Cisco CCNP Security 350-701 Questions & Answers

• Question 441:

  A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)

  A. permit

  B. trust

  C. reset

  D. allow

  E. monitor

  Correct Answer: BE

  Each rule also has an action, which determines whether you monitor, trust, block, or allow matching traffic.Note: With action "trust", Firepower does not do any more inspection on the traffic. There will be no intrusion protection and also no file-policy on this traffic.

• Question 442:

  What are two Trojan malware attacks? (Choose two)

  A. Frontdoor

  B. Rootkit

  C. Smurf

  D. Backdoor

  E. Sync

  Correct Answer: BD

• Question 443:

  What is a capability of Cisco ASA Netflow?

  A. It filters NSEL events based on traffic

  B. It generates NSEL events even if the MPF is not configured

  C. It logs all event types only to the same collector

  D. It sends NetFlow data records from active and standby ASAs in an active standby failover pair

  Correct Answer: A

• Question 444:

  Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain aware of the ongoing and most prevalent threats?

  A. PSIRT

  B. Talos

  C. CSIRT

  D. DEVNET

  Correct Answer: B

  Reference: https://talosintelligence.com/newsletters

• Question 445:

  An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?

  A. Configure the Cisco WSA to modify policies based on the traffic seen

  B. Configure the Cisco ESA to receive real-time updates from Talos

  C. Configure the Cisco WSA to receive real-time updates from Talos

  D. Configure the Cisco ESA to modify policies based on the traffic seen

  Correct Answer: B

  The Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it's likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.

  

• Question 446:

  An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?

  A. TCP 6514

  B. UDP 1700

  C. TCP 49

  D. UDP 1812

  Correct Answer: B

  CoA Messages are sent on two different udp ports depending on the platform. Cisco standardizes on UDP port1700, while the actual RFC calls out using UDP port 3799.

• Question 447:

  An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco Firepower. Which feature should be used to accomplish this?

  A. NetFlow

  B. Packet Tracer

  C. Network Discovery

  D. Access Control

  Correct Answer: C

  Reference: https://www.cisco.com/c/en/us/solutions/collateral/enterprise- networks/enterprise-network-security/white-paper-c11-736595.html

• Question 448:

  A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

  A. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.

  B. The file is queued for upload when connectivity is restored.

  C. The file upload is abandoned.

  D. The ESA immediately makes another attempt to upload the file.

  Correct Answer: C

  Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security- appliance/118796-technoteesa-00.html

  In this question, it stated "the network is congested" (not the file analysis server was overloaded) so theappliance will not try to upload the file again.

• Question 449:

  What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)

  A. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.

  B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

  C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.

  D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

  E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.

  Correct Answer: BD

  In explicit proxy mode, users are configured to use a web proxy and the web traffic is sent directly to the Cisco WSA. In contrast, in transparent proxy mode the Cisco WSA intercepts user's web traffic redirected from other network devices,

  such as switches, routers, or firewalls.

  The Cisco WSA responds with its own IP address only if it is running in explicit mode.

  This statement is true. In explicit mode, the client's browser is configured to send web traffic to the proxy server's IP address. Therefore, the WSA responds with its own IP address to the client's requests.

  The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.

  Option D is correct because in transparent mode, the WSA uses a Layer 3 device (such as a router) to redirect traffic to the proxy server, whereas in explicit mode, the client's browser is configured to send traffic directly to the WSA.

• Question 450:

  Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat? (Choose two)

  A. westbound AP

  B. southbound API

  C. northbound API

  D. eastbound API

  Correct Answer: C