Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

350-701 by Cisco - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which information is required when adding a device to Firepower Management Center?

A username and password
B encryption method
C device serial number
D registration key

Question 4

What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?

A Cisco Umbrella
B External Threat Feeds
C Cisco Threat Grid
D Cisco Stealthwatch

Question 5

Which Cisco command enables authentication, authorization, and accounting globally so that CoA is supported on the device?

A aaa server radius dynamic-author
B auth-type all
C aaa new-model
D ip device-tracking

Question 6

What is a characteristic of Firepower NGIPS inline deployment mode?

A ASA with Firepower module cannot be deployed
B It cannot take actions such as blocking traffic
C It is out-of-band from traffic
D It must have inline interface pairs configured

Question 7

A mall provides security services to customers with a shared appliance. The mall wants separation of management on the shared appliance. Which ASA deployment mode meets these needs?

A routed mode
B multiple zone mode
C multiple context mode
D transparent mode

Question 8

What is managed by Cisco Security Manager?

A Cisco WLC
B Cisco ESA
C Cisco WSA
D Cisco ASA

Question 9

An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?

A Cisco Firepower
B Cisco Umbrella
C Cisco ISE
D Cisco AMP

Question 10

An engineer notices traffic interruptions on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?

A Storm Control
B embedded event monitoring
C access control lists
D Bridge Protocol Data Unit guard

Question 11

What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

A Multiple NetFlow collectors are supported.
B Advanced NetFlow v9 templates and legacy v5 formatting are supported.
C Secure NetFlow connectors are optimized for Cisco Prime Infrastructure
D Flow-create events are delayed.

Question 12

What is a key difference between Cisco Firepower and Cisco ASA?

A Cisco Firepower provides identity based access control while Cisco ASA does not.
B Cisco AS provides access control while Cisco Firepower does not.
C Cisco ASA provides SSL inspection while Cisco Firepower does not.
D Cisco Firepower natively provides intrusion prevention capabilities while Cisco ASA does not.

Question 13

Which two mechanisms are used to control phishing attacks? (Choose two.)

A Enable browser alerts for fraudulent websites.
B Define security group memberships.
C Revoke expired CRL of the websites.
D Use antispyware software.
E Implement email filtering techniques.

Question 14

DRAG DROP -
Drag and drop the suspicious patterns for the Cisco Tetration platform from the left onto the correct definitions on the right.
Select and Place:

Question 15

What is a benefit of using Cisco FMC over Cisco ASDM?

A Cisco FMC uses Java while Cisco ASDM uses HTML5.
B Cisco FMC provides centralized management while Cisco ASDM does not.
C Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices.

Question 16

Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

A Threat Intelligence Director
B Encrypted Traffic Analytics.
C Cognitive Threat Analytics.
D Cisco Talos Intelligence

Question 17

A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)

A permit
B allow
C reset
D trust
E monitor

Question 18

What is a characteristic of a bridge group in a Cisco ASA Firewall running in transparent mode?

A It has an IP address on its BVI interface and is used for management traffic.
B It allows ARP traffic with a single access rule.
C It includes multiple interfaces and access rules between interfaces are customizable.
D It is a Layer 3 segment and includes one port and customizable access rules.

Question 19

While using Cisco Firepower's Security Intelligence policies, which two criteria is blocking based upon? (Choose two.)

A IP addresses
B URLs
C port numbers
D protocol IDs
E MAC addresses

Question 20

What features does Cisco FTDv provide over Cisco ASAv?

A Cisco FTDv provides 1GB of firewall throughput while Cisco ASAv does not.
B Cisco FTDv runs on VMware while Cisco ASAv does not.
C Cisco FTDv runs on AWS while Cisco ASAv does not.
D Cisco FTDv supports URL filtering while Cisco ASAv does not.

Question 21

A network engineer is deciding whether to use stateful or stateless failover when configuring two Cisco ASAs for high availability. What is the connection status in both cases?

A need to be reestablished with stateful failover and preserved with stateless failover
B preserved with both stateful and stateless failover
C need to be reestablished with both stateful and stateless failover
D preserved with stateful failover and need to be reestablished with stateless failover

Question 22

Which term describes when the Cisco Firepower downloads threat intelligence updates from Cisco Talos?

A authoring
B consumption
C sharing
D analysis

Question 23

An administrator is configuring a DHCP server to better secure their environment. They need to be able to rate-limit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

A Set a trusted interface for the DHCP server.
B Set the DHCP snooping bit to 1.
C Enable ARP inspection for the required VLAN.
D Add entries in the DHCP snooping database.

Question 24

Which attack is commonly associated with C and C++ programming languages?

A cross-site scripting
B water holing
C DDoS
D buffer overflow

Question 25

What is a prerequisite when integrating a Cisco ISE server and an AD domain?

A Configure a common administrator account.
B Place the Cisco ISE server and the AD server in the same subnet.
C Synchronize the clocks of the Cisco ISE server and the AD server.
D Configure a common DNS server.

Page 1 of 27 • Questions 1-25 of 651

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which functions of an SDN architecture require southbound APIs to enable communication?

A SDN controller and the network elements
B management console and the SDN controller
C management console and the cloud
D SDN controller and the cloud

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

A The attack is fragmented into groups of 16 octets before transmission.
B The attack is fragmented into groups of 8 octets before transmission.
C Short synchronized bursts of traffic are used to disrupt TCP connections.
D Malformed packets are used to crash systems.
E Publicly accessible DNS servers are typically used to execute the attack.

350-701Preview