web analytics

[11-Apr-2022] New 2020 CCIE/CCNP 350-701 SCOR Dumps with VCE and PDF from PassLeader (Update Questions)

New 2020 CCIE/CCNP 350-701 SCOR exam questions from PassLeader 350-701 dumps! Welcome to download the newest PassLeader 350-701 VCE and PDF dumps: https://www.passleader.com/350-701.html (506 Q&As –> 537 Q&As –> 594 Q&As)

P.S. Free 2020 CCIE/CCNP 350-701 SCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1hkvcWfx1vI0RBtKa9NEv1NysJf5D2QaJ

NEW QUESTION 451
Which technology enables integration between Cisco ISE and other platforms to gather and share network and vulnerability data and SIEM and location information?

A.    pxGrid
B.    NetFlow
C.    SNMP
D.    Cisco Talos

Answer: A

NEW QUESTION 452
An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD. The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

A.    Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not.
B.    Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.
C.    Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not.
D.    Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

Answer: C

NEW QUESTION 453
An engineer is configuring web filtering for a network using Cisco Umbrella Secure Internet Gateway. The requirement is that all traffic needs to be filtered. Using the SSL decryption feature, which type of certificate should be presented to the end-user to accomplish this goal?

A.    third-party
B.    self-signed
C.    organization owned root
D.    SubCA

Answer: C

NEW QUESTION 454
An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured for this rule?

A.    monitor
B.    allow
C.    block
D.    trust

Answer: A

NEW QUESTION 455
When NetFlow is applied to an interface, which component creates the flow monitor cache that is used to collect traffic based on the key and nonkey fields in the configured record?

A.    records
B.    flow exporter
C.    flow sampler
D.    flow monitor

Answer: B

NEW QUESTION 456
Which encryption algorithm provides highly secure VPN communications?

A.    3DES
B.    AES 256
C.    AES 128
D.    DES

Answer: B

NEW QUESTION 457
An administrator needs to configure the Cisco ASA via ASDM such that the network management system can actively monitor the host using SNMPv3. Which two tasks must be performed for this configuration? (Choose two.)

A.    Specify the SNMP manager and UDP port.
B.    Specify an SNMP user group.
C.    Specify a community string.
D.    Add an SNMP USM entry.
E.    Add an SNMP host access entry.

Answer: DE

NEW QUESTION 458
Which Cisco ASA deployment model is used to filter traffic between hosts in the same IP subnet using higher-level protocols without readdressing the network?

A.    routed mode
B.    transparent mode
C.    single context mode
D.    multiple context mode

Answer: B

NEW QUESTION 459
Which function is performed by certificate authorities but is a limitation of registration authorities?

A.    accepts enrollment requests
B.    certificate re-enrollment
C.    verifying user identity
D.    CRL publishing

Answer: C

NEW QUESTION 460
Which two functions does the Cisco Advanced Phishing Protection solution perform in trying to protect from phishing attacks? (Choose two.)

A.    blocks malicious websites and adds them to a block list
B.    does a real-time user web browsing behavior analysis
C.    provides a defense for on-premises email deployments
D.    uses a static algorithm to determine malicious
E.    determines if the email messages are malicious

Answer: CE

NEW QUESTION 461
What is a feature of NetFlow Secure Event Logging?

A.    It exports only records that indicate significant events in a flow.
B.    It filters NSEL events based on the traffic and event type through RSVP.
C.    It delivers data records to NSEL collectors through NetFlow over TCP only.
D.    It supports v5 and v8 templates.

Answer: A

NEW QUESTION 462
A hacker initiated a social engineering attack and stole username and passwords of some users within a company. Which product should be used as a solution to this problem?

A.    Cisco NGFW
B.    Cisco AnyConnect
C.    Cisco AMP for Endpoints
D.    Cisco Duo

Answer: D

NEW QUESTION 463
Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection, enabling the platform to identify and output various applications within the network traffic flows?

A.    Cisco NBAR2
B.    Cisco ASAV
C.    Account on Resolution
D.    Cisco Prime Infrastructure

Answer: A

NEW QUESTION 464
Which RADIUS feature provides a mechanism to change the AAA attributes of a session after it is authenticated?

A.    Authorization
B.    Accounting
C.    Authentication
D.    CoA

Answer: D

NEW QUESTION 465
Which type of data exfiltration technique encodes data in outbound DNS requests to specific servers and can be stopped by Cisco Umbrella?

A.    DNS tunneling.
B.    DNS flood attack.
C.    cache poisoning.
D.    DNS hijacking.

Answer: A

NEW QUESTION 466
A large organization wants to deploy a security appliance in the public cloud to form a site-to-site VPN and link the public cloud environment to the private cloud in the headquarters data center. Which Cisco security appliance meets these requirements?

A.    Cisco Cloud Orchestrator
B.    Cisco ASAV
C.    Cisco WSAV
D.    Cisco Stealthwatch Cloud

Answer: B

NEW QUESTION 467
Which standard is used to automate exchanging cyber threat information?

A.    TAXIL
B.    MITRE
C.    IoC
D.    STIX

Answer: A

NEW QUESTION 468
What is a function of the Layer 4 Traffic Monitor on a Cisco WSA?

A.    blocks traffic from URL categories that are known to contain malicious content
B.    decrypts SSL traffic to monitor for malicious content
C.    monitors suspicious traffic across all the TCP/UDP ports
D.    prevents data exfiltration by searching all the network traffic for specified sensitive information

Answer: C

NEW QUESTION 469
Why is it important for the organization to have an endpoint patching strategy?

A.    so the organization can identify endpoint vulnerabilities
B.    so the internal PSIRT organization is aware of the latest bugs
C.    so the network administrator is notified when an existing bug is encountered
D.    so the latest security fixes are installed on the endpoints

Answer: C

NEW QUESTION 470
An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

A.    File Analysis
B.    IP Reputation Filtering
C.    Intelligent Multi-Scan
D.    Anti-Virus Filtering

Answer: C

NEW QUESTION 471
Which open source tool does Cisco use to create graphical visualizations of network telemetry on Cisco IOS XE devices?

A.    InfluxDB
B.    Splunk
C.    SNMP
D.    Grafana

Answer: D

NEW QUESTION 472
How does the Cisco WSA enforce bandwidth restrictions for web applications?

A.    It implements a policy route to redirect application traffic to a lower-bandwidth link.
B.    It dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA.
C.    It sends commands to the uplink router to apply traffic policing to the application traffic.
D.    It simulates a slower link by introducing latency into application traffic.

Answer: C

NEW QUESTION 473
Which two components do southbound APIs use to communicate with downstream devices? (Choose two.)

A.    services running over the network
B.    OpenFlow
C.    external application APIs
D.    applications running over the network
E.    OpFlex

Answer: BE

NEW QUESTION 474
What is the term for when an endpoint is associated to a provisioning WLAN that is shared with guest access, and the same guest portal is used as the BYOD portal?

A.    single-SSID BYOD
B.    multichannel GUI
C.    dual-SSID BYOD
D.    streamlined access

Answer: C

NEW QUESTION 475
Which MDM configuration provides scalability?

A.    pushing WPA2-Enterprise settings automatically to devices
B.    enabling use of device features such as camera use
C.    BYOD support without extra appliance or licenses
D.    automatic device classification with level 7 fingerprinting

Answer: C

NEW QUESTION 476
Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?

A.    retrospective detection
B.    indication of compromise
C.    file trajectory
D.    elastic search

Answer: D

NEW QUESTION 477
Which feature enables a Cisco ISR to use the default bypass list automatically for web filtering?

A.    filters
B.    group key
C.    company key
D.    connector

Answer: D

NEW QUESTION 478
A network engineer has configured a NTP server on a Cisco ASA. The Cisco ASA has IP reachability to the NTP server and is not filtering any traffic. The show ntp association detail command indicates that the configured NTP server is unsynchronized and has a stratum of 16. What is the cause of this issue?

A.    Resynchronization of NTP is not forced.
B.    NTP is not configured to use a working server.
C.    An access list entry for UDP port 123 on the inside interface is missing.
D.    An access list entry for UDP port 123 on the outside interface is missing.

Answer: B

NEW QUESTION 479
When a next-generation endpoint security solution is selected for a company, what are two key deliverables that help justify the implementation? (Choose two.)

A.    signature-based endpoint protection on company endpoints
B.    macro-based protection to keep connected endpoints safe
C.    continuous monitoring of all files that are located on connected endpoints
D.    email integration to protect endpoints from malicious content that is located in email
E.    real-time feeds from global threat intelligence centers

Answer: CE

NEW QUESTION 480
What is the process of performing automated static and dynamic analysis of files against preloaded behavioral indicators for threat analysis?

A.    deep visibility scan
B.    point-in-time checks
C.    advanced sandboxing
D.    advanced scanning

Answer: C

NEW QUESTION 481
What do tools like Jenkins, Octopus Deploy, and Azure DevOps provide in terms of application and infrastructure automation?

A.    continuous integration and continuous deployment
B.    cloud application security broker
C.    compile-time instrumentation
D.    container orchestration

Answer: A

NEW QUESTION 482
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?

A.    inbound
B.    north-south
C.    east-west
D.    outbound

Answer: D

NEW QUESTION 483
Which technology provides a combination of endpoint protection endpoint detection, and response?

A.    Cisco AMP
B.    Cisco Talos
C.    Cisco Threat Grid
D.    Cisco Umbrella

Answer: A

NEW QUESTION 484
What is a feature of container orchestration?

A.    ability to deploy Amazon ECS clusters by using the Cisco Container Platform data plane
B.    ability to deploy Amazon EKS clusters by using the Cisco Container Platform data plane
C.    ability to deploy Kubernetes clusters in air-gapped sites
D.    automated daily updates

Answer: C

NEW QUESTION 485
What are two security benefits of an MDM deployment? (Choose two.)

A.    robust security policy enforcement
B.    privacy control checks
C.    on-device content management
D.    distributed software upgrade
E.    distributed dashboard

Answer: AC

NEW QUESTION 486
What is the recommendation in a zero-trust model before granting access to corporate applications and resources?

A.    to use multifactor authentication
B.    to use strong passwords
C.    to use a wired network, not wireless
D.    to disconnect from the network when inactive

Answer: A

NEW QUESTION 487
Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?

A.    endpoint isolation
B.    advanced search
C.    advanced investigation
D.    retrospective security

Answer: D

NEW QUESTION 488
Which solution stops unauthorized access to the system if a user’s password is compromised?

A.    VPN
B.    MFA
C.    AMP
D.    SSL

Answer: B

NEW QUESTION 489
What is a benefit of using Cisco Tetration?

A.    It collects telemetry data from servers and then uses software sensors to analyze flow information.
B.    It collects policy compliance data and process details.
C.    It collects enforcement data from servers and collects interpacket variation.
D.    It collects near-real time data from servers and inventories the software packages that exist on servers.

Answer: A

NEW QUESTION 490
How does Cisco Umbrella protect clients when they operate outside of the corporate network?

A.    by modifying the registry for DNS lookups
B.    by using Active Directory group policies to enforce Cisco Umbrella DNS servers
C.    by using the Cisco Umbrella roaming client
D.    by forcing DNS queries to the corporate name servers

Answer: C

NEW QUESTION 491
Which industry standard is used to integrate Cisco ISE and pxGrid to each other and with other interoperable security platforms?

A.    IEEE
B.    IETF
C.    NIST
D.    ANSI

Answer: B

NEW QUESTION 492
What are two facts about WSA HTTP proxy configuration with a PAC file? (Choose two.)

A.    It is defined as a Transparent proxy deployment.
B.    In a dual-NIC configuration, the PAC file directs traffic through the two NICs to the proxy.
C.    The PAC file, which references the proxy, is deployed to the client web browser.
D.    It is defined as an Explicit proxy deployment.
E.    It is defined as a Bridge proxy deployment.

Answer: CD

NEW QUESTION 493
Which solution detects threats across a private network, public clouds, and encrypted traffic?

A.    Cisco Stealthwatch
B.    Cisco CTA
C.    Cisco Encrypted Traffic Analytics
D.    Cisco Umbrella

Answer: A

NEW QUESTION 494
Drag and Drop
Drag and drop the exploits from the left onto the type of security vulnerability on the right.
350-701-Exam-Dumps-4941

Answer:
350-701-Exam-Dumps-4942

NEW QUESTION 495
Drag and Drop
Drag and drop the concepts from the left onto the correct descriptions on the right.
350-701-Exam-Dumps-4951

Answer:
350-701-Exam-Dumps-4952

NEW QUESTION 496
……


New 2020 CCIE/CCNP 350-701 SCOR exam questions from PassLeader 350-701 dumps! Welcome to download the newest PassLeader 350-701 VCE and PDF dumps: https://www.passleader.com/350-701.html (506 Q&As –> 537 Q&As –> 594 Q&As)

P.S. Free 2020 CCIE/CCNP 350-701 SCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1hkvcWfx1vI0RBtKa9NEv1NysJf5D2QaJ