Free Practice Questions for Cisco 350-701 Exam

P2, P3, and P6 only. Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network and prevents ARP spoofing attacks. DAI relies on the DHCP snooping database to verify the IP-to-MAC bindings of hosts on the network. DAI operates on untrusted ports, which are ports that connect to hosts or devices that generate ARP traffic. Trusted ports are ports that connect to other switches or routers that do not generate ARP traffic.

In this scenario, the DHCP snooping database resides on router R1, which means that switch SW2 needs to trust the port P3 that connects to R1. This way, SW2 can receive the DHCP snooping information from R1 and populate its own database. The port P4 that connects to switch SW3 also needs to be trusted, because SW3 does not generate ARP traffic. The ports P2 and P6 that connect to hosts P6 and P7 need to be untrusted, because they generate ARP traffic and need to be validated by DAI. The port P1 that connects to host P5 does not need to be configured as untrusted, because DAI is not enabled on switch SW1.

To understand the concept of DAI and how to configure it, you can refer to the following sections of the source book:

Section 1.1.2: Describe the concepts of network security

Section 1.1.2.8: Describe the concepts of DAI

Section 1.1.2.9: Describe the concepts of DHCP snooping

Section 1.1.2.10: Describe the concepts of trusted and untrusted ports

Section 1.1.2.11: Describe the concepts of DAI configuration

Cisco FMC is assigned the role of a client in the pxGrid ecosystem. A client is a partner that subscribes to the contextual data published by other partners or by ISE. A client can also publish its own data, but it does not have to. A client can use the contextual data to enforce security policies, perform threat analysis, or provide visibility. Cisco FMC can subscribe to various topics from ISE or other partners, such as user identity, session directory, endpoint profile, SGT mapping, threat events, or vulnerability assessment. Cisco FMC can also publish its own threat events to ISE or other partners. Cisco FMC can use the contextual data to apply access control rules, correlation policies, or network discovery policies based on the attributes of the users, endpoints, or sessions12.

The other options are not correct because they are not the roles assigned for Cisco FMC. A server is a partner that publishes contextual data to other partners or to ISE. A server can also subscribe to data, but it does not have to. A server can provide valuable information about the network, such as device inventory, configuration, or compliance. An example of a server is Cisco Prime Infrastructure3. A controller is the core component of the pxGrid ecosystem that manages the communication, authentication, and authorization between the partners. The controller is always ISE, and it is responsible for creating and maintaining the pxGrid domain, distributing the certificates, and facilitating the data exchange4. A publisher is a partner that publishes contextual data to other partners or to ISE, but does not subscribe to any data. A publisher can provide useful information about the network, such as security events, alerts, or incidents. An example of a publisher is Cisco Stealthwatch. References :=

Integrate FMC with ISE using pxGrid | Blue Network Security

How To: Integrate Firepower Management Center (FMC) 6 … - Cisco Community

Cisco Prime Infrastructure and ISE pxGrid Integration - Cisco

pxGrid Overview - Cisco

[Cisco Stealthwatch and ISE pxGrid Integration - Cisco]

A serverless application is one that does not require the developer to manage the underlying infrastructure or servers. Instead, the application code is executed by a cloud provider in response to events or triggers, such as HTTP requests, database changes, or messages. The cloud provider automatically provisions, scales, and manages the resources needed to run the code, and charges only for the time and resources consumed by the execution. A serverless application runs from an ephemeral, event-triggered, and stateless container that is fully managed by a cloud provider. This means that the container is created on demand when an event occurs, and is destroyed when the execution is completed. The container does not store any persistent state or data, and is isolated from other containers. The cloud provider handles the load balancing, fault tolerance, security, and monitoring of the container. A serverless application can leverage various cloud services, such as databases, storage, messaging, analytics, and machine learning, to perform complex tasks and functionalities. Serverless computing is a cloud-native development model that enables developers to focus on the business logic and deliver faster and more scalable applications. References:

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 8: Cloud and Virtual Network Security, Lesson 8.1: Cloud Computing Concepts

What is serverless? - Red Hat

Serverless computing and applications | Microsoft Azure

Explanation

A data breach is the intentional or unintentional release of secure or private/confidential information to an

untrusted environment.

When your credentials have been compromised, it means someone other than you may be in possession of your account information, such as your username and/or password.

The Cisco WSA can enforce bandwidth restrictions for web applications by using the Application Visibility and Control (AVC) engine. The AVC engine allows the WSA to identify and control application activity on the network, and to apply bandwidth limits to certain application types or individual applications. The WSA dynamically creates a scavenger class QoS policy and applies it to each client that connects through the WSA. The scavenger class QoS policy assigns a low priority to the application traffic and limits the bandwidth usage based on the configured settings. This way, the WSA can prevent congestion and ensure fair allocation of bandwidth among different applications and users. References:

User Guide for AsyncOS 11.8 for Cisco Web Security Appliances - GD (General Deployment) - Managing Access to Web Applications

WSA - limit bandwidth - Cisco Community

Mobile device management (MDM) is a solution that allows organizations to manage and secure mobile devices such as smartphones and tablets. MDM can provide scalability by supporting BYOD (bring your own device) scenarios without requiring extra appliance or licenses. BYOD allows employees to use their personal devices for work purposes, which can reduce costs and increase productivity. However, BYOD also introduces security and compliance risks, which MDM can mitigate by enforcing policies, monitoring device status, and performing remote actions. MDM can also integrate with other Cisco security solutions such as Identity Services Engine (ISE) and Umbrella to provide additional protection and visibility. According to the Cisco SCOR course, MDM can provide the following benefits for BYOD1:

Simplify device enrollment and configuration

Automate device compliance checks and remediation

Apply granular policies based on device type, user role, location, and network

Enable secure access to corporate resources and applications

Protect data at rest and in transit with encryption and VPN

Detect and respond to device threats and vulnerabilities

Wipe or lock devices in case of loss or theft

 1: Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 - Module 4: Secure Connectivity - Lesson 4.3: Mobile Device Management (MDM)

SQL injection attacks are a type of code injection technique that exploit the use of dynamic SQL queries in web applications. Attackers can inject malicious SQL statements into user input fields, such as login forms, search boxes, or URLs, and execute them on the underlying database. This can result in unauthorized access, data theft, data corruption, or denial of service.

To prevent SQL injection attacks, web developers should use the following techniques:

Use prepared statements and parameterized queries: Prepared statements are SQL queries that are precompiled and executed with user-supplied parameters. Parameterized queries are SQL queries that use placeholders for user input and bind them to actual values at runtime. Both techniques separate the SQL code from the user input, making it impossible for attackers to inject SQL commands into the query. For example, in Java, PreparedStatement is a class that implements parameterized queries. In PHP, PDO and mysqli are extensions that support prepared statements.

Block SQL code execution in the web application database login: Web applications should use a dedicated database user account with limited privileges to connect to the database. This account should only have the permissions necessary to perform the required operations, such as select, insert, update, or delete. It should not have the permissions to execute arbitrary SQL commands, such as create, drop, alter, grant, or revoke. This way, even if an attacker manages to inject SQL code into the query, the database will reject it due to insufficient privileges.

 Cisco Duo is a cloud-based solution that provides multi-factor authentication (MFA) and device trust for secure access to applications and data. MFA adds an extra layer of security by requiring users to verify their identity with something they know (such as a password) and something they have (such as a phone or a hardware token). Device trust ensures that only trusted devices can access sensitive resources by checking the device health and compliance. Cisco Duo can help prevent social engineering attacks by making it harder for hackers to impersonate legitimate users or compromise their credentials. Cisco Duo can also integrate with other Cisco security products, such as Cisco AnyConnect, Cisco AMP for Endpoints, and Cisco Umbrella, to provide a comprehensive security solution. References :=

Cisco Duo Security

Cisco Duo: Multi-Factor Authentication

Cisco Duo: Device Trust

Cisco Security Core Technologies SCOR

 Tetration is the solution that protects hybrid cloud deployment workloads with application visibility and segmentation. Tetration enables a zero-trust model using segmentation, which allows you to identify security incidents faster, contain lateral movement, and reduce your attack surface. Tetration supports both on-premises and public cloud workloads and provides real-time telemetry data, behavior analysis, software inventory, and policy enforcement. Tetration is part of the Cisco Zero Trust portfolio, which also includes solutions for securing the workforce and workplace. References:

Cisco Tetration Platform - Cisco, Topic: Cisco Tetration offers holistic workload protection for multicloud data centers by enabling a zero-trust model using segmentation.

[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Securing the Cloud, Lesson 5.3: Cloud Workload Security, Topic 5.3.1: Tetration

Cisco Zero Trust Tetration, Topic: Tetration provides zero-trust security for workloads as part of the Cisco Zero Trust portfolio.

Endpoint-based security is the solution for performing signature-based application control, which is a method of identifying and blocking malicious applications based on their signatures or hashes. Signature-based application control is one of the features of endpoint security solutions, such as Cisco AMP for Endpoints1, that protect endpoints from known and unknown threats. Endpoint security solutions can also perform other functions, such as behavioral analysis, sandboxing, machine learning, and threat hunting, to provide comprehensive protection, detection, and response on the endpoint2. The other options are not scenarios where endpoint-based security is the solution. Inspecting encrypted traffic requires a network-based security solution, such as Cisco SSL Appliance3, that can decrypt and inspect the traffic for malicious content. Device profiling and authorization requires a network access control solution, such as Cisco Identity Services Engine4, that can identify and authenticate devices and users and enforce policies based on their roles and contexts. Inspecting a password-protected archive requires a file analysis solution, such as Cisco Threat Grid5, that can extract and analyze the contents of the archive for malware and indicators of compromise. References :=

Cisco AMP for Endpoints

What is Endpoint Security? How Does It Work?

Cisco SSL Appliance

Cisco Identity Services Engine

Cisco Threat Grid

DMVPN and sVTI are both VPN technologies that use IPsec to secure the tunnel traffic. However, they differ in how they establish and manage the tunnels. DMVPN supports dynamic tunnel establishment, which means that the VPN endpoints can create and delete tunnels on demand, based on the routing information. This allows for a scalable and flexible VPN topology, where the endpoints can communicate directly with each other without going through a central hub. sVTI, on the other hand, supports static tunnel establishment, which means that the VPN endpoints have to manually configure the tunnel source and destination addresses. This requires a one-to-one mapping between the endpoints, and limits the VPN topology to a hub-and-spoke model, where the endpoints can only communicate with the hub. Therefore, DMVPN is more suitable for large and dynamic VPN networks, while sVTI is more suitable for small and stable VPN networks. References:

[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 5: Secure Connectivity, Lesson 5.2: Implementing Site-to-Site VPNs, Topic 5.2.3: Dynamic Multipoint VPN (DMVPN)

what is difference between svti and DVTI? - Cisco Community

Transparent traffic redirection using WCCP is a deployment mode for the Cisco WSA that allows it to intercept and proxy web requests from client applications without requiring any configuration on the clients. This mode increases the visibility and control of web traffic, while making the proxy function invisible to the users. To support this mode, the Cisco WSA must be configured to use the transparent proxy mode, which enables it to listen on ports 80 and 443 for HTTP and HTTPS traffic, respectively. The Cisco WSA must also be configured to use WCCP service IDs, which are numerical identifiers that specify the type and range of ports to be redirected. For example, service ID 0 (web-cache) redirects port 80, service ID 70 (https-cache) redirects port 443, and service ID 60 (ftp-native) redirects port 21 and a range of passive FTP ports. The Cisco WSA must also be configured to join a WCCP group, which is a set of WCCP routers or switches that cooperate to redirect traffic to the WSA. The WCCP group can be specified by a group list, which is an access list that defines the IP addresses of the WCCP routers or switches, or by a password, which is a shared secret that authenticates the WCCP communication. The WCCP group must also be configured on the network device that performs the traffic redirection, such as a Cisco router, switch, or ASA firewall. The network device must support WCCPv2, which is the latest version of the protocol that allows for advanced features such as load balancing, encryption, and GRE encapsulation. The network device must also be configured to use the same WCCP service IDs and group list or password as the Cisco WSA. The network device must also be configured to apply the WCCP redirection to the appropriate interface and direction, such as the inside interface and inbound direction for traffic originating from the internal network. The network device must also be configured to use an access list that defines the traffic to be redirected or bypassed, such as the source and destination IP addresses, ports, and protocols. The access list can also be used to exclude certain traffic from WCCP redirection, such as traffic to private or internal destinations, or traffic from specific hosts123 References := 1: Configure Transparent Redirection With WCCP in Order to Redirect Native FTP Traffic - Cisco 2: Solved: Transparent Redirection - Cisco Community 3: Cisco WSA : Is it possible to use web proxy in transparent mode without WCCP - Cisco Community

Explanation

Cisco Hybrid Email Security is a unique service offering that facilitates the deployment of your email security

infrastructure both on premises and in the cloud. You can change the number of on-premises versus cloud

users at any time throughout the term of your contract, assuming the total number of users does not change.

This allows for deployment flexibility as your organization’s needs change.

Explanation

Explanation

Depending on your company policy, you might be able to use your mobile phones, tablets, printers, Internet radios, and other network devices on your company’s network. You can use the My Devices portal to register and manage these devices on your company’s network.