Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
350-701
Free trial
Verified
Question 76
What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?
- A: Enable IP Layer enforcement.
- B: Activate the Cisco AMP license.
- C: Activate SSL decryption.
- D: Enable Intelligent Proxy.
Question 77
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?
- A: Cisco ISE
- B: Web Security Appliance
- C: Security Manager
- D: Cloudlock
Question 78
Which type of attack is social engineering?
- A: trojan
- B: MITM
- C: phishing
- D: malware
Question 79
What are the two types of managed Intercloud Fabric deployment models? (Choose two.)
- A: Service Provider managed
- B: User managed
- C: Public managed
- D: Hybrid managed
- E: Enterprise managed
Question 80
An engineer needs a cloud solution that will monitor traffic, create incidents based on events, and integrate with other cloud solutions via an API. Which solution should be used to accomplish this goal?
- A: CASB
- B: Cisco Cloudlock
- C: Adaptive MFA
- D: SIEM
Question 81
An organization is using Cisco Firepower and Cisco Meraki MX for network security and needs to centrally manage cloud policies across these platforms. Which software should be used to accomplish this goal?
- A: Cisco Defense Orchestrator
- B: Cisco Configuration Professional
- C: Cisco Secureworks
- D: Cisco DNA Center
Question 82
Which factor must be considered when choosing the on-premise solution over the cloud-based one?
- A: With an on-premise solution, the provider is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the customer is responsible for it.
- B: With a cloud-based solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.
- C: With an on-premise solution, the provider is responsible for the installation, but the customer is responsible for the maintenance of the product.
- D: With an on-premise solution, the customer is responsible for the installation and maintenance of the product, whereas with a cloud-based solution, the provider is responsible for it.
Question 83
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements?
- A: Cisco NGFW
- B: Cisco Cloudlock
- C: Cisco Cloud Email Security
- D: Cisco Umbrella
Question 84
In an IaaS cloud services model, which security function is the provider responsible for managing?
- A: firewalling virtual machines
- B: Internet proxy
- C: hypervisor OS hardening
- D: CASB
Question 85
An organization wants to secure users, data, and applications in the cloud. The solution must be API-based on operate as a cloud-native CASB. Which solution must be used for this implementation?
- A: Cisco Cloud Email Security
- B: Cisco Cloudlock
- C: Cisco Umbrella
- D: Cisco Firepower Nest-Generation Firewall
Question 86
DRAG DROP -
Drag and drop the cloud security assessment components from the left onto the definitions on the right.
Select and Place:
Question 87
An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?
- A: virtual routing and forwarding
- B: access control policy
- C: virtual LAN
- D: microsegmentation
Question 88
Which cloud model is a collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group?
- A: community
- B: private
- C: public
- D: hybrid
Question 89
What are two DDoS attack categories? (Choose two.)
- A: protocol
- B: source-based
- C: database
- D: sequential
- E: volume-based
Question 90
How does Cisco Workload Optimization Manager help mitigate application performance issues?
- A: It automates resource resizing.
- B: It sets up a workload forensic score.
- C: It optimizes a flow path.
- D: It deploys an AWS Lambda system.
Question 91
Which DevSecOps implementation process gives a weekly or daily update instead of monthly or quarterly in the applications?
- A: CI/CD pipeline
- B: container
- C: orchestration
- D: security
Question 92
Which system facilitates deploying microsegmentation and multi-tenancy services with a policy-based container?
- A: SDLC
- B: Lambda
- C: Contiv
- D: Docker
Question 93
How does a cloud access security broker function?
- A: It is an authentication broker to enable single sign-on and multi-factor authentication for a cloud solution.
- B: It scans other cloud solutions being used within the network and identifies vulnerabilities.
- C: It integrates with other cloud solutions via APIs and monitors and creates incidents based on events from the cloud solution.
- D: It acts as a security information and event management solution and receives syslog from other cloud solutions.
Question 94
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.)
- A: Send syslog from AWS to Cisco Stealthwatch Cloud.
- B: Configure Cisco Stealthwatch Cloud to ingest AWS information.
- C: Send VPC Flow Logs to Cisco Stealthwatch Cloud.
- D: Configure Cisco Thousand Eyes to ingest AWS information.
- E: Configure Cisco ACI to ingest AWS information.
Question 95
An organization wants to implement a cloud-delivered and SaaS-based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution meets these requirements?
- A: NetFlow collectors
- B: Cisco Cloudlock
- C: Cisco Stealthwatch Cloud
- D: Cisco Umbrella
Question 96
Where are individual sites specified to be blacklisted in Cisco Umbrella?
- A: application settings
- B: content categories
- C: security settings
- D: destination lists
Question 97
An engineer configured a new network identity in Cisco Umbrella but must verify that traffic is being routed through the Cisco Umbrella network.
Which action tests the routing?
- A: Ensure that the client computers are pointing to the on-premises DNS servers.
- B: Enable the Intelligent Proxy to validate that traffic is being routed correctly.
- C: Add the public IP address that the client computers are behind to a Core Identity.
- D: Browse to http://welcome.umbrella.com/ to validate that the new identity is working.
Question 98
How does Cisco Umbrella archive logs to an enterprise-owned storage?
- A: by using the Application Programming Interface to fetch the logs
- B: by sending logs via syslog to an on-premises or cloud-based syslog server
- C: by the system administrator downloading the logs from the Cisco Umbrella web portal
- D: by being configured to send logs to a self-managed AWS S3 bucket
Question 99
In which type of attack does the attacker insert their machine between two hosts that are communicating with each other?
- A: man-in-the-middle
- B: LDAP injection
- C: insecure API
- D: cross-site scripting
Question 100
Which API is used for Content Security?
- A: NX-OS API
- B: IOS XR API
- C: OpenVuln API
- D: AsyncOS API
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!