Download Implementing and Operating Cisco Security Core Technologies.350-701.PassLeader.2025-03-15.406q.vcex

Vendor: Cisco
Exam Code: 350-701
Exam Name: Implementing and Operating Cisco Security Core Technologies
Date: Mar 15, 2025
File Size: 17 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

ProfExam Discount

Demo Questions

Question 1
Which command enables 802.1X globally on a Cisco switch? 
 
  1. dot1x system-auth-control 
  2. dot1x pae authenticator 
  3. authentication port-control auto 
  4. aaa new-model  
Correct answer: A
Question 2
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment? 
 
  1. NGFW 
  2. AMP 
  3. WSA 
  4. ESA  
Correct answer: B
Explanation:
 
 
Question 3
Where are individual sites specified to be blacklisted in Cisco Umbrella? 
  1. application settings
  2. content categories 
  3. security settings 
  4. destination lists  
Correct answer: D
Explanation:
To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save. Reference:https://support.umbrella.com/hc/en-us/articles/115004518146-Umbrella-Dashboard-New-Features-Custom-blocked-URLs 
To block a URL, simply enter it into a blocked destination list, or create a new blocked destination list just for URLs. To do this, navigate to Policies > Destination Lists, expand a Destination list, add a URL and then click Save. 
Reference:
https://support.umbrella.com/hc/en-us/articles/115004518146-Umbrella-Dashboard-New-Features-Custom-blocked-URLs 
Question 4
Which VPN technology can support a multivendor environment and secure traffic between sites? 
 
  1. SSL VPN 
  2. GET VPN 
  3. FlexVPN 
  4. DMVPN  
Correct answer: C
Explanation:
Third-party compatibility: As the IT world transitions to cloud- and mobile-based computing, more and more VPN routers and VPN endpoints from different vendors are required. The Cisco IOS FlexVPN solution provides compatibility with any IKEv2-based third-party VPN vendors, including native VPN clients from Apple iOS and Android devices. 
Third-party compatibility: As the IT world transitions to cloud- and mobile-based computing, more and more VPN routers and VPN endpoints from different vendors are required. The Cisco IOS FlexVPN solution provides compatibility with any IKEv2-based third-party VPN vendors, including native VPN clients from Apple iOS and Android devices. 
Question 5
Which SNMPv3 configuration must be used to support the strongest security possible? 
 
  1. asa-host(config)#snmp-server group myv3 v3 priv  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv des ciscXXXXXXXX  
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
  2. asa-host(config)#snmp-server group myv3 v3 noauth  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX 
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
  3. asa-host(config)#snmp-server group myv3 v3 noauth  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv 3des ciscXXXXXXXX  
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
  4. asa-host(config)#snmp-server group myv3 v3 priv  
    asa-host(config)#snmp-server user andy myv3 auth sha cisco priv aes 256 ciscXXXXXXXX 
    asa-host(config)#snmp-server host inside 10.255.254.1 version 3 andy 
Correct answer: D
Explanation:
AES allows you to choose a 128-bit, 192-bit or 256-bit key, making it exponentially stronger than the 56-bit key of DES.    
AES allows you to choose a 128-bit, 192-bit or 256-bit key, making it exponentially stronger than the 56-bit key of DES. 
 
 
Question 6
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.) 
 
  1. Patch for cross-site scripting. 
  2. Perform backups to the private cloud. 
  3. Protect against input validation and character escapes in the endpoint. 
  4. Install a spam and virus email filter. 
  5. Protect systems with an up-to-date antimalware program.  
Correct answer: DE
Question 7
An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17-010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.  
Which two solutions mitigate the risk of this ransomware infection? (Choose two.) 
 
  1. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network. 
  2. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network. 
  3. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network. 
  4. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network. 
  5. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.  
Correct answer: AC
Question 8
Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity? 
 
  1. DMVPN 
  2. FlexVPN 
  3. IPsec DVTI 
  4. GET VPN  
Correct answer: D
Question 9
Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure? 
 
  1. PaaS 
  2. XaaS 
  3. IaaS 
  4. SaaS  
Correct answer: A
Explanation:
Platform-as-a-service (PaaS) is another step further from full, on-premise infrastructure management. It is where a provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection. 
Platform-as-a-service (PaaS) is another step further from full, on-premise infrastructure management. It is where a provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection. 
Question 10
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway? 
  1. Enable IP Layer enforcement. 
  2. Activate the Advanced Malware Protection license 
  3. Activate SSL decryption. 
  4. Enable Intelligent Proxy.  
Correct answer: D
Explanation:
 
 
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!