Download Implementing and Operating Cisco Security Core Technologies.350-701.PassLeader.2025-03-25.431q.vcex

Vendor: Cisco
Exam Code: 350-701
Exam Name: Implementing and Operating Cisco Security Core Technologies
Date: Mar 25, 2025
File Size: 17 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Which command enables 802.1X globally on a Cisco switch? 
 
  1. dot1x system-auth-control 
  2. dot1x pae authenticator 
  3. authentication port-control auto 
  4. aaa new-model  
Correct answer: A
Question 2
What is a characteristic of Dynamic ARP Inspection? 
  1. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database. 
  2. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted. 
  3. DAI associates a trust state with each switch. 
  4. DAI intercepts all ARP requests and responses on trusted ports only.  
Correct answer: A
Explanation:
Dynamic ARP Inspection To prevent ARP poisoning attacks such as the one described in the previous section, a switch must ensure that only valid ARP requests and responses are relayed. DAI prevents these attacks by intercepting all ARP requests and responses. Each of these intercepted packets is verified for valid MAC address to IP address bindings before the local ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.  DAI determines the validity of an ARP packet based on valid MAC address to IP address bindings stored in a trusted database. This database is built at runtime by DHCP snooping, provided that it is enabled on the VLANs and on the switch in question. In addition, DAI can also validate ARP packets against user-configured ARP ACLs in order to handle hosts that use statically configured IP addresses.  DAI can also be configured to drop ARP packets when the IP addresses in the packet are invalid or when the MAC addresses in the body of the ARP packet do not match the addresses specified in the Ethernet header. 
Dynamic ARP Inspection 
To prevent ARP poisoning attacks such as the one described in the previous section, a switch must ensure that only valid ARP requests and responses are relayed. DAI prevents these attacks by intercepting all ARP requests and responses. Each of these intercepted packets is verified for valid MAC address to IP address bindings before the local ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.  
DAI determines the validity of an ARP packet based on valid MAC address to IP address bindings stored in a trusted database. This database is built at runtime by DHCP snooping, provided that it is enabled on the VLANs and on the switch in question. In addition, DAI can also validate ARP packets against user-configured ARP ACLs in order to handle hosts that use statically configured IP addresses.  
DAI can also be configured to drop ARP packets when the IP addresses in the packet are invalid or when the MAC addresses in the body of the ARP packet do not match the addresses specified in the Ethernet header. 
Question 3
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? 
 
  1. NGFW 
  2. AMP 
  3. WSA 
  4. ESA  
Correct answer: B
Explanation:
 
 
Question 4
Where are individual sites specified to be blacklisted in Cisco Umbrella? 
  1. application settings
  2. content categories 
  3. security settings 
  4. destination lists  
Correct answer: D
Explanation:
To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save. Reference:https://support.umbrella.com/hc/en-us/articles/115004518146-Umbrella-Dashboard-New-Features-Custom-blocked-URLs 
To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save. 
Reference:
https://support.umbrella.com/hc/en-us/articles/115004518146-Umbrella-Dashboard-New-Features-Custom-blocked-URLs 
Question 5
Which VPN technology can support a multivendor environment and secure traffic between sites? 
 
  1. SSL VPN 
  2. GET VPN 
  3. FlexVPN 
  4. DMVPN  
Correct answer: C
Explanation:
Third-party compatibility: As the IT world transitions to cloud- and mobile-based computing, more and more VPN routers and VPN endpoints from different vendors are required. The Cisco IOS FlexVPN solution provides compatibility with any IKEv2-based third-party VPN vendors, including native VPN clients from Apple iOS and Android devices. 
Third-party compatibility: As the IT world transitions to cloud- and mobile-based computing, more and more VPN routers and VPN endpoints from different vendors are required. The Cisco IOS FlexVPN solution provides compatibility with any IKEv2-based third-party VPN vendors, including native VPN clients from Apple iOS and Android devices. 
Question 6
Which SNMPv3 configuration must be used to support the strongest security possible? 
 
  1. asa-host(config)#snmp-server group myv3 v3 priv  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX  
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
  2. asa-host(config)#snmp-server group myv3 v3 noauth  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX 
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
  3. asa-host(config)#snmp-server group myv3 v3 noauth  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX  
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
  4. asa-host(config)#snmp-server group myv3 v3 priv  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX 
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
Correct answer: D
Explanation:
AES allows you to choose a 128-bit, 192-bit or 256-bit key, making it exponentially stronger than the 56-bit key of DES.    
AES allows you to choose a 128-bit, 192-bit or 256-bit key, making it exponentially stronger than the 56-bit key of DES. 
 
 
Question 7
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.) 
 
  1. Patch for cross-site scripting. 
  2. Perform backups to the private cloud. 
  3. Protect against input validation and character escapes in the endpoint. 
  4. Install a spam and virus email filter. 
  5. Protect systems with an up-to-date antimalware program.  
Correct answer: DE
Question 8
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.  
Which two solutions mitigate the risk of this ransomware infection? (Choose two.) 
 
  1. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. 
  2. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network. 
  3. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. 
  4. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. 
  5. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.  
Correct answer: AC
Question 9
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity? 
 
  1. DMVPN 
  2. FlexVPN 
  3. IPsec DVTI 
  4. GET VPN  
Correct answer: D
Question 10
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure? 
 
  1. PaaS 
  2. XaaS 
  3. IaaS 
  4. SaaS  
Correct answer: A
Explanation:
Platform-as-a-service (PaaS) is another step further from full, on-premise infrastructure management. It is where a provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection. 
Platform-as-a-service (PaaS) is another step further from full, on-premise infrastructure management. It is where a provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection. 
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!