CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 61)

Page 61 of 153
PDF with 703 Questions

In an IaaS cloud services model, which security function is the provider responsible for managing?

  1. Internet proxy
  2. firewalling virtual machines
  3. CASB
  4. hypervisor OS hardening

Answer(s): B

Explanation:

In this IaaS model, cloud providers offer resources to users/machines that include computers as virtual machines, raw (block) storage, firewalls, load balancers, and network devices.
Note: Cloud access security broker (CASB) provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware such as ransomware.



A network engineer has been tasked with adding a new medical device to the network. Cisco ISE is being used as the NAC server, and the new device does not have a supplicant available.
What must be done in order to securely connect this device to the network?

  1. Use MAB with profiling
  2. Use MAB with posture assessment.
  3. Use 802.1X with posture assessment.
  4. Use 802.1X with profiling.

Answer(s): A

Explanation:

As the new device does not have a supplicant, we cannot use 802.1X. MAC Authentication Bypass (MAB) is a fallback option for devices that don't support 802.1x. It is virtually always used in deployments in some way shape or form. MAB works by having the authenticator take the connecting device's MAC address and send it to the authentication server as its username and password. The authentication server will check its policies and send back an Access-Accept or Access- Reject just like it would with 802.1x.
Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles. These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles. Once classified, endpoints can be authorized to the network and granted access based on their profile. For example, endpoints that match the IP phone profile can be placed into a voice VLAN using MAC Authentication Bypass (MAB) as the authentication method. Another example is to provide differentiated network access to users based on the device used. For example, employees can get full access when accessing the network from their corporate workstation but be granted limited network access when accessing the network from their personal iPhone.


Reference:

https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta- p/3739456



An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so.
Which command is required to enable the client to accept the server's authentication key?

  1. ntp peer 1.1.1.1 key 1
  2. ntp server 1.1.1.1 key 1
  3. ntp server 1.1.1.2 key 1
  4. ntp peer 1.1.1.2 key 1

Answer(s): B

Explanation:

To configure an NTP enabled router to require authentication when other devices connect to it, use the following commands:

NTP_Server(config)#ntp authentication-key 2 md5 securitytut NTP_Server(config)#ntp authenticate
NTP_Server(config)#ntp trusted-key 2
Then you must configure the same authentication-key on the client router:
NTP_Client(config)#ntp authentication-key 2 md5 securitytut NTP_Client(config)#ntp authenticate
NTP_Client(config)#ntp trusted-key 2
NTP_Client(config)#ntp server 10.10.10.1 key 2
Note: To configure a Cisco device as a NTP client, use the command ntp server <IP address>. For example:
Router(config)#ntp server 10.10.10.1. This command will instruct the router to query 10.10.10.1 for the time.



What is the role of an endpoint in protecting a user from a phishing attack?

  1. Use Cisco Stealthwatch and Cisco ISE Integration.
  2. Utilize 802.1X network security to ensure unauthorized access to resources.
  3. Use machine learning models to help identify anomalies and determine expected sending behavior.
  4. Ensure that antivirus and anti malware software is up to date

Answer(s): C



Page 61 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote