Cisco 350-701リアル試験問題解答は無料 [Q329-Q345]

Cisco 350-701リアル試験問題解答は無料

試験問題集で350-701練習無料最新のCisco練習テスト

Cisco 350-701試験に備えるために、候補者はCiscoのトレーニングコースに参加したり、Ciscoのドキュメントを読んだり、Ciscoのラボで練習したりすることができます。また、試験ダンプ、練習問題、勉強ガイドなどの学習資料も提供されています。試験に挑戦する前に、候補者がIT業界で3〜5年の経験を持っていることが推奨されています。

Cisco 350-701試験は、ITプロフェッショナルのCiscoセキュリティコアテクノロジーの実装と運用のスキルと知識を認定する認定試験です。この試験は、Ciscoネットワーク、デバイス、アプリケーションのセキュリティに責任を持つ個人のために設計されています。認定は、Cisco Certified Network Professional（CCNP）セキュリティトラックの一部であり、Cisco Certified Internetwork Expert（CCIE）セキュリティ認定の前提条件です。

質問 # 329
Which risk is created when using an Internet browser to access cloud-based service?

A. vulnerabilities within protocol
B. insecure implementation of API
C. intermittent connection to the cloud connectors
D. misconfiguration of Infra, which allows unauthorized access

正解：A

質問 # 330
What are two DDoS attack categories? (Choose two.)

A. volume-based
B. protocol
C. sequential
D. database
E. source-based

正解：A、B

質問 # 331
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically.
What must be configured to accomplish this?

A. Configure the Cisco ESA to modify policies based on the traffic seen
B. Configure the Cisco WSA to receive real-time updates from Talos
C. Configure the Cisco WSA to modify policies based on the traffic seen
D. Configure the Cisco ESA to receive real-time updates from Talos

正解：A

解説：
The Mail Policies menu is where almost all of the controls related to email filtering happens. All the security and content filtering policies are set here, so it's likely that, as an ESA administrator, the pages on this menu are where you are likely to spend most of your time.

質問 # 332
Which two mechanisms are used to control phishing attacks? (Choose two.)

A. Implement email filtering techniques.
B. Enable browser alerts for fraudulent websites.
C. Define security group memberships.
D. Use antispyware software.
E. Revoke expired CRL of the websites.

正解：A、B

質問 # 333
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the Interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

A. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users
B. Dynamic ARP inspection has not been enabled on all VLANs
C. DHCP snooping has not been enabled on all VLANs
D. The no ip arp inspection trust command is applied on all user host interfaces

正解：D

解説：
Explanation/Reference:

質問 # 334
How many interfaces per bridge group does an ASA bridge group deployment support?

A. up to 8
B. up to 4
C. up to 16
D. up to 2

正解：B

質問 # 335
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?

A. Set the tunnel port to 8305
The FMC and managed devices communicate using a two-way, SSL-encrypted communication channel, which by default is on port 8305.
B. Manually change the management port on Cisco FMC and all managed Cisco FTD devices
C. Set the tunnel to go through the Cisco FTD
D. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices

正解：B

解説：
Cisco strongly recommends that you keep the default settings for the remote management port, but if the management port conflicts with other communications on your network, you can choose a different port. If you change the management port, you must change it for all devices in your deployment that need to communicate with each other.

質問 # 336
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category. Which reputation score should be selected to accomplish this goal?

A. 0
B. 1
C. 2
D. 3

正解：D

解説：
We choose "Chat and Instant Messaging" category in "URL Category":

To block certain URLs we need to choose URL Reputation from 6 to 10.

質問 # 337
Which two request of REST API are valid on the Cisco ASA Platform? (Choose two.)

A. connect
B. put
C. get
D. push
E. options

正解：B、C

質問 # 338
Drag and drop the threats from the left onto examples of that threat on the right

正解：

解説：

質問 # 339
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

A. ip flow-export destination 1.1.1.1 2055
B. ip flow monitor input
C. flow-export destination inside 1.1.1.1 2055
D. flow exporter

正解：C

解説：
The syntax of this command is: flow-export destination interface-name ipv4-address | hostname udp-port This command is used on Cisco ASA to configure Network Secure Event Logging (NSEL) collector to which NetFlow packets are sent. The destination keyword indicates that a NSEL collector is being configured. + The interface-name argument is the name of the ASA and ASA Services Module interface through which the collector is reached. + The ipv4-address argument is the IP address of the machine running the collector application. + The hostname argument is the destination IP address or name of the collector. + The udp-port argument is the UDP port number to which NetFlow packets are sent. You can configure a maximum of five collectors. After a collector is configured, template records are automatically sent to all configured NSEL collectors. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ monitor_nsel.html This command is used on Cisco ASA to configure Network Secure Event Logging (NSEL) collector to which NetFlow packets are sent. The destination keyword indicates that a NSEL collector is being configured.
+ The interface-name argument is the name of the ASA and ASA Services Module interface through which the collector is reached.
+ The ipv4-address argument is the IP address of the machine running the collector application.
+ The hostname argument is the destination IP address or name of the collector.
+ The udp-port argument is the UDP port number to which NetFlow packets are sent.
You can configure a maximum of five collectors. After a collector is configured, template records are automatically sent to all configured NSEL collectors.
Reference:
The syntax of this command is: flow-export destination interface-name ipv4-address | hostname udp-port This command is used on Cisco ASA to configure Network Secure Event Logging (NSEL) collector to which NetFlow packets are sent. The destination keyword indicates that a NSEL collector is being configured. + The interface-name argument is the name of the ASA and ASA Services Module interface through which the collector is reached. + The ipv4-address argument is the IP address of the machine running the collector application. + The hostname argument is the destination IP address or name of the collector. + The udp-port argument is the UDP port number to which NetFlow packets are sent. You can configure a maximum of five collectors. After a collector is configured, template records are automatically sent to all configured NSEL collectors. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ monitor_nsel.html

質問 # 340
Refer to the exhibit.

What are two indications of the Cisco Firepower Services Module configuration?
(Choose two.)

A. The module fails to receive redirected traffic
B. The module is operating in IDS mode.
C. Traffic is blocked if the module fails.
D. Traffic continues to flow if the module fails.
E. The module is operating in IPS mode.

正解：B、D

質問 # 341
Drag and drop the descriptions from the left onto the encryption algorithms on the right.

正解：

解説：

質問 # 342
What are two characteristics of Cisco DNA Center APIs? (Choose two)

A. They quickly provision new devices.
B. Postman is required to utilize Cisco DNA Center API calls.
C. They are Cisco proprietary.
D. They view the overall health of the network
E. They do not support Python scripts.

正解：A、D

質問 # 343
What is the function of SDN southbound API protocols?

A. to enable the controller to make changes
B. to enable the controller to use REST
C. to allow for the static configuration of control plane applications
D. to allow for the dynamic configuration of control plane applications

正解：A

解説：
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs. Reference: https://www.ciscopress.com/articles/article.asp?p=3004581&seqNum=2 scalability needs.
Southbound APIs enable SDN controllers to dynamically make changes based on real-time demands and scalability needs. Reference: https://www.ciscopress.com/articles/article.asp?p=3004581&seqNum=2

Note: Southbound APIs helps us communicate with data plane (not control plane) applications