350-701 Online Practice Questions and Answers

When wired 802.1X authentication is implemented, which two components are required? (Choose two)

A. authentication server: Cisco Identity Service Engine

B. supplicant: Cisco AnyConnect ISE Posture module

C. authenticator: Cisco Catalyst switch

D. authenticator: Cisco Identity Services Engine

E. authentication server: Cisco Prime Infrastructure

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

A. RADIUS Change of Authorization

B. device tracking

C. DHCP snooping

D. VLAN hopping

Which Talos reputation center allows you to track the reputation of IP addresses for email and web traffic?

A. IP Blacklist Center

B. File Reputation Center

C. AMP Reputation Center

D. IP and Domain Reputation Center

What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

A. posture assessment

B. CoA

C. external identity source

D. SNMP probe

An organization must add new firewalls to its infrastructure and wants to use Cisco ASA or Cisco FTD.

The chosen firewalls must provide methods of blocking traffic that include offering the user the option to bypass the block for certain sites after displaying a warning page and to reset the connection. Which solution should the organization choose?

A. Cisco FTD because it supports system rate level traffic blocking, whereas Cisco ASA does not

B. Cisco ASA because it allows for interactive blocking and blocking with reset to be configured via the GUI, whereas Cisco FTD does not.

C. Cisco FTD because it enables interactive blocking and blocking with reset natively, whereas Cisco ASA does not

D. Cisco ASA because it has an additional module that can be installed to provide multiple blocking capabilities, whereas Cisco FTD does not.

What is the result of the ACME-Router(config)#login block-for 100 attempts 4 within 60 command on a Cisco IOS router?

A. lf four log in attempts fail in 100 seconds, wait for 60 seconds to next log in prompt.

B. After four unsuccessful log in attempts, the line is blocked for 100 seconds and only permit IP addresses are permitted in ACL

C. After four unsuccessful log in attempts, the line is blocked for 60 seconds and only permit IP addresses are permitted in ACL1

D. If four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds.

What is the most commonly used protocol for network telemetry?

A. NetFlow

B. SNMP

C. TFTP

D. SMTP

Which common threat can be prevented by implementing port security on switch ports?

A. VLAN hopping attacks

B. spoofing attacks

C. denial-of-service attacks

D. eavesdropping attacks

In which cloud services model is the customer responsible for scanning for and mitigation of application vulnerabilities?

A. VMaaS

B. IaaS

C. PaaS

D. SaaS

What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physical Secure Email Gateway?

A. simplifies the distribution of software updates

B. provides faster performance

C. provides an automated setup process

D. enables the allocation of additional resources