CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 35)

Page 35 of 153
PDF with 703 Questions

An engineer wants to automatically assign endpoints that have a specific OUI into a new endpoint group.
Which probe must be enabled for this type of profiling to work?

  1. NetFlow
  2. NMAP
  3. SNMP
  4. DHCP

Answer(s): B

Explanation:

Cisco ISE can determine the type of device or endpoint connecting to the network by performing "profiling."
Profiling is done by using DHCP, SNMP, Span, NetFlow, HTTP, RADIUS, DNS, or NMAP scans to collect as much metadata as possible to learn the device fingerprint. NMAP ("Network Mapper") is a popular network scanner which provides a lot of features. One of them is the
OUI (Organizationally Unique Identifier) information. OUI is the first 24 bit or 6 hexadecimal value of the MAC
address.
Note: DHCP probe cannot collect OUIs of endpoints. NMAP scan probe can collect these endpoint attributes:
+ EndPointPolicy
+ LastNmapScanCount
+ NmapScanCount
+ OUI
+ Operating-system


Reference:

http://www.network-node.com/blog/2016/1/2/ise-20-profiling



What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)

  1. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
  2. single sign-on access to on-premises and cloud applications
  3. integration with 802.1x security using native Microsoft Windows supplicant
  4. secure access to on-premises and cloud applications
  5. identification and correction of application vulnerabilities before allowing access to resources

Answer(s): A,D

Explanation:

Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.
Note: Single sign-on (SSO) is a property of identity and access management that enables users to securely authenticate with multiple applications and websites by logging in only once with just one set of credentials
(username and password). With SSO, the application or website that the user is trying to access relies on a trusted third party to verify that users are who they say they are.



An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network.
Which action tests the routing?

  1. Ensure that the client computers are pointing to the on-premises DNS servers.
  2. Enable the Intelligent Proxy to validate that traffic is being routed correctly.
  3. Add the public IP address that the client computers are behind to a Core Identity.
  4. Browse to http://welcome.umbrella.com/ to validate that the new identity is working.

Answer(s): B



Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

  1. File Analysis
  2. SafeSearch
  3. SSL Decryption
  4. Destination Lists

Answer(s): C

Explanation:

SSL Decryption is an important part of the Umbrella Intelligent Proxy. he feature allows the Intelligent Proxy to go beyond simply inspecting normal URLs and actually proxy and inspect traffic that's sent over HTTPS. The SSL Decryption feature does require the root certificate be installed.


Reference:

https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryption-in-the- IntelligentProxy



Page 35 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote