Cisco CCNP Security 350-701 Questions & Answers

• Question 431:

  An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these requirements?

  A. Cisco Umbrella

  B. Cisco AMP

  C. Cisco Stealthwatch

  D. Cisco Tetration

  Correct Answer: D

  Reference: https://www.cisco.com/c/en/us/products/collateral/data-center- analytics/tetration-analytics/solutionoverview-c22-739268.pdf

• Question 432:

  Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

  A. Encrypted Traffic Analytics

  B. Threat Intelligence Director

  C. Cognitive Threat Analytics

  D. Cisco Talos Intelligence

  Correct Answer: B

  Cisco FMC's Threat Intelligence Director allows security teams to integrate security intelligence observables from various sources, such as Cisco Talos, into their Cisco FMC environment. This allows the FMC to push updated security intelligence to its sensors, enabling them to better detect and respond to potential threats.

• Question 433:

  What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

  A. Multiple NetFlow collectors are supported

  B. Advanced NetFlow v9 templates and legacy v5 formatting are supported

  C. Secure NetFlow connections are optimized for Cisco Prime Infrastructure

  D. Flow-create events are delayed

  Correct Answer: D

  https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/asdm71/general/asdm_71_general_config/monitor_nsel.pdf

• Question 434:

  What is the function of SDN southbound API protocols?

  A. to allow for the dynamic configuration of control plane applications

  B. to enable the controller to make changes

  C. to enable the controller to use REST

  D. to allow for the static configuration of control plane applications

  Correct Answer: B

  Reference: https://www.ciscopress.com/articles/article.asp?p=3004581andseqNum=2

  Note: Southbound APIs helps us communicate with data plane (not control plane) applications

• Question 435:

  What is a key difference between Cisco Firepower and Cisco ASA?

  A. Cisco ASA provides access control while Cisco Firepower does not.

  B. Cisco Firepower provides identity-based access control while Cisco ASA does not.

  C. Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

  D. Cisco ASA provides SSL inspection while Cisco Firepower does not.

  Correct Answer: C

• Question 436:

  Which Dos attack uses fragmented packets to crash a target machine?

  A. smurf

  B. MITM

  C. teardrop

  D. LAND

  Correct Answer: C

  A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a targetmachine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IPfragmentation reassembly, the packets overlap one another, crashing the target network device. This generally happens on older operating systems such as Windows 3.1x, Windows 95, Windows NT and versions of the Linux kernel prior to 2.1.63.

• Question 437:

  What is a function of 3DES in reference to cryptography?

  A. It hashes files.

  B. It creates one-time use passwords.

  C. It encrypts traffic.

  D. It generates private keys.

  Correct Answer: C

• Question 438:

  Which type of protection encrypts RSA keys when they are exported and imported?

  A. file

  B. passphrase

  C. NGE

  D. nonexportable

  Correct Answer: B

• Question 439:

  An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

  A. Configure incoming content filters

  B. Use Bounce Verification

  C. Configure Directory Harvest Attack Prevention

  D. Bypass LDAP access queries in the recipient access table

  Correct Answer: C

  A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using differentpermutations of common

  username. Its easy for attackers to get hold of a valid email address if yourorganization uses standard format for official e-mail alias (for example:

  [email protected]). We canconfigure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up

  contact information from a server, such as ClickMail Central Directory. For example, here's an LDAP search translated into plain English: "Search for all people located in Chicago who's name contains "Fred" that have an email address.

  Please return their full name, email, title, and description.

• Question 440:

  An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?

  A. Configure the Cisco ESA to drop the malicious emails

  B. Configure policies to quarantine malicious emails

  C. Configure policies to stop and reject communication

  D. Configure the Cisco ESA to reset the TCP connection

  Correct Answer: C

  https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118179-configure-esa-00.html