Cisco CCNP Security 350-701 Questions & Answers

• Question 221:

  An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.)

  A. Configure Cisco ACI to ingest AWS information.

  B. Configure Cisco Thousand Eyes to ingest AWS information.

  C. Send syslog from AWS to Cisco Stealthwatch Cloud.

  D. Send VPC Flow Logs to Cisco Stealthwatch Cloud.

  E. Configure Cisco Stealthwatch Cloud to ingest AWS information

  Correct Answer: DE

  https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/configuration/Public_Cloud_Monitoring_for_AWS_Quick_Start_Guide_DV_2_0.pdf

• Question 222:

  What are two functions of TAXII in threat intelligence sharing? (Choose two.)

  A. determines the "what" of threat intelligence

  B. Supports STIX information

  C. allows users to describe threat motivations and abilities

  D. exchanges trusted anomaly intelligence information

  E. determines how threat intelligence information is relayed

  Correct Answer: BE

• Question 223:

  An engineer recently completed the system setup on a Cisco WSA. Which URL information does the system send to SensorBase Network servers?

  A. Summarized server-name information and MD5-hashed path information

  B. complete URL,without obfuscating the path segments

  C. URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect

  D. none because SensorBase Network Participation is disabled by default

  Correct Answer: B

  Standard SensorBase Network Participation is enabled by default during system setup.

  Standard. Enhanced participation sends the entire URL with unobfuscated path segments to the SensorBase Network servers. This option assists in providing a more robust database, and continually improves the integrity of Web Reputation Scores.

• Question 224:

  Which technology provides a combination of endpoint protection endpoint detection, and response?

  A. Cisco AMP

  B. Cisco Talos

  C. Cisco Threat Grid

  D. Cisco Umbrella

  Correct Answer: A

• Question 225:

  A network administrator is configuring a role in an access control policy to block certain URLs and selects the "Chat and instant Messaging" category. Which reputation score should be selected to accomplish this goal?

  A. 3

  B. 5

  C. 10

  D. 1

  Correct Answer: C

• Question 226:

  What is the purpose of joining Cisco WSAs to an appliance group?

  A. All WSAs in the group can view file analysis results.

  B. The group supports improved redundancy

  C. It supports cluster operations to expedite the malware analysis process.

  D. It simplifies the task of patching multiple appliances.

  Correct Answer: A

• Question 227:

  Refer to the exhibit.

  

  What will occur when this device tries to connect to the port?

  A. 802.1X will not work, but MAB will start and allow the device on the network.

  B. 802.1X will not work and the device will not be allowed network access

  C. 802 1X will work and the device will be allowed on the network

  D. 802 1X and MAB will both be used and ISE can use policy to determine the access level

  Correct Answer: C

• Question 228:

  What is a difference between a DoS attack and a DDoS attack?

  A. A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where multiple systems target a single system with a DoS attack

  B. A DoS attack is where a computer is used to flood a server with TCP and UDP packets whereas a DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN

  C. A DoS attack is where a computer is used to flood a server with UDP packets whereas a DDoS attack is where a computer is used to flood a server with TCP packets

  D. A DoS attack is where a computer is used to flood a server with TCP packets whereas a DDoS attack is where a computer is used to flood a server with UDP packets

  Correct Answer: A

  A Denial of Service (DoS) attack is a type of cyber attack in which a single system floods a server with a large number of packets, overwhelming the server and causing it to become unavailable to legitimate users. The goal of a DoS attack is to prevent legitimate users from accessing the targeted server by consuming its resources or causing it to crash.

  A Distributed Denial of Service (DDoS) attack is a more sophisticated form of a DoS attack. In a DDoS attack, multiple systems, often compromised through malware, are used to flood a single server with packets, overwhelming it and making it unavailable to legitimate users. The goal of a DDoS attack is the same as a DoS attack, but the scale of the attack is much larger and the resources used to launch the attack are distributed across multiple systems. This makes DDoS attacks much harder to detect and mitigate.

• Question 229:

  Which feature does the laaS model provide?

  A. granular control of data

  B. dedicated, restricted workstations

  C. automatic updates and patching of software

  D. software-defined network segmentation

  Correct Answer: C

• Question 230:

  Which two parameters are used to prevent a data breach in the cloud? (Choose two.)

  A. DLP solutions

  B. strong user authentication

  C. encryption

  D. complex cloud-based web proxies

  E. antispoofing programs

  Correct Answer: AB