Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 77)

Page 76 of 153
PDF with 703 Questions

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems.
What must be done to meet these requirements?

  1. Implement pre-filter policies for the CIP preprocessor
  2. Enable traffic analysis in the Cisco FTD
  3. Configure intrusion rules for the DNP3 preprocessor
  4. Modify the access control policy to trust the industrial traffic

Answer(s): C

Explanation:

"configure INTRUSION RULES for DNP3" -> Documentation states, that enabling INTRUSION RULES is mandatory for CIP to work + required preprocessors (in Network Access Policy - NAP) will be enabled automatically:
"If you want the CIP preprocessor rules listed in the following table to generate events, you MUST enable them. See Setting Intrusion Rule States for information on enabling rules."

"If the Modbus, DNP3, or CIP preprocessor is disabled, and you enable and deploy an intrusion rule that requires one of these preprocessors, the system automatically uses the required preprocessor, with its current settings, although the preprocessor remains disabled in the web interface for the corresponding network analysis policy."
[1] https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc- config-guide-v63/scada_preprocessors.html



Which posture assessment requirement provides options to the client for remediation and requires the remediation within a certain timeframe?

  1. Audit
  2. Mandatory
  3. Optional
  4. Visibility

Answer(s): B

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2- 4/admin_guide/b_ISE_admin_guide_24/m_client_posture_policies.html#:~:text=Policy%20Require ment%20Types-
,Mandatory%20Requirements,the%20requirements%20within%20the%20time%20specified%20in% 20the%20remediation%20timer%20settings.,-For%20example%2C%20you

Mandatory Requirements During policy evaluation, the agent provides remediation options to clients who fail to meet the mandatory requirements defined in the posture policy. End users must remediate to meet the requirements within the time specified in the remediation timer settings



Which attribute has the ability to change during the RADIUS CoA?

  1. NTP
  2. Authorization
  3. Accessibility
  4. Membership

Answer(s): B

Explanation:

The RADIUS Change of Authorization (CoA) feature provides a mechanism to change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated.


Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15- sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html



With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?

  1. Prevalence
  2. File analysis
  3. Detections
  4. Vulnerable software
  5. Threat root cause

Answer(s): A

Explanation:

Prevalence allows you to view files that have been executed in your deployment.
Note: Threat Root Cause shows how malware is getting onto your computers.


Reference:

https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf






Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

Exam Discussions & Posts