Implementing and Operating Cisco Security Core Technologies (SCOR)
Exam Details
Exam Code
:350-701
Exam Name
:Implementing and Operating Cisco Security Core Technologies (SCOR)
Certification
:CCNP Security
Vendor
:Cisco
Total Questions
:753 Q&As
Last Updated
:Mar 27, 2025
Cisco CCNP Security 350-701 Questions & Answers
Question 641:
What is the purpose of a denial-of-service attack?
A. to disrupt the normal operation of a targeted system by overwhelming It
B. to exploit a security vulnerability on a computer system to steal sensitive information
C. to prevent or limit access to data on a computer system by encrypting It
D. to spread throughout a computer system by self-replicating to additional hosts
Correct Answer: A
Explanation: The purpose of a Denial-of-Service (DoS) attack is to disrupt the normal operation of a targeted system, server, or network by overwhelming it with a flood of internet traffic. This is achieved by utilizing multiple compromised computer systems as sources of attack traffic. The overwhelming amount of traffic can cause the targeted system to slow down significantly or even crash and become unavailable to legitimate users, thereby denying service to intended users.
Question 642:
An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generate by the user Is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goat?
A. NAT exemption
B. encryption domain
C. routing table
D. group policy
Correct Answer: D
Explanation: To achieve the goal of excluding some servers from the VPN tunnel and accessing them directly, the engineer must modify the group policy that is applied to the remote access VPN users. The group policy contains the settings for split tunneling, which is a feature that allows the VPN client to route some traffic through the VPN tunnel and some traffic directly to the internet. Split tunneling can be configured based on the destination IP address, the application, or the domain name of the traffic. By modifying the group policy, the engineer can specify which servers or networks should be excluded from the VPN tunnel and accessed directly by the VPN client. This can improve the performance and efficiency of the VPN connection, as well as reduce the load on the VPN gateway and the corporate network. However, split tunneling also introduces some security risks, such as exposing the VPN client to internet threats, bypassing the corporate firewall and security policies, and leaking sensitive data. Therefore, the engineer must carefully evaluate the trade-offs and best practices of using split tunneling for remote access VPNs. References := Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Secure Connectivity, Lesson 3.1: Implementing and Troubleshooting Remote Access VPN, Topic 3.1.4: Configure and Verify Remote Access VPN, Subtopic 3.1.4.2: Configure and Verify Split Tunneling VPN Split Tunneling: What It Is and Pros and Cons Cisco ASA - Enable Split Tunnel for Remote VPN Clients
Question 643:
Which Cisco solution provides a comprehensive view of Internet domains. IP addresses, and autonomous systems to help pinpoint attackers and malicious infrastructures?
A. Cisco Threat Indication Database
B. Cisco Advanced Malware Investigate
C. Cisco Umbrella Investigate
D. Cisco Secure Workload Cloud
Correct Answer: C
Explanation: Cisco Umbrella Investigate provides a comprehensive view of Internet domains, IP addresses, and autonomous systems, offering a wealth of information about the infrastructure of the internet. It helps security analysts and threat investigators to pinpoint current and emerging threats by providing access to data from Cisco's global network, thereby enabling the identification of attackers and malicious infrastructures.
Question 644:
A network engineer must create an access control list on a Cisco Adaptive Security Appliance firewall. The access control list must permit HTTP traffic to the internet from the organization's inside network 192.168.1.0/24. Which IOS command must oe used to create the access control list?
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: D
Explanation: To create an access control list (ACL) on a Cisco Adaptive Security Appliance (ASA) firewall, you need to use the access-list command followed by the name of the ACL, the action (permit or deny), the protocol, the source address and mask, and the destination address and mask. For example, to permit HTTP traffic from the inside network 192.168.1.0/24 to any destination on the internet, you can use this command: access-list inside_access_in permit tcp 192.168.1.0 255.255.255.0 any eq www This command creates an ACL named inside_access_in that permits TCP traffic from the source network 192.168.1.0/24 to any destination with the destination port equal to 80 (www). The eq keyword is used to specify the port number or name. You can also use the range keyword to specify a range of ports. To apply the ACL to an interface, you need to use the access-group command followed by the name of the ACL and the direction (in or out). For example, to apply the ACL to the inside interface in the inbound direction, you can use this command: access-group inside_access_in in interface inside This command applies the ACL inside_access_in to the interface named inside in the inbound direction. This means that the ACL will filter the traffic that enters the firewall through the inside interface. Option D is the only option that matches the syntax of the access-list command for the ASA firewall. Option A is incorrect because it uses the ip keyword instead of the tcp keyword. Option B is incorrect because it uses the any keyword for both the source and destination addresses. Option C is incorrect because it uses the host keyword for the source address, which is not valid for a network address. References: Configure ASA Access Control List for Various Scenarios Cisco ASA Access Lists Concepts and Configuration How to Configure Access Control Lists (ACL) on Cisco ASA 5500 Firewalls
Question 645:
Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?
A. source NAT
B. reverse tunnel
C. GRE tunnel
D. destination NAT
Correct Answer: B
Explanation: To connect Cisco Secure Workload to external orchestrators at a client site where incoming connections are not allowed, a reverse tunnel must be used. A reverse tunnel initiates the connection from the inside of the client's network out to the external orchestrator, thereby bypassing restrictions on incoming connections and enabling secure communication.
Question 646:
What must be configured on Cisco Secure Endpoint to create a custom detection tile list to detect and quarantine future files?
A. Use the simple custom detection feature and add each detection to the list.
B. Add a network IP block allowed list to the configuration and add the blocked files.
C. Create an advanced custom detection and upload the hash of each file
D. Configure an application control allowed applications list to block the files
Correct Answer: C
Explanation: In Cisco Secure Endpoint, to create a custom detection file list for detecting and quarantining future files, an advanced custom detection should be created, and the hash of each file to be detected and quarantined should be uploaded. This allows the system to uniquely identify and take action on files based on their hash values, providing a precise method for targeting specific malicious or unwanted files.
Question 647:
A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?
A. Implement synchronized system clock on TACACS server that matches the network device.
B. Install a compatible operating system version on the TACACS server.
C. Configure the TACACS key on the server to match with the network device.
D. Apply an access control list on TACACS server to allow communication with the network device.
Correct Answer: C
Explanation: For TACACS authentication to work, the key configured on the network device must match the key configured on the TACACS server. If users are unable to authenticate despite the TACACS server being reachable, it is likely due to a mismatch in the keys. Ensuring that both the network device and the TACACS server have the same key configured is crucial for successful authentication.
Question 648:
What is the purpose of the Trusted Automated exchange cyber threat intelligence industry standard?
A. public collection of threat intelligence feeds
B. threat intelligence sharing organization
C. language used to represent security information
D. service used to exchange security information
Correct Answer: D
Explanation: Trusted Automated eXchange of Intelligence Information (TAXII) is a collection of services and message exchanges that enable the sharing of cyber threat intelligence across product, service, and organizational boundaries. It is designed to support the exchange of CTI represented in STIX, but is not limited to STIX. TAXII defines an API that aligns with common sharing models, such as hub-and-spoke, peer-to-peer, and subscribe/publish. TAXII is not a public collection of threat intelligence feeds, a threat intelligence sharing organization, or a language used to represent security information. Those are possible descriptions of STIX, which is a complementary standard to TAXII. References: STIX and TAXII Approved as OASIS Standards to Enable Automated Exchange of Cyber Threat Intelligence, STIX V2.1 and TAXII V2.1 OASIS Standards are published, What is STIX/TAXII? | Cloudflare, What is STIX / TAXII? Learn about the industry standards for Cyber ..., What are STIX/TAXII Standards I Resources I Anomali
Question 649:
Which DoS attack uses fragmented packets in an attempt to crash a target machine?
A. teardrop
B. smurf
C. LAND
D. SYN flood
Correct Answer: A
Explanation: A teardrop attack is a type of DoS attack that uses fragmented packets in an attempt to crash a target machine. The attacker sends IP packets that are deliberately malformed, such that the fragments overlap or have invalid offsets. When the target machine tries to reassemble the packets, it encounters an error or a buffer overflow, resulting in a system crash or a denial of service. Teardrop attacks exploit a vulnerability in the TCP/IP fragmentation reassembly process, which is responsible for splitting and recombining large packets that exceed the maximum transmission unit (MTU) size. Teardrop attacks can affect various operating systems, such as Windows, Linux, and BSD, depending on the implementation of the TCP/IP stack. Teardrop attacks are also known as IP fragmentation attacks or overlapping fragment attacks. References: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 5: Securing the Cloud, Lesson 5.2: Cloud Security Threats, Topic 5.2.2: DoS Attacks What is an IP Fragmentation Attack (Teardrop ICMP/UDP) Teardrop Attack - Radware What Is a Teardrop Attack? | F5
Which problem Is solved by deploying a multicontext firewall?
A. overlapping IP addressing plan
B. more secure policy
C. resilient high availability design
D. faster inspection
Correct Answer: A
Explanation: A multicontext firewall is a feature that allows a single physical firewall to be divided into multiple virtual firewalls, also known as security contexts. Each context operates as an independent device, with its own security policy,
interfaces, and administrators. This feature is useful for service providers, large enterprises, or any network that requires more than one firewall. One of the problems that a multicontext firewall can solve is an overlapping IP addressing plan.
This means that different contexts can use the same IP addresses without causing conflicts, as long as they are separated by different interfaces or VLANs. This allows for more efficient use of IP address space and easier management of
multiple networks. A multicontext firewall can also support dynamic routing protocols and VPNs within each context, providing more flexibility and functionality12 References := 1: What Are Multi-Context Firewalls? - Franklin Fitch 2:
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-701 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
