Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

350-701Free trial

By cisco

Verified

25Q per page

Question 51

An administrator is adding a new switch onto the network and has configured AAA for network access control. When testing the configuration, the RADIUS authenticates to Cisco ISE but is being rejected. Why is the ip radius source-interface command needed for this configuration?

A: Only requests that originate from a configured NAS IP are accepted by a RADIUS server.
B: The RADIUS authentication key is transmitted only from the defined RADIUS source interface.
C: RADIUS requests are generated only by a router if a RADIUS source interface is defined.
D: Encrypted RADIUS authentication requires the RADIUS source interface be defined.

—

Question 52

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

A: To view bandwidth usage for NetFlow records, the QoS feature must be enabled.
B: A sysopt command can be used to enable NSEL on a specific interface.
C: NSEL can be used without a collector configured.
D: A flow-export event type must be defined under a policy.

—

Question 53

Which feature requires a network discovery policy on the Cisco Firepower NGIPS?

A: security intelligence
B: impact flags
C: health monitoring
D: URL filtering

—

Question 54

Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

A: correlation
B: intrusion
C: access control
D: network discovery

—

Question 55

What is a characteristic of traffic storm control behavior?

A: Traffic storm control drops all broadcast and multicast traffic if the combined traffic exceeds the level within the interval.
B: Traffic storm control cannot determine if the packet is unicast or broadcast.
C: Traffic storm control monitors incoming traffic levels over a 10-second traffic storm control interval.
D: Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.

—

Question 56

DRAG DROP -
Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the left onto the correct definitions on the right.
Select and Place:

—

Question 57

What are two rootkit types? (Choose two.)

A: registry
B: buffer mode
C: user mode
D: bootloader
E: virtual

—

Question 58

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?

A: The authentication request contains only a password
B: The authentication request contains only a username
C: The authentication and authorization requests are grouped in a single packet.
D: There are separate authentication and authorization request packets.

—

Question 59

Which deployment model is the most secure when considering risks to cloud adoption?

A: public cloud
B: hybrid cloud
C: community cloud
D: private cloud

—

Question 60

What does the Cloudlock Apps Firewall do to mitigate security concerns from an application perspective?

A: It allows the administrator to quarantine malicious files so that the application can function, just not maliciously.
B: It discovers and controls cloud apps that are connected to a company's corporate environment.
C: It deletes any application that does not belong in the network.
D: It sends the application information to an administrator to act on.

—

Question 61

Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

A: DNS tunneling
B: DNSCrypt
C: DNS security
D: DNSSEC

—

Question 62

Which technology reduces data loss by identifying sensitive information stored in public computing environments?

A: Cisco SDA
B: Cisco Firepower
C: Cisco HyperFlex
D: Cisco Cloudlock

—

Question 63

In which cloud services model is the tenant responsible for virtual machine OS patching?

A: IaaS
B: UCaaS
C: PaaS
D: SaaS

—

Question 64

What is the function of Cisco Cloudlock for data security?

A: data loss prevention
B: controls malicious cloud apps
C: detects anomalies
D: user and entity behavior analytics

—

Question 65

Which feature is supported when deploying Cisco ASAv within AWS public cloud?

A: multiple context mode
B: user deployment of Layer 3 networks
C: IPv6
D: clustering

—

Question 66

Which cloud service model offers an environment for cloud consumers to develop and deploy applications without needing to manage or maintain the underlying cloud infrastructure?

A: PaaS
B: XaaS
C: IaaS
D: SaaS

—

Question 67

Which risk is created when using an Internet browser to access cloud-based service?

A: misconfiguration of Infra, which allows unauthorized access
B: intermittent connection to the cloud connectors
C: vulnerabilities within protocol
D: insecure implementation of API

—

Question 68

How is DNS tunneling used to exfiltrate data out of a corporate network?

A: It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers
B: It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data
C: It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network
D: It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

—

Question 69

What is the Cisco API-based broker that helps reduce compromises, application risks, and data breaches in an environment that is not on-premise?

A: Cisco AppDynamics
B: Cisco Cloudlock
C: Cisco Umbrella
D: Cisco AMP

—

Question 70

Which two aspects of the cloud PaaS model are managed by the customer but not the provider? (Choose two.)

A: middleware
B: applications
C: virtualization
D: operating systems
E: data

—

Question 71

Which public cloud provider supports the Cisco Next Generation Firewall Virtual?

A: Google Cloud Platform
B: Red Hat Enterprise Virtualization
C: Amazon Web Services
D: VMware ESXi

—

Question 72

What is an attribute of the DevSecOps process?

A: security scanning and theoretical vulnerabilities
B: development security
C: isolated security team
D: mandated security controls and check lists

—

Question 73

On which part of the IT environment does DevSecOps focus?

A: application development
B: wireless network
C: data center
D: perimeter network

—

Question 74

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

A: Cisco FTDv configured in routed mode and managed by an FMCv installed in AWS
B: Cisco FTDv with one management interface and two traffic interfaces configured
C: Cisco FTDv configured in routed mode and managed by a physical FMC appliance on premises
D: Cisco FTDv with two management interfaces and one traffic interface configured
E: Cisco FTDv configured in routed mode and IPv6 configured

—

Question 75

DRAG DROP -
Drag and drop the steps from the left into the correct order on the right to enable Cisco AppDynamics to monitor an EC2 instance in AWS.
Select and Place:

—

Page 3 of 27 • Questions 51-75 of 651

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!