward file.
What is the benefit of using Cisco CWS compared to an on-premises Cisco WSA? Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not.
An engineer needs to add protection for data in transit and have headers in the email message. Which configuration is needed to accomplish this goal? Deploy an encryption appliance. Provision the email appliance. Map sender IP addresses to a host interface. Enable flagged message handling.
Which Cisco platform processes behavior baselines, monitors for deviations, and reviews for malicious processes in data center traffic and servers while performing software vulnerability detection? Cisco Tetration Cisco ISE Cisco AnyConnect Cisco AMP for Network.
A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access. The Cisco ESA must also join a cluster machine using preshared keys. What must be configured to meet these requirements? Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI. Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI. Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.
Refer to the exhibit. How does Cisco Umbrella manage traffic that is directed toward risky domains? Traffic is managed by the application settings, unhandled and allowed. Traffic is managed by the security settings and blocked. Traffic is proxied through the intelligent proxy. Traffic is allowed but logged.
An organization wants to improve its cybersecurity processes and to add intelligence to its data. The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA. What must be done to accomplish these objectives? Configure the integrations with Talos intelligence to take advantage of the threat intelligence that it provides. Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases. Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies. Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use.
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring? Client computers do not have an SSL certificate deployed from an internal CA server. Client computers do not have the Cisco Umbrella Root CA certificate installed. IP-Layer Enforcement is not configured. Intelligent proxy and SSL decryption is disabled in the policy.
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic? File Analysis SafeSearch SSL Decryption Destination Lists.
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats? Application Control Security Category Blocking Content Category Blocking File Analysis.
How is Cisco Umbrella configured to log only security events? per policy in the Reporting settings in the Security Settings section per network in the Deployments section.
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious? Cisco AMP Cisco AnyConnect Cisco Dynamic DNS Cisco Talos.
What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.) simple custom detections allowed applications command and control blocked ports URL.
For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two.) Windows service Windows firewall computer identity user identity default browser.
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? NGFE AMP WSA ESA.
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.) Patch for cross-site scripting. Perform backups to the private cloud. Protect against input validation and character escapes in the endpoint. Install a spam and virus email filter. Protect systems with an up-to-date antimalware program.
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware. Which two solutions mitigate the risk of this ransomware infection? (Choose two.) Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. Set up a profiling policy in Cisco Identity Services Engine to check an endpoint patch level before allowing access on the network. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.
What is the primary difference between an Endpoint Protection Platform and an Endpoint Detection and Response? EPP focuses on prevention, and EDR focuses on advanced threats that evade perimeter defenses. EDR focuses on prevention, and EPP focuses on advanced threats that evade perimeter defenses. EPP focuses on network security, and EDR focuses on device security. EDR focuses on network security, and EPP focuses on device security.
An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task? device flow correlation simple detections application blocking list advanced custom detections.
An engineer must force an endpoint to re-authenticate an already authenticated session without disrupting the endpoint to apply a new or updated policy from ISE. Which CoA type achieves this goal? Port Bounce CoA Terminate CoA Reauth CoA Session Query.
Which two risks is a company vulnerable to if it does not have a well-established patching solution for endpoints? (Choose two.) malware denial-of-service attacks ARP spoofing exploits eavesdropping.
Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE? It adds endpoints to identity groups dynamically It allows the endpoint to authenticate with 802.1x or MAB It allows CoA to be applied if the endpoint status is compliant It verifies that the endpoint has the latest Microsoft security patches installed.
An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group. Which probe must be enabled for this type of profiling to work? SNMP NMAP DHCP NetFlow.
What is the benefit of installing Cisco AMP for Endpoints on a network? It enables behavioral analysis to be used for the endpoints It provides flow-based visibility for the endpoints' network connections. It protects endpoint systems through application control and real-time scanning. It provides operating system patches on the endpoints for security.
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them? because defense-in-depth stops at the network because human error or insider threats will still exist to prevent theft of the endpoints to expose the endpoint to more threats.
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group? SNMP probe CoA external identity source posture assessment.
In which situation should an Endpoint Detection and Response solution be chosen versus an Endpoint Protection Platform? when there is a need to have more advanced detection capabilities when there is no firewall on the network when there is a need for traditional anti-malware detection when there is no need to have the solution centrally managed.
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.) RADIUS TACACS+ DHCP sFlow SMTP.
What are two reasons for implementing a multifactor authentication solution such as Cisco Duo Security provide to an organization? (Choose two.) single sign-on access to on-premises and cloud applications identification and correction of application vulnerabilities before allowing access to resources secure access to on-premises and cloud applications integration with 802.1x security using native Microsoft Windows supplicant flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications.
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.) biometric factor time factor confidentiality factor knowledge factor encryption factor.
Report abuse Consent Terms of use