CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 62)

Page 62 of 153
PDF with 703 Questions

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic.
Which action will accomplish this task?

  1. Set content settings to High
  2. Configure the intelligent proxy.
  3. Use destination block lists.
  4. Configure application block lists.

Answer(s): B

Explanation:

Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.


Reference:

https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy



With which components does a southbound API within a software-defined network architecture communicate?

  1. controllers within the network
  2. applications
  3. appliances
  4. devices such as routers and switches

Answer(s): D

Explanation:



The Southbound API is used to communicate between Controllers and network devices.



A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.
What must be configured to accomplish this?

  1. a Network Discovery policy to receive data from the host
  2. a Threat Intelligence policy to download the data from the host
  3. a File Analysis policy to send file data into Cisco Firepower
  4. a Network Analysis policy to receive NetFlow data from the host

Answer(s): A

Explanation:

You can configure discovery rules to tailor the discovery of host and application data to your needs. The Firepower System can use data from NetFlow exporters to generate connection and discovery events, and to add host and application data to the network map. A network analysis policy governs how traffic is decoded and preprocessed so it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt -> Answer D is not correct.



When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for.
What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

  1. The key server that is managing the keys for the connection will be at 1.2.3.4
  2. The remote connection will only be allowed from 1.2.3.4
  3. The address that will be used as the crypto validation authority
  4. All IP addresses other than 1.2.3.4 will be allowed

Answer(s): B

Explanation:

The command crypto isakmp key cisco address 1.2.3.4 authenticates the IP address of the 1.2.3.4 peer by using the key cisco. The address of "0.0.0.0" will authenticate any address with this key



Page 62 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote