New 2020 CCIE/CCNP 350-701 SCOR exam questions from PassLeader 350-701 dumps! Welcome to download the newest PassLeader 350-701 VCE and PDF dumps: https://www.passleader.com/350-701.html (400 Q&As –> 429 Q&As –> 506 Q&As –> 537 Q&As –> 660 Q&As)
P.S. Free 2020 CCIE/CCNP 350-701 SCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1hkvcWfx1vI0RBtKa9NEv1NysJf5D2QaJ
NEW QUESTION 371
What are two ways that Cisco Container Platform provides value to customers who utilize cloud service providers? (Choose two.)
A. allows developers to create code once and deploy to multiple clouds
B. helps maintain source code for cloud deployments
C. manages Docker containers
D. manages Kubernetes clusters
E. creates complex tasks for managing code
Answer: AE
NEW QUESTION 372
Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?
A. Cisco AMP for Endpoints
B. Cisco AnyConnect
C. Cisco Umbrella
D. Cisco Duo
Answer: A
NEW QUESTION 373
Which two actions does the Cisco Identity Services Engine posture module provide that ensures endpoint security? (Choose two.)
A. Assignments to endpoint groups are made dynamically, based on endpoint attributes.
B. Endpoint supplicant configuration is deployed.
C. A centralized management solution is deployed.
D. Patch management remediation is performed.
E. The latest antivirus updates are applied before access is allowed.
Answer: AD
NEW QUESTION 374
What is an advantage of the Cisco Umbrella roaming client?
A. the ability to see all traffic without requiring TLS decryption
B. visibility into IP-based threats by tunneling suspicious IP connections
C. the ability to dynamically categorize traffic to previously uncategorized sites
D. visibility into traffic that is destined to sites within the office environment
Answer: C
NEW QUESTION 375
Which Cisco platform provides an agentless solution to provide visibility across the network including encrypted traffic analytics to detect malware in encrypted traffic without the need for decryption?
A. Cisco Advanced Malware Protection
B. Cisco Stealthwatch
C. Cisco Identity Services Engine
D. Cisco AnyConnect
Answer: B
NEW QUESTION 376
Which two Cisco ISE components must be configured for BYOD? (Choose two.)
A. local WebAuth
B. central WebAuth
C. null WebAuth
D. guest
E. dual
Answer: BD
NEW QUESTION 377
What are two ways a network administrator transparently identifies users using Active Directory on the Cisco WSA? (Choose two.)
A. Create an LDAP authentication realm and disable transparent user identification.
B. Create NTLM or Kerberos authentication realm and enable transparent user identification.
C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent.
D. The eDirectory client must be installed on each client workstation.
E. Deploy a separate eDirectory server; the dent IP address is recorded in this server.
Answer: AC
NEW QUESTION 378
Which two parameters are used for device compliance checks? (Choose two.)
A. endpoint protection software version
B. Windows registry values
C. DHCP snooping checks
D. DNS integrity checks
E. device operating system version
Answer: CE
NEW QUESTION 379
Which system performs compliance checks and remote wiping?
A. MDM
B. ISE
C. AMP
D. OTP
Answer: A
NEW QUESTION 380
An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?
A. single interface
B. multi-context
C. transparent
D. two-interface
Answer: D
NEW QUESTION 381
Which baseline form of telemetry is recommended for network infrastructure devices?
A. SDNS
B. NetFlow
C. passive taps
D. SNMP
Answer: D
NEW QUESTION 382
In which scenario is endpoint-based security the solution?
A. inspecting encrypted traffic
B. device profiling and authorization
C. performing signature-based application control
D. inspecting a password-protected archive
Answer: C
NEW QUESTION 383
Why is it important to patch endpoints consistently?
A. Patching reduces the attack surface of the infrastructure.
B. Patching helps to mitigate vulnerabilities.
C. Patching is required per the vendor contract.
D. Patching allows for creating a honeypot.
Answer: B
NEW QUESTION 384
An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?
A. Restrict access to only websites with trusted third-party signed certificates.
B. Modify the user’s browser settings to suppress errors from Cisco Umbrella.
C. Upload the organization root CA to Cisco Umbrella.
D. Install the Cisco Umbrella root CA onto the user’s device.
Answer: D
NEW QUESTION 385
What is the purpose of joining Cisco WSAs to an appliance group?
A. All WSAs in the group can view file analysis results.
B. The group supports improved redundancy.
C. It supports cluster operations to expedite the malware analysis process.
D. It simplifies the task of patching multiple appliances.
Answer: B
NEW QUESTION 386
Why should organizations migrate to an MFA strategy for authentication?
A. Single methods of authentication can be compromised more easily than MFA.
B. Biometrics authentication leads to the need for MFA due to its ability to be hacked easily.
C. MFA methods of authentication are never compromised.
D. MFA does not require any piece of evidence for an authentication mechanism.
Answer: A
NEW QUESTION 387
Which technology should be used to help prevent an attacker from stealing usernames and passwords of users within an organization?
A. RADIUS-based REAP
B. fingerprinting
C. Dynamic ARP Inspection
D. multifactor authentication
Answer: A
NEW QUESTION 388
Which type of attack is MFA an effective deterrent for?
A. ping of death
B. phishing
C. teardrop
D. syn flood
Answer: B
NEW QUESTION 389
Which Cisco cloud security software centrally manages policies on multiple platforms such as Cisco ASA, Cisco Firepower, Cisco Meraki, and AWS?
A. Cisco Defense Orchestrator
B. Cisco Configuration Professional
C. Cisco Secureworks
D. Cisco DNAC
Answer: A
NEW QUESTION 390
Which Cisco security solution determines if an endpoint has the latest OS updates and patches installed on the system?
A. Cisco Endpoint Security Analytics
B. Cisco AMP for Endpoints
C. Endpoint Compliance Scanner
D. Security Posture Assessment Service
Answer: D
NEW QUESTION 391
Using Cisco Cognitive Threat Analytics, which platform automatically blocks risky sites, and test unknown sites for hidden advanced threats before allowing users to click them?
A. Cisco Identity Services Engine
B. Cisco Enterprise Security Appliance
C. Cisco Web Security Appliance
D. Cisco Advanced Stealthwatch Appliance
Answer: C
NEW QUESTION 392
What are two things to consider when using PAC files with the Cisco WSA? (Choose two.)
A. If the WSA host port is changed, the default port redirects web traffic to the correct port automatically.
B. PAC files use if-else statements to determine whether to use a proxy or a direct connection for traffic between the PC and the host.
C. The WSA hosts PAC files on port 9001 by default.
D. The WSA hosts PAC files on port 6001 by default.
E. By default, they direct traffic through a proxy when the PC and the host are on the same subnet.
Answer: BC
NEW QUESTION 393
What is a description of microsegmentation?
A. Environments deploy a container orchestration platform, such as Kubernetes, to manage the application delivery.
B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.
C. Environments deploy centrally managed host-based firewall rules on each server or container.
D. Environments implement private VLAN segmentation to group servers with similar applications.
Answer: B
NEW QUESTION 394
Which Cisco WSA feature supports access control using URL categories?
A. transparent user identification
B. SOCKS proxy services
C. web usage controls
D. user session restrictions
Answer: A
NEW QUESTION 395
Which technology limits communication between nodes on the same network segment to individual applications?
A. serverless infrastructure
B. microsegmentation
C. SaaS deployment
D. machine-to-machine firewalling
Answer: B
NEW QUESTION 396
Which IETF attribute is supported for the RADIUS CoA feature?
A. 24 State
B. 30 Calling-Station-ID
C. 42 Acct-Session-ID
D. 81 Message-Authenticator
Answer: A
NEW QUESTION 397
When a transparent authentication fails on the Web Security Appliance, which type of access does the end user get?
A. guest
B. limited Internet
C. blocked
D. full Internet
Answer: C
NEW QUESTION 398
Drag and Drop
Drag and drop the posture assessment flow actions from the left into a sequence on the right.
Answer:
NEW QUESTION 399
……
New 2020 CCIE/CCNP 350-701 SCOR exam questions from PassLeader 350-701 dumps! Welcome to download the newest PassLeader 350-701 VCE and PDF dumps: https://www.passleader.com/350-701.html (400 Q&As –> 429 Q&As –> 506 Q&As –> 537 Q&As –> 660 Q&As)
P.S. Free 2020 CCIE/CCNP 350-701 SCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1hkvcWfx1vI0RBtKa9NEv1NysJf5D2QaJ
