Free Practice Questions for Cisco 350-701 Exam

 To add switches into the fabric, administrators can use PowerOn Auto Provisioning (POAP) or Seed IP methods. POAP is a feature that automates the process of upgrading software images and installing configuration files on Cisco switches that are being deployed in the network for the first time. Seed IP is a method that allows administrators to specify the IP address of a switch that is already part of the fabric, and then use it to discover and add other switches that are connected to it. Both methods enable administrators to control how switches are added into DCNM for private cloud management. References:

POAP, section “PowerOn Auto Provisioning (POAP)”.

Seed IP, section “Add Switches”.

https://www.cisco.com/c/en/us/td/docs/security/ise/1-4-1/admin_guide/b_ise_admin_guide_141/b_ise_admin_guide_141_chapter_01110.html

Two-factor authentication is a security feature that requires users to provide two forms of information before gaining access to the Cisco ESA. The two factors are usually something the user knows, such as a password, and something the user has, such as a token or a code. Two-factor authentication can be enabled for specific user roles on the Cisco ESA through a RADIUS server, which is an external authentication server that supports the Remote Authentication Dial-In User Service (RADIUS) protocol. The RADIUS server can generate and validate the second factor for the users, such as a one-time password (OTP) or a time-based one-time password (TOTP). To enable two-factor authentication through a RADIUS server, the network engineer must configure the RADIUS server settings on the Cisco ESA, and assign the user roles that require two-factor authentication to use the RADIUS server as the authentication source. This can be done on the System Administration > Users page in the web interface, or by using the userconfig command in the CLI12.

A cluster is a group of Cisco ESAs that share the same configuration information and can be managed centrally. A cluster can provide increased reliability, flexibility, and scalability for the email security system. To join a cluster, a Cisco ESA must have the same AsyncOS version as the other cluster members, and must use a pre-shared key to authenticate with the cluster leader. The pre-shared key is a secret passphrase that is configured on the cluster leader and must be entered on the joining appliance. To join a cluster by using the Cisco ESA CLI, the network engineer must use the clusterconfig command, which allows the engineer to create a new cluster, join an existing cluster, or leave a cluster. The clusterconfig command also allows the engineer to specify the communication port and the hostname or IP address of the cluster leader. If the Cisco ESA has enabled two-factor authentication, the network engineer must also use the clusterconfig > prepjoin command to configure the pre-shared key before joining the cluster34.

Therefore, option A is the correct answer, and the other options are incorrect. Option B is incorrect because the cluster configuration options must be done via the CLI on the Cisco ESA and cannot be created or joined in the GUI. Option C is incorrect because the Cisco ESA does not support TACACS+ as an external authentication source, only LDAP and RADIUS. Option D is incorrect because it also uses TACACS+, which is not supported by the Cisco ESA. References :=

User Guide for AsyncOS 14.0 for Cisco Secure Email Gateway - GD (General Deployment) - Distributing Administrative Tasks

User Guide for AsyncOS 14.0 for Cisco Secure Email Gateway - GD (General Deployment) - External Authentication

Configure an Email Security Appliance (ESA) Cluster

User Guide for AsyncOS 14.0 for Cisco Secure Email Gateway - GD (General Deployment) - Centralized Management

In Cisco Secure Endpoint, to create a custom detection file list for detecting and quarantining future files, an advanced custom detection should be created, and the hash of each file to be detected and quarantined should be uploaded. This allows the system to uniquely identify and take action on files based on their hash values, providing a precise method for targeting specific malicious or unwanted files.

Multifactor authentication (MFA) is a security measure that requires two or more proofs of identity to grant access to network resources. These proofs can be something the user knows (such as a password or a PIN), something the user has (such as a token or a card), or something the user is (such as a fingerprint or a face scan). The benefit of using MFA is that it adds an extra layer of protection against unauthorized access, especially if the first factor (such as a password) is compromised or stolen. By requiring a second validation of identity, MFA reduces the risk of data breaches and identity theft. MFA can also help comply with regulatory and industry standards that mandate strong authentication for sensitive data and systems. References :=

Some possible references are:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Security Concepts, Lesson 1.3: Identity and Access Management

Multi-factor authentication best practices & strategy, NordLayer Blog

How to implement Multi-Factor Authentication (MFA), Microsoft Security Blog

Multi-factor authentication, Cyber.gov.au

What is Multi-Factor Authentication?, IBM

In a Cisco Secure Workload implementation, telemetry data can be generated from IPFIX (Internet Protocol Flow Information Export) records using NetFlow connectors and Cisco Secure Workload itself. NetFlow provides insights into network traffic flow and volume, while Cisco Secure Workload uses this data for visibility, segmentation, and security analytics within the data center.

In a man-in-the-middle (MITM) attack, the attacker inserts their machine between two hosts that are communicating with each other, and secretly relays and possibly alters the messages between them. The attacker can intercept, modify, or spoof the data, and the hosts are unaware that their communication is compromised. A MITM attack can target any communication channel that uses weak or no encryption, such as email, web, or wireless networks. A MITM attack can break the confidentiality, integrity, and authenticity of the communication, and can have various goals, such as eavesdropping, stealing credentials, impersonating a legitimate party, or redirecting traffic. A MITM attack can be prevented by using strong encryption protocols, such as TLS, IPSec, or SSH, and verifying the identity of the communication endpoints using certificates or other means. References: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Man-in-the-middle attack - Wikipedia, Man-in-the-Middle Attack: Types and Examples - Fortinet

Explanation

Spero analysis is a feature of Cisco AMP for Networks that examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud for analysis1. Spero analysis can detect malware based on the file’s structure and behavior, without requiring a full file upload2. Spero analysis is different from dynamic analysis, sandbox analysis, and malware analysis, which are other features of Cisco AMP for Networks that perform different types of file inspection and analysis3. References: 1: How to configure Firepower AMP to not upload files to … - Cisco Community 2: File Policies - Network Direction 3: Cisco AMP for Networks - Cisco

Explanation

Cisco Threat Intelligence Director (CTID) can be integrated with existing Threat Intelligence Platforms deployed by your organization to ingest threat intelligence automatically.

A traffic profile is a graph of network traffic based on connection data collected over a profiling time window (PTW). This measurement presumably represents normal network traffic. After the learning period, you can detect abnormal network traffic by evaluating new traffic against your profile. You can also set up inactive periods in traffic profile to exclude data that does not reflect normal network behavior. You can use traffic profiles to write correlation rules that trigger when the traffic deviates from the profile by a certain threshold or standard deviation. This way, you can identify and respond to potential attacks or security policy violations that cause traffic anomalies. References :=

Some possible references are:

Firepower Management Center Configuration Guide, Version 6.0 - Traffic Profiling

Cisco Next-Generation Intrusion Prevention System (NGIPS)

Which statement describes a traffic profile on a Cisco Next Generation Intrusion Prevention System?

Contextual awareness is the ability to collect and analyze information about the network environment, such as users, devices, applications, threats, and vulnerabilities, and use it to enhance security policies and actions. Cisco Firepower is a network security device that supports contextual awareness by providing real-time visibility into network traffic and activity, security intelligence from Cisco Talos and other sources, and advanced threat protection with Cisco AMP and sandboxing. Cisco Firepower can also leverage Cisco pxGrid to share contextual data with other security solutions, such as SIEM and TD platforms, to enable faster and more accurate threat detection and response123 References := 1: Cisco Firepower NGIPS Data Sheet - Cisco 2: Cisco Identity Services Engine with Integrated Security Information and Event Management and Threat Defense Platforms At-a-Glance - Cisco 3: A Visibility-Driven Approach to Next-Generation Firewalls