Free Practice Questions for Cisco 350-701 Exam

Proxy caching is a method that enables a proxy server to save recent and frequent website/webpage requests and data requested by one or more client machines. It reduces latency, eases bandwidth consumption, and ensures content is served more swiftly to the end-user12. WSA (Web Security Appliance) is a Cisco product that provides proxy caching functionality, along with other web security features such as malware protection, URL filtering, and data loss prevention3. Firepower, FireSIGHT, and ASA are other Cisco products that do not provide proxy caching, but rather focus on different aspects of network security, such as threat detection, management, and firewall . References:

What is Proxy Caching? | StackPath

What Is Proxy Caching? | Definition & Overview | NinjaOne

Cisco Web Security Appliance Data Sheet

[Cisco Firepower NGFW Data Sheet]

[Cisco FireSIGHT Management Center Data Sheet]

[Cisco ASA 5500-X Series Firewalls Data Sheet]

When a Cisco WSA receives a web request, it evaluates it against the policies in the policy table. Each policy type has a predefined, global policy, which maintains default actions for that policy type. If the web request does not match any user-defined policy, the WSA applies the global policy. The global policy can be configured to allow, block, or redirect the web request based on various criteria. The global policy acts as a catch-all policy for any web request that is not explicitly handled by a user-defined policy. References :=

User Guide for AsyncOS 11.0 for Cisco Web Security Appliances - Create Policies to Control Internet Requests

User Guide for AsyncOS 12.7 for Cisco Web Security Appliances - LD (Limited Deployment) - Acquire End-User Credentials

Posture is a service in Cisco ISE that checks the compliance of endpoints with corporate security policies before allowing them to connect to the network. Posture policies define the requirements that endpoints must meet to be compliant, such as having antivirus software installed and updated, or having a specific registry key value. If an endpoint is compliant, Cisco ISE can apply a Change of Authorization (CoA) to grant it access to the network resources. CoA is a mechanism that allows Cisco ISE to dynamically change the authorization attributes of an existing session, such as VLAN, dACL, or SGT, without requiring the user to reauthenticate. CoA can be triggered by various events, such as posture assessment results, profiling changes, or manual actions by the administrator. CoA can also be used to quarantine or disconnect non-compliant endpoints. Therefore, ensuring that an endpoint is compliant with a posture policy configured in Cisco ISE provides the benefit of allowing CoA to be applied if the endpoint status is compliant. References :=

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Change of Authorization

 The process that uses STIX and allows uploads and downloads of block lists is sharing. STIX (Structured Threat Information Expression) is a standard language and format for exchanging cyber threat intelligence data. Block lists are collections of observables, such as IP addresses, URLs, or domains, that are associated with malicious activity and can be used to block or monitor network traffic. Cisco Threat Intelligence Director (TID) is a feature that operationalizes threat intelligence data by consuming, normalizing, publishing, and correlating data from various sources, including third-party STIX feeds. TID enables the administrator to upload STIX files from local or remote sources, or download STIX files from the Firepower Management Center (FMC) to share with other systems. TID also allows the administrator to configure actions (such as block or monitor) based on the indicators and observables in the STIX files, and generate incidents and observations when the system detects traffic that matches the threat intelligence data123

References := 1: Firepower Management Center Configuration Guide, Version 6.2.3 - Threat Intelligence Director 2 2: Introduction to STIX - GitHub Pages 4 3: Third-Party Integration of Security Feeds with FMC (Cisco Threat Intelligence Director) - Cisco Community 3

 Cisco NBAR2 is a classification engine that recognizes and classifies a wide variety of protocols and applications based on their deep packet inspection (DPI) signatures. NBAR2 enables the platform to identify and output various applications within the network traffic flows, such as web, email, voice, video, and so on. NBAR2 also supports custom protocols and applications, allowing the platform to classify traffic based on user-defined criteria. NBAR2 helps the platform to apply the appropriate quality of service (QoS), security, and policy for each application or protocol. References :=

Some possible references are:

Cisco NBAR2

Classifying Network Traffic Using NBAR

Next Generation NBAR (NBAR2)

Explanation

Explanation

Cisco Defense Orchestrator is a cloud-based management solution that allows you to manage security policies

and device configurations with ease across multiple Cisco and cloud-native security platforms.

Cisco Defense Orchestrator features:

….

Management of hybrid environments: Managing a mix of firewalls running the ASA, FTD, and Meraki

MX software is now easy, with the ability to share policy elements across platforms.

CoA-ACK is the CoA response code that is sent if an authorization state is changed successfully on a Cisco IOS device. CoA-ACK stands for CoA acknowledgment, which indicates that the device has received and processed the CoA request from the server and applied the new authorization settings to the session. The attributes returned within a CoA-ACK can vary based on the CoA request, such as session reauthentication, session termination, or session modification. The other options are not correct because they are not valid CoA response codes. CoA-NCL, CoA-NAK, and CoA-MAV are not defined in RFC 5176, which specifies the CoA protocol. CoA-NAK is the closest option, but it stands for CoA non-acknowledgment, which indicates that the device has rejected the CoA request from the server due to some error or inconsistency. References :=

Some possible references are:

RADIUS Change of Authorization - Cisco

Security and VPN Configuration Guide, Cisco IOS XE 17.x

RFC 5176 - Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)