Top Tips Of Far Out 350-701 Question

NEW QUESTION 1
On which part of the IT environment does DevSecOps focus?

• A. application development
• B. wireless network
• C. data center
• D. perimeter network

Answer: A

NEW QUESTION 2
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two.)

• A. data exfiltration
• B. command and control communication
• C. intelligent proxy
• D. snort
• E. URL categorization

Answer: AB

Explanation:
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at-a-glance-c45-736555.pdf

NEW QUESTION 3
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

• A. File Analysis
• B. SafeSearch
• C. SSL Decryption
• D. Destination Lists

Answer: C

NEW QUESTION 4
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

• A. Application Control
• B. Security Category Blocking
• C. Content Category Blocking
• D. File Analysis

Answer: B

Explanation:
Reference: https://support.umbrella.com/hc/en-us/articles/115004563666-Understanding-Security-Categories

NEW QUESTION 5
In which cloud services model is the tenant responsible for virtual machine OS patching?

• A. IaaS
• B. UCaaS
• C. PaaS
• D. SaaS

Answer: A

Explanation:
Reference: https://www.cmswire.com/cms/information-management/cloud-service-models-iaas-saas-paas-how-microsoft-office-365-azure-fit-in-021672.php

NEW QUESTION 6
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

• A. SIP
• B. inline normalization
• C. SSL
• D. packet decoder
• E. modbus

Answer: AC

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Layer_Preprocessors.html

NEW QUESTION 7
Which two descriptions of AES encryption are true? (Choose two.)

• A. AES is less secure than 3DES.
• B. AES is more secure than 3DES.
• C. AES can use a 168-bit key for encryption.
• D. AES can use a 256-bit key for encryption.
• E. AES encrypts and decrypts a key three times in sequence.

Answer: BD

Explanation:
Reference: https://gpdb.docs.pivotal.io/43190/admin_guide/topics/ipsec.html

NEW QUESTION 8
What is a characteristic of Dynamic ARP Inspection?

• A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
• B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
• C. DAI associates a trust state with each switch.
• D. DAI intercepts all ARP requests and responses on trusted ports only.

Answer: A

NEW QUESTION 9
How does Cisco Umbrella archive logs to an enterprise- owned storage?

• A. by using the Application Programming Interface to fetch the logs
• B. by sending logs via syslog to an on-premises or cloud-based syslog server
• C. by the system administrator downloading the logs from the Cisco Umbrella web portal
• D. by being configured to send logs to a self-managed AWS S3 bucket

Answer: D

Explanation:
Reference: https://docs.umbrella.com/deployment-umbrella/docs/log-management

NEW QUESTION 10
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

• A. authentication server: Cisco Identity Service Engine
• B. supplicant: Cisco AnyConnect ISE Posture module
• C. authenticator: Cisco Catalyst switch
• D. authenticator: Cisco Identity Services Engine
• E. authentication server: Cisco Prime Infrastructure

Answer: AC

Explanation:
Reference: https://www.lookingpoint.com/blog/ise-series-802.1x

NEW QUESTION 11
Which two preventive measures are used to control cross-site scripting? (Choose two.)

• A. Enable client-side scripts on a per-domain basis.
• B. Incorporate contextual output encoding/escaping.
• C. Disable cookie inspection in the HTML inspection engine.
• D. Run untrusted HTML input through an HTML sanitization engine.
• E. SameSite cookie attribute should not be used.

Answer: AB

NEW QUESTION 12
Which proxy mode must be used on Cisco WSA to redirect TCP traffic with WCCP?

• A. transparent
• B. redirection
• C. forward
• D. proxy gateway

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html

NEW QUESTION 13
Where are individual sites specified to be blacklisted in Cisco Umbrella?

• A. application settings
• B. content categories
• C. security settings
• D. destination lists

Answer: D

NEW QUESTION 14
Which statement about IOS zone-based firewalls is true?

• A. An unassigned interface can communicate with assigned interfaces
• B. Only one interface can be assigned to a zone.
• C. An interface can be assigned to multiple zones.
• D. An interface can be assigned only to one zone.

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

NEW QUESTION 15
Which two features of Cisco DNA Center are used in a Software Defined Network solution? (Choose two.)

• A. accounting
• B. assurance
• C. automation
• D. authentication
• E. encryption

Answer: BC

Explanation:
Reference: https://www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/index.html

NEW QUESTION 16
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

• A. security intelligence
• B. impact flags
• C. health monitoring
• D. URL filtering

Answer: A

NEW QUESTION 17
Which exfiltration method does an attacker use to hide and encode data inside DNS requests and queries?

• A. DNS tunneling
• B. DNSCrypt
• C. DNS security
• D. DNSSEC

Answer: A

Explanation:
Reference: https://learn-umbrella.cisco.com/cloud-security/dns-tunneling

NEW QUESTION 18
Which Cisco product provides proactive endpoint protection and allows administrators to centrally manage the deployment?

• A. NGFW
• B. AMP
• C. WSA
• D. ESA

Answer: B

NEW QUESTION 19
......