Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 350-701

Cisco 350-701 Exam Questions
Implementing and Operating Cisco Security Core Technologies (Page 21 )

Updated On: 24-Feb-2026
Page 21 of 123
PDF with 727 Questions

Which compliance status is shown when a configured posture policy requirement is not met?

  1. compliant
  2. unknown
  3. authorized
  4. noncompliant

Answer(s): D

Explanation:

Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies.
A posture policy is a collection of posture requirements that are associated with one or more identity groups and operating systems.
Posture-policy requirements can be set to mandatory, optional, or audit types in posture policies.

+ If a mandatory requirement fails, the user will be moved to Non-Compliant state + If an optional requirement fails, the user is allowed to skip the specified optional requirements and the user is moved to Compliant state
This Qdid not clearly specify the type of posture policy requirement (mandatory or optional) is not met so the user can be in Non-compliant or compliant state. But "noncompliant" is the best answer here.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/
b_ise_admin_guide_sample_chapter_010111.html



Which benefit is provided by ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE?

  1. It allows the endpoint to authenticate with 802.1x or MAB.
  2. It verifies that the endpoint has the latest Microsoft security patches installed.
  3. It adds endpoints to identity groups dynamically.
  4. It allows CoA to be applied if the endpoint status is compliant.

Answer(s): A



Which IPS engine detects ARP spoofing?

  1. Atomic ARP Engine
  2. Service Generic Engine
  3. ARP Inspection Engine
  4. AIC Engine

Answer(s): A



What is a characteristic of Dynamic ARP Inspection?

  1. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP
    snooping binding database.
  2. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted
  3. DAI associates a trust state with each switch.
  4. DAI intercepts all ARP requests and responses on trusted ports only.

Answer(s): A



What is a characteristic of traffic storm control behavior?

  1. Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
  2. Traffic storm control cannot determine if the packet is unicast or broadcast.
  3. Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
  4. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

Answer(s): A






Post your Comments and Discuss Cisco 350-701 exam dumps with other Community members:

Join the 350-701 Discussion