Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 350-701

Cisco 350-701 Exam Questions
Implementing and Operating Cisco Security Core Technologies (Page 20 )

Updated On: 24-Feb-2026
Page 20 of 123
PDF with 727 Questions

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

  1. RSA SecureID
  2. Internal Database
  3. Active Directory
  4. LDAP

Answer(s): C



An engineer used a posture check on a Microsoft Windows endpoint and discovered that the MS17- 010 patch was not installed, which left the endpoint vulnerable to WannaCry ransomware.
Which two solutions mitigate the risk of this ransom ware infection? (Choose two)

  1. Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.
  2. Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.
  3. Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.
  4. Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.
  5. Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

Answer(s): A,C

Explanation:

A posture policy is a collection of posture requirements, which are associated with one or more identity groups, and operating systems. We can configure ISE to check for the Windows patch at Work Centers > Posture > Posture Elements > Conditions > File. In this example, we are going to use the predefined file check to ensure that our Windows 10 clients have the critical security patch installed to prevent the Wanna Cry malware.



Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

  1. RADIUS Change of Authorization
  2. device tracking
  3. DHCP snooping
  4. VLAN hopping

Answer(s): A



What two mechanisms are used to redirect users to a web portal to authenticate to ISE for guest services?
(Choose two)

  1. multiple factor auth
  2. local web auth
  3. single sign-on
  4. central web auth
  5. TACACS+

Answer(s): B,D



For which two conditions can an endpoint be checked using ISE posture assessment? (Choose two)

  1. Windows service
  2. computer identity
  3. user identity
  4. Windows firewall
  5. default browser

Answer(s): A,D






Post your Comments and Discuss Cisco 350-701 exam dumps with other Community members:

Join the 350-701 Discussion