[2023年04月28日]350-701試験問題集、350-701練習テスト問題 [Q298-Q323]

[2023年04月28日]350-701試験問題集、350-701練習テスト問題

無料で使える350-701学習ガイド試験問題と解答

質問 298
Which feature is supported when deploying Cisco ASAv within AWS public cloud?

• A. IPv6
• B. multiple context mode
• C. user deployment of Layer 3 networks
• D. clustering

正解: C

解説:
The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html
+ Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family.
+ Deployment in the Virtual Private Cloud (VPC)
+ Enhanced networking (SR-IOV) where available
+ Deployment from Amazon Marketplace
+ Maximum of four vCPUs per instance
+ User deployment of L3 networks
+ Routed mode (default)
Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud.
The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html

 

質問 299
Refer to the exhibit.

Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?

• A. show authentication sessions
• B. show authentication registrations
• C. show dot1x all
• D. show authentication method

正解: A

 

質問 300
An engineer notices traffic interruption on the network. Upon further investigation, it is learned that broadcast packets have been flooding the network. What must be configured, based on a predefined threshold, to address this issue?

• A. access control lists
• B. embedded event monitoring
• C. Bridge Protocol Data Unit guard
• D. storm control

正解: D

解説:
Explanation
Explanation
Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
By using the "storm-control broadcast level [falling-threshold]" we can limit the broadcast traffic on the switch.

 

質問 301
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)

• A. Create a class map to match interesting traffic.
• B. Create an ACL to allow UDP traffic on port 9996.
• C. Define a NetFlow collector by using the flow-export command.
• D. Enable NetFlow Version 9.
• E. Apply NetFlow Exporter to the outside interface in the inbound direction.

正解: C,E

 

質問 302
Drag and drop the capabilities from the left onto the correct technologies on the right.

正解:

解説:

 

質問 303
An engineer needs a solution for TACACS+ authentication and authorization for device administration.
The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

• A. Cisco AMP for Endpoints
• B. Cisco Stealthwatch
• C. Cisco Identity Services Engine
• D. Cisco Prime Infrastructure

正解: C

 

質問 304
Which feature within Cisco ISE verifies the compliance of an endpoint before providing access to the network?

• A. pxGrid
• B. Posture
• C. MAB
• D. Profiling

正解: B

 

質問 305
During a recent security audit a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command The VPN peer is a SOHO router with a dynamically assigned IP address Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn sohoroutercompany.com In addition to the command crypto isakmp key Cisc425007536 hostname vpn.sohoroutercompany.com what other two commands are now required on the Cisco IOS router for the VPN to continue to function after the wildcard command is removed? (Choose two)

• A. ip name-server <DNS Server IP Address>
• B. crypto isakmp identity hostname
• C. Add the dynamic keyword to the existing crypto map command
• D. ip host vpn.sohoroutercompany.eom <VPN Peer IP Address>
• E. fqdn vpn.sohoroutercompany.com <VPN Peer IP Address>

正解: B,C

 

質問 306
Drag and drop the Cisco CWS redirection options from the left onto the capabilities on the right.

正解:

解説:

 

質問 307
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?

• A. SafeSearch
• B. SSL Decryption
• C. Destination Lists
• D. File Analysis

正解: B

 

質問 308
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two.)

• A. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
• B. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
• C. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
• D. When the Cisco WSA is running in transparent mode, it uses the WSA's own IP address as the HTTP request destination.
• E. The Cisco WSA responds with its own IP address only if it is running in explicit mode.

正解: B,D

 

質問 309
An engineer recently completed the system setup on a Cisco WSA Which URL information does the system send to SensorBase Network servers?

• A. Summarized server-name information and MD5-hashed path information
• B. none because SensorBase Network Participation is disabled by default
• C. complete URL,without obfuscating the path segments
• D. URL information collected from clients that connect to the Cisco WSA using Cisco AnyConnect

正解: A

 

質問 310
Which attack is commonly associated with C and C++ programming languages?

• A. water holing
• B. DDoS
• C. buffer overflow
• D. cross-site scripting

正解: C

 

質問 311
What must be enabled to secure SaaS-based applications?

• A. two-factor authentication
• B. modular policy framework
• C. application security gateway
• D. end-to-end encryption

正解: D

 

質問 312
Which two behavioral patterns characterize a ping of death attack? (Choose two)

• A. Short synchronized bursts of traffic are used to disrupt TCP connections.
• B. The attack is fragmented into groups of 16 octets before transmission.
• C. Publicly accessible DNS servers are typically used to execute the attack.
• D. The attack is fragmented into groups of 8 octets before transmission.
• E. Malformed packets are used to crash systems.

正解: D,E

解説:
Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.
A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered, and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.

 

質問 313
Which Cisco DNA Center RESTful PNP API adds and claims a device into a workflow?

• A. api/v1/onboarding/pnp-device/import
• B. api/v1/onboarding/pnp-device
• C. api/v1/onboarding/workflow
• D. api/v1/fie/config

正解: A

 

質問 314
With which components does a southbound API within a software-defined network architecture communicate?

• A. controllers within the network
• B. devices such as routers and switches
• C. applications
• D. appliances

正解: B

解説:

The Southbound API is used to communicate between Controllers and network devices.

 

質問 315
Refer to the exhibit.

Which type of authentication is in use?

• A. SMTP relay server authentication
• B. POP3 authentication
• C. external user and relay mail authentication
• D. LDAP authentication for Microsoft Outlook

正解: C

解説:
The TLS connections are recorded in the mail logs, along with other significant actions that are related to messages, such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection produces a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection. Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118844-technoteesa-00.html The exhibit in this Qshows a successful TLS connection from the remote host (reception) in the mail log.
messages, such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection produces a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection.
Reference:
The TLS connections are recorded in the mail logs, along with other significant actions that are related to messages, such as filter actions, anti-virus and anti-spam verdicts, and delivery attempts. If there is a successful TLS connection, there will be a TLS success entry in the mail logs. Likewise, a failed TLS connection produces a TLS failed entry. If a message does not have an associated TLS entry in the log file, that message was not delivered over a TLS connection. Reference: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118844-technoteesa-00.html The exhibit in this Qshows a successful TLS connection from the remote host (reception) in the mail log.

 

質問 316
Which solution should be leveraged for secure access of a CI/CD pipeline?

• A. Duo Network Gateway
• B. SSL WebVPN
• C. remote access client
• D. Cisco FTD network gateway

正解: A

 

質問 317
Which information is required when adding a device to Firepower Management Center?

• A. registration key
• B. device serial number
• C. encryption method
• D. username and password

正解: A

 

質問 318
What are the two types of managed Intercloud Fabric deployment models? (Choose two)

• A. Enterprise managed
• B. Service Provider managed
• C. User managed
• D. Hybrid managed
• E. Public managed

正解: A

解説:
Many enterprises prefer to deploy development workloads in the public cloud, primarily for convenience and faster deployment.
This approach can cause concern for IT administrators, who must control the flow of IT traffic and spending and help ensure the security of data and intellectual property.
Without the proper controls, data and intellectual property can escape this oversight.
The Cisco Intercloud Fabric solution helps control this shadow IT, discovering resources deployed in the public cloud outside IT control and placing these resources under Cisco Intercloud Fabric control.
Cisco Intercloud Fabric addresses the cloud deployment requirements appropriate for two hybrid cloud deployment models:
Enterprise Managed (an enterprise manages its own cloud environments) and Service Provider Managed (the service provider administers and controls all cloud resources).
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric.pdf
The Cisco Intercloud Fabric architecture provides two product configurations to address the following two consumption models:
+ Cisco Intercloud Fabric for Business + Cisco Intercloud Fabric for Providers
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric/Intercloud_Fabric_2.html

 

質問 319
An engineer is adding a Cisco router to an existing environment. NTP authentication is configured on all devices in the environment with the command ntp authentication-key 1 md5 Clsc427128380. There are two routers on the network that are configured as NTP servers for redundancy, 192.168.1.110 and 192.168.1.111. 192.168.1.110 is configured as the authoritative time source. What command must be configured on the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices?

• A. ntp server 192.168.1.110 key 1 prefer
• B. ntp peer 192.168.1.110 prefer key 1
• C. ntp peer 192.168.1.110 key 1 primary
• D. ntp server 192.168.1.110 primary key 1

正解: D

 

質問 320
What are two DDoS attack categories? (Choose two.)

• A. database
• B. volume-based
• C. protocol
• D. scree-based
• E. sequential

正解: B,C

解説:
Reference:
https://www.cisco.com/c/en/us/products/security/what-is-a-ddos-attack.html

 

質問 321
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?

• A. Encrypted Traffic Analytics
• B. Cisco Talos Intelligence
• C. Cognitive Threat Analytics
• D. Threat Intelligence Director

正解: D

 

質問 322
What features does Cisco FTDv provide over ASAv?

• A. Cisco FTDv runs on AWS while Cisco ASAV does not.
• B. Cisco FTDv provides IGB of firewall throughput while Cisco ASAv does not.
• C. Cisco FTDv runs on VMWare while Cisco ASAv does not.
• D. Cisco FTDv supports URL filtering while ASAV does not.

正解: D

 

質問 323
......

350-701試験問題集、350-701練習テスト問題：https://www.jpntest.com/shiken/350-701-mondaishu