Implementing and Operating Cisco Security Core Technologies (SCOR)
Last Update Mar 29, 2024
Total Questions : 633
We are offering FREE 350-701 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 350-701 free exam questions and then go for complete pool of Implementing and Operating Cisco Security Core Technologies (SCOR) test questions that will help you more.
Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?
Which baseline form of telemetry is recommended for network infrastructure devices?
A university policy must allow open access to resources on the Internet for research, but internal workstations are exposed to malware. Which Cisco AMP feature allows the engineering team to determine whether a file is installed on a selected few workstations?
Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?
Refer to the exhibit.
How does Cisco Umbrella manage traffic that is directed toward risky domains?
A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available. What must be done in order to securely connect this device to the network?
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
When planning a VPN deployment, for which reason does an engineer opt for an active/active FlexVPN
configuration as opposed to DMVPN?
Why is it important to have logical security controls on endpoints even though the users are trained to spot security threats and the network devices already help prevent them?
Drag and drop the threats from the left onto examples of that threat on the right
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps.
Which two actions must be taken to ensure that interfaces are put back into service? (Choose two)
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?
A network administrator is configuring a switch to use Cisco ISE for 802.1X. An endpoint is failing
authentication and is unable to access the network. Where should the administrator begin troubleshooting to verify the authentication details?
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?
Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two)
What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
In an IaaS cloud services model, which security function is the provider responsible for managing?
Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the
command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?
Which type of API is being used when a controller within a software-defined network architecture dynamically
makes configuration changes on switches within the network?
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast
packets have been flooding the network. What must be configured, based on a predefined threshold, to
address this issue?
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization
needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of
172.19.20.24. Which command on the hub will allow the administrator to accomplish this?
Which technology enables integration between Cisco ISE and other platforms to gather and share
network and vulnerability data and SIEM and location information?
What are two advantages of using Cisco Any connect over DMVPN? (Choose two)
Based on the NIST 800-145 guide, which cloud architecture may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises?
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is
deleted from an identity group?
Which risk is created when using an Internet browser to access cloud-based service?
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.
A network administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants lo limit the strain on firewall resources. Which method must the administrator use to send these logs to Cisco Security Analytics and Logging?
A Cisco ESA network administrator has been tasked to use a newly installed service to help create policy based on the reputation verdict. During testing, it is discovered that the Cisco ESA is not dropping files that have an undetermined verdict. What is causing this issue?
An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server’s authentication key?
Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN
and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco
security appliance meets these requirements?
When MAB is configured for use within the 802.1X environment, an administrator must create a policy that allows the devices onto the network. Which information is used for the username and password?
An engineer is configuring Cisco Umbrella and has an identity that references two different policies. Which action ensures that the policy that the identity must use takes precedence over the second one?
Which security product enables administrators to deploy Kubernetes clusters in air-gapped sites without needing Internet access?
Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?
Refer to the exhibit.
Consider that any feature of DNS requests, such as the length off the domain name
and the number of subdomains, can be used to construct models of expected behavior to which
observed values can be compared. Which type of malicious attack are these values associated with?
Which two types of connectors are used to generate telemetry data from IPFIX records in a Cisco Secure Workload implementation? (Choose two.)
Which two actions does the Cisco identity Services Engine posture module provide that ensures endpoint security?(Choose two.)
Which technology provides a combination of endpoint protection endpoint detection, and response?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen
if the router configuration was compromised. Which command should be used?
For a given policy in Cisco Umbrella, how should a customer block website based on a custom list?
A company discovered an attack propagating through their network via a file. A custom file policy was created in order to track this in the future and ensure no other endpoints execute the infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the created is functioning as it should?
An engineer integrates Cisco FMC and Cisco ISE using pxGrid Which role is assigned for Cisco FMC?
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
What is a functional difference between Cisco Secure Endpoint and Cisco Umbrella Roaming Client?
Which attack type attempts to shut down a machine or network so that users are not able to access it?
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Drag and drop the descriptions from the left onto the correct protocol versions on the right.
Drag and drop the solutions from the left onto the solution's benefits on the right.
Refer to the exhibit.
An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC.
The Cisco FTD is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?
A network administrator is configuring SNMPv3 on a new router. The users have already been created;
however, an additional configuration is needed to facilitate access to the SNMP views. What must the
administrator do to accomplish this?
An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?
Which cryptographic process provides origin confidentiality, integrity, and origin authentication for packets?
Refer to the exhibit.
Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two)
A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen
on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose
two)
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity professionals remain
aware of the ongoing and most prevalent threats?
What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-based policy firewall?
Drag and drop the VPN functions from the left onto the description on the right.
An organization has a Cisco ESA set up with policies and would like to customize the action assigned for
violations. The organization wants a copy of the message to be delivered with a message added to flag it as a
DLP violation. Which actions must be performed in order to provide this capability?
What is the role of an endpoint in protecting a user from a phishing attack?
A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface.
How does the switch behave in this situation?
An organization has two systems in their DMZ that have an unencrypted link between them for communication.
The organization does not have a defined password policy and uses several default accounts on the systems.
The application used on those systems also have not gone through stringent code reviews. Which vulnerability
would help an attacker brute force their way into the systems?
A Cisco ESA administrator has been tasked with configuring the Cisco ESA to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be taken in order to meet these requirements? (Choose two)
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with
other cloud solutions via an API. Which solution should be used to accomplish this goal?
An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?
Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?
Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other
interoperable security platforms?
An engineer is configuring Dropbox integration with Cisco Cloudlock. Which action must be taken before granting API access in the Dropbox admin console?
Drag and drop the concepts from the left onto the correct descriptions on the right
A network engineer is configuring NetFlow top talkers on a Cisco router Drag and drop the steps in the process from the left into the sequence on the right
An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?
Which command is used to log all events to a destination colector 209.165.201.107?
A network administrator has configured TACACS on a network device using the key Cisc0467380030 tor authentication purposes. However, users are unable to authenticate. TACACS server is reachable, but authentication is tailing. Which configuration step must the administrator complete?
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?
Drag and drop the security solutions from the left onto the benefits they provide on the right.
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.
Which solution supports high availability in routed or transparent mode as well as in northbound and
southbound deployments?
II
An engineer musí set up 200 new laptops on a network and wants to prevent the users from moving their laptops around to simplify administration Which switch port MAC address security setting must be used?
A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?
Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key
establishment?
An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being
accessed via the firewall which requires that the administrator input the bad URL categories that the
organization wants blocked into the access policy. Which solution should be used to meet this requirement?
An organization is using DNS services for their network and want to help improve the security of the DNS infrastructure. Which action accomplishes this task?
Which posture assessment requirement provides options to the client for remediation and requires the
remediation within a certain timeframe?
A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)
An organization wants to reduce their attach surface for cloud applications. They want to understand application communications, detect abnormal application Behavior, and detect vulnerabilities within the applications. Which action accomplishes this task?
An engineer is implementing Cisco CES in an existing Microsoft Office 365 environment and must route inbound email to Cisco CE.. record must be modified to accomplish this task?
A customer has various external HTTP resources available including Intranet. Extranet, and Internet, with a proxy configuration running in explicit mode Which method allows the client desktop browsers to be configured to select when to connect direct or when to use the proxy?
Refer to the exhibit.
What will occur when this device tries to connect to the port?
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?
What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?
Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?
Which attack is commonly associated with C and C++ programming languages?
Which Cisco product is open, scalable, and built on IETF standards to allow multiple security products from
Cisco and other vendors to share data and interoperate with each other?
What Cisco command shows you the status of an 802.1X connection on interface gi0/1?
When wired 802.1X authentication is implemented, which two components are required? (Choose two)
Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view
of activity?
Which Cisco solution does Cisco Umbrella integrate with to determine if a URL is malicious?
Which technology is used to improve web traffic performance by proxy caching?
Refer to the exhibit.
Which statement about the authentication protocol used in the configuration is true?
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed
devices?
Which cloud service model offers an environment for cloud consumers to develop and deploy applications
without needing to manage or maintain the underlying cloud infrastructure?
Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware?
(Choose two)
What is a language format designed to exchange threat intelligence that can be transported over the TAXII
protocol?
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention
System?
Refer to the exhibit.
A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?
Which two statements about a Cisco WSA configured in Transparent mode are true? (Choose two)
Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?
An administrator wants to ensure that all endpoints are compliant before users are allowed access on the
corporate network. The endpoints must have the corporate antivirus application installed and be running the
latest build of Windows 10.
What must the administrator implement to ensure that all devices are compliant before they are allowed on the
network?
Where are individual sites specified to be blacklisted in Cisco Umbrella?
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The
company needs to be able to protect sensitive data throughout the full environment. Which tool should be used
to accomplish this goal?
Which feature is configured for managed devices in the device platform settings of the Firepower Management
Center?
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing. Which action should be taken to accomplish this goal?
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
Which SNMPv3 configuration must be used to support the strongest security possible?
Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services
Engine? (Choose two)
Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?
A network engineer is configuring DMVPN and entered the crypto isakmp key cisc0380739941 address 0.0.0.0 command on hostA. The tunnel is not being established to hostB. What action is needed to authenticate the VPN?
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
Which benefit does endpoint security provide the overall security posture of an organization?
A mall provides security services to customers with a shared appliance. The mall wants separation of
management on the shared appliance. Which ASA deployment mode meets these needs?
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a
recipient address. Which list contains the allowed recipient addresses?
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two)
In a PaaS model, which layer is the tenant responsible for maintaining and patching?
Which two risks is a company vulnerable to if it does not have a well-established patching solution for
endpoints? (Choose two)
An organization has two machines hosting web applications. Machine 1 is vulnerable to SQL injection while machine 2 is vulnerable to buffer overflows. What action would allow the attacker to gain access to machine 1 but not machine 2?
Which two services must remain as on-premises equipment when a hybrid email solution is deployed? (Choose two)
How does Cisco Stealthwatch Cloud provide security for cloud environments?
What are the two most commonly used authentication factors in multifactor authentication? (Choose two)
Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two)
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline
posture node?
Refer to the exhibit.
A network administrator configures command authorization for the admin5 user. What is the admin5 user able to do on HQ_Router after this configuration?