Cisco CCNP Security 350-701 Questions & Answers

• Question 311:

  An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

  A. Implement pre-filter policies for the CIP preprocessor

  B. Enable traffic analysis in the Cisco FTD

  C. Configure intrusion rules for the DNP3 preprocessor

  D. Modify the access control policy to trust the industrial traffic

  Correct Answer: C

  Reference:

  https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc- configguide-v63/scada_preprocessors.html

  Both DNP3 and CIP preprocessors can be used to detect traffic anomalies but we choose CIP as it is widely used in industrial applications.Note:+ An intrusion rule is a specified set of keywords and arguments that the system uses to detect

  attempts to exploit vulnerabilities in your network. As the system analyzes network traffic, it compares packets against the conditions specified in each rule, and triggers the rule if the data packet meets all the conditions specified in the rule. +

  Preprocessor rules, which are rules associated with preprocessors and packet decoder detection options in the network analysis policy. Most preprocessor rules are disabled by default.

• Question 312:

  Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

  A. api/v1/fie/config

  B. api/v1/onboarding/pnp-device/import

  C. api/v1/onboarding/pnp-device

  D. api/v1/onboarding/workflow

  Correct Answer: B

• Question 313:

  

  Refer to the exhibit. What function does the API key perform while working with https://api.amp.cisco.com/v1/computers?

  A. imports requests

  B. HTTP authorization

  C. HTTP authentication

  D. plays dent ID

  Correct Answer: C

  https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/201121-Overview-of-the-Cisco-AMP-for-Endpoints.html

• Question 314:

  What limits communication between applications or containers on the same node?

  A. microsegmentation

  B. container orchestration

  C. microservicing

  D. Software-Defined Access

  Correct Answer: A

• Question 315:

  What provides total management for mobile and PC including managing inventory and device tracking, remote view, and live troubleshooting using the included native remote desktop support?

  A. mobile device management

  B. mobile content management

  C. mobile application management

  D. mobile access management

  Correct Answer: A

• Question 316:

  An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?

  A. Cisco Stealthwatch Cloud

  B. Cisco Umbrella

  C. NetFlow collectors

  D. Cisco Cloudlock

  Correct Answer: A

  https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html

• Question 317:

  Refer to the exhibit.

  

  What does this Python script accomplish?

  A. It allows authentication with TLSv1 SSL protocol

  B. It authenticates to a Cisco ISE with an SSH connection.

  C. lt authenticates to a Cisco ISE server using the username of ersad

  D. It lists the LDAP users from the external identity store configured on Cisco ISE

  Correct Answer: C

• Question 318:

  An organization is selecting a cloud architecture and does not want to be responsible for patch management of the operating systems. Why should the organization select either Platform as a Service or Infrastructure as a Service for this environment?

  A. Platform as a Service because the customer manages the operating system

  B. Infrastructure as a Service because the customer manages the operating system

  C. Platform as a Service because the service provider manages the operating system

  D. Infrastructure as a Service because the service provider manages the operating system

  Correct Answer: C

  https://www.cisco.com/c/en/us/solutions/cloud/what-is-cloud-computing.html#~cloud-computing-services

• Question 319:

  A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?

  A. DMVPN because it supports IKEv2 and FlexVPN does not

  B. FlexVPN because it supports IKEv2 and DMVPN does not

  C. FlexVPN because it uses multiple SAs and DMVPN does not

  D. DMVPN because it uses multiple SAs and FlexVPN does not

  Correct Answer: C

  https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-12/sec-flex-vpn-xe-16-12-book/sec-cfg-flex-serv.html

• Question 320:

  Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

  A. Audit

  B. Mandatory

  C. Optional

  D. Visibility

  Correct Answer: B

  Explanation: https://www.cisco.com/c/en/us/td/docs/security/ise/2- 4/admin_guide/b_ISE_admin_guide_24/m_client_posture_policies.html#:~:text=Policy%20 Requirement%20Types- ,Mandatory%20Requirements,the%20requirements% 20within%20the%20time%20specifie d%20in%20the%20remediation%20timer%20settings.,-For%20example%2C%20you

  Mandatory Requirements During policy evaluation, the agent provides remediation options to clients who fail to meet the mandatory requirements defined in the posture policy. End users must remediate to meet the requirements within the time specified in the remediation timer settings