CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 81)

Page 81 of 153
PDF with 703 Questions

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy.
Which solution should be used to meet this requirement?

  1. Cisco ASA because it enables URL filtering and blocks malicious URLs by default, whereas Cisco FTD
    does not
  2. Cisco ASA because it includes URL filtering in the access control policy capabilities, whereas Cisco FTD does not
  3. Cisco FTD because it includes URL filtering in the access control policy capabilities, whereas Cisco ASA does not
  4. Cisco FTD because it enables URL filtering and blocks malicious URLs by default, whereas Cisco ASA does not

Answer(s): C



An administrator configures a Cisco WSA to receive redirected traffic over ports 80 and 443. The organization requires that a network device with specific WSA integration capabilities be configured to send the traffic to the WSA to proxy the requests and increase visibility, while making this invisible to the users.
What must be done on the Cisco WSA to support these requirements?

  1. Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device
  2. Configure active traffic redirection using WPAD in the Cisco WSA and on the network device
  3. Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device
  4. Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

Answer(s): A



An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen however the attributes for CDP or DHCP are not.
What should the administrator do to address this issue?

  1. Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE
  2. Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect
  3. Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE
  4. Configure the device sensor feature within the switch to send the appropriate protocol information

Answer(s): D

Explanation:

Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly,
information collected by Device Sensor can come from the following protocols:
+ Cisco Discovery Protocol (CDP)

+ Link Layer Discovery Protocol (LLDP)
+ Dynamic Host Configuration Protocol (DHCP)


Reference:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292- ConfigureDevice-Sensor-for-ISE-Profilin.html



A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis.
What must be done to meet this requirement using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?

  1. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud
  2. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud
  3. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud
  4. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud

Answer(s): B

Explanation:

The Stealthwatch Cloud Private Network Monitoring (PNM) Sensor is an extremely flexible piece of technology,
capable of being utilized in a number of different deployment scenarios. It can be deployed as a complete
Ubuntu based virtual appliance on different hypervisors (e.g. ­VMware, VirtualBox). It can be deployed on hardware running a number of different Linux-based operating systems.


Reference:

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC- 2240-LG2.pdf



Page 81 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote