Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 350-701

Cisco 350-701 Exam Questions
Implementing and Operating Cisco Security Core Technologies (Page 12 )

Updated On: 24-Feb-2026
Page 12 of 123
PDF with 727 Questions

Which statement about IOS zone-based firewalls is true?

  1. An unassigned interface can communicate with assigned interfaces
  2. Only one interface can be assigned to a zone.
  3. An interface can be assigned to multiple zones.
  4. An interface can be assigned only to one zone.

Answer(s): D



What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?

  1. It tracks flow-create, flow-teardown, and flow-denied events.
  2. It provides stateless IP flow tracking that exports all records of a specific flow.
  3. It tracks the flow continuously and provides updates every 10 seconds.
  4. Its events match all traffic classes in parallel.

Answer(s): A

Explanation:

The ASA and ASASM implementations of NetFlow Secure Event Logging (NSEL) provide a stateful, IP flow tracking method that exports only those records that indicate significant events in a flow. The significant events that are tracked include flow-create, flow-teardown, and flow-denied (excluding those flows that are denied by EtherType ACLs).


Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa- general-cli/ monitor-nsel.html



Which CLI command is used to register a Cisco FirePower sensor to Firepower Management Center?

  1. configure system add <host><key>
  2. configure manager <key> add host
  3. configure manager delete
  4. configure manager add <host><key

Answer(s): D



Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention
System?

  1. Correlation
  2. Intrusion
  3. Access Control
  4. Network Discovery

Answer(s): D

Explanation:

The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible. You can configure your network discovery policy to perform host and application detection.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc- configguide-v64/introduction_to_network_discovery_and_identity.html



Which ASA deployment mode can provide separation of management on a shared appliance?

  1. DMZ multiple zone mode
  2. transparent firewall mode
  3. multiple context mode
  4. routed mode

Answer(s): C






Post your Comments and Discuss Cisco 350-701 exam dumps with other Community members:

Join the 350-701 Discussion