Free Cisco 350-701 Practice Exam with Questions & Answers

Explanation

Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security

Broker (CASB) and cloud cybersecurity platform.

create an application control blocked applications list. This option allows you to specify a list of files that you want to prevent from running on the endpoints that have the AMP connector installed. The files are identified by their SHA-256 hashes, and you can upload them individually or in a batch. The files are not quarantined, but they are blocked from execution and reported as events in the AMP console1. This option is different from the simple custom detection list, which is used to detect and quarantine specific files that are considered malicious2. The advanced custom detection list is also used to detect and quarantine files, but it allows you to specify more criteria such as file size, file name, and file path3. The IP block and allow lists are used to control the network traffic to and from the endpoints, not the file execution4. References: 1: Configure Application Control on the AMP for Endpoints Portal 2: Configure a Simple Custom Detection List on the AMP for Endpoints Portal 3: [Configure an Advanced Custom Detection List on the AMP for Endpoints Portal] 4: [Configure IP Block and Allow Lists on the AMP for Endpoints Portal]

To enable malware file scanning for the Secure Internet Gateway (SIG), you need to enable Intelligent Proxy, which is a feature of Cisco Umbrella that provides selective proxying of web requests based on the risk level of the domain1. Intelligent Proxy allows SIG to inspect the content of potentially malicious web requests and block or allow them based on the configured policies2. Intelligent Proxy also enables SSL decryption, which is necessary to scan encrypted web traffic for malware3. Enabling IP Layer enforcement, activating the Advanced Malware Protection license, and activating SSL decryption are not required prerequisites to enable malware file scanning for the SIG, although they may provide additional security benefits45. References: 1: Intelligent Proxy - Cisco Umbrella 2: Cisco Umbrella SIG Advantage - Cisco Umbrella 3: [SSL Decryption - Cisco Umbrella] 4: [IP Layer Enforcement - Cisco Umbrella] 5: [Advanced Malware Protection - Cisco Umbrella]

P2, P3, and P6 only. Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network and prevents ARP spoofing attacks. DAI relies on the DHCP snooping database to verify the IP-to-MAC bindings of hosts on the network. DAI operates on untrusted ports, which are ports that connect to hosts or devices that generate ARP traffic. Trusted ports are ports that connect to other switches or routers that do not generate ARP traffic.

In this scenario, the DHCP snooping database resides on router R1, which means that switch SW2 needs to trust the port P3 that connects to R1. This way, SW2 can receive the DHCP snooping information from R1 and populate its own database. The port P4 that connects to switch SW3 also needs to be trusted, because SW3 does not generate ARP traffic. The ports P2 and P6 that connect to hosts P6 and P7 need to be untrusted, because they generate ARP traffic and need to be validated by DAI. The port P1 that connects to host P5 does not need to be configured as untrusted, because DAI is not enabled on switch SW1.

To understand the concept of DAI and how to configure it, you can refer to the following sections of the source book:

Section 1.1.2: Describe the concepts of network security

Section 1.1.2.8: Describe the concepts of DAI

Section 1.1.2.9: Describe the concepts of DHCP snooping

Section 1.1.2.10: Describe the concepts of trusted and untrusted ports

Section 1.1.2.11: Describe the concepts of DAI configuration

Anycast IP is a component of Cisco umbrella architecture that increases reliability of the service by allowing the same IP address to exist on multiple servers around the world. This way, the user’s request is automatically routed to the nearest and fastest data center, and failover is seamless in case of an outage. Anycast IP also reduces latency and improves performance by using BGP to select the shortest path to the destination12. References := 1: Why Cisco Umbrella uses anycast routing - Cisco Umbrella 2: Cisco Umbrella At a Glance

This is a type of Outbreak Control list that allows the administrator to create a list of files based on their SHA-256 hash values that will be detected, blocked, and quarantined by the AMP for Endpoints connectors. The Simple Custom Detection list can be applied to a policy and synchronized with the devices that have the AMP connectors installed. This way, the administrator can prevent the execution of specific files without having to quarantine them on the devices.

The other options are incorrect because:

Advanced Custom Detection is a type of Outbreak Control list that allows the administrator to create custom rules based on file attributes, such as file name, size, path, or parent process. These rules can be used to detect and block files that match certain criteria, but they cannot be used to quarantine them.

Blocked Application is a type of Outbreak Control list that allows the administrator to create a list of applications based on their SHA-256 hash values that will be blocked from running on the devices that have the AMP connectors installed. However, this list does not detect or quarantine the applications, only prevents them from executing.

Isolation is a feature of AMP for Endpoints that allows the administrator to isolate a device from the network if it is compromised by malware. This prevents the device from communicating with other devices or the internet, but does not affect the files on the device.

Explanation

This command uses RADIUS which combines authentication and authorization in one function (packet).

Explanation

The Firepower System uses network discovery and identity policies to collect host, application, and user data for traffic on your network. You can use certain types of discovery and identity data to build a comprehensive map of your network assets, perform forensic analysis, behavioral profiling, access control, and mitigate and respond to the vulnerabilities and exploits to which your organization is susceptible.

The Cisco Advanced Malware Protection (AMP) solution enables you to detect and block malware, continuously analyze for malware, and get retrospective alerts. AMP for Networks delivers network-based advanced malware protection that goes beyond point-in-time detection to protect your organization across the entire attack continuum – before, during, and after an attack. Designed for Cisco Firepower® network threat appliances, AMP for Networks detects, blocks, tracks, and contains malware threats across multiple threat vectors within a single system. It also provides the visibility and control necessary to protect your organization against highly sophisticated, targeted, zero-day, and persistent advanced malware threats.

Phishing attacks are a type of social engineering that aim to trick users into revealing their personal or financial information, or installing malware on their devices. To control phishing attacks, users and organizations need to implement various preventive and reactive measures, such as:

Enable browser alerts for fraudulent websites. Most modern browsers have built-in features that can warn users when they visit a website that is suspected of being malicious or impersonating a legitimate entity. These alerts can help users avoid falling for phishing scams that use fake web pages to capture their credentials or other sensitive data. For example, Google Chrome has a Safe Browsing feature that displays a red warning page when users try to access a deceptive site. Users should always pay attention to these alerts and avoid proceeding to untrusted sites.

Implement email filtering techniques. Email is one of the most common channels for phishing attacks, as attackers can send spoofed messages that appear to come from trusted sources, such as banks, government agencies, or colleagues. Email filtering techniques can help block or flag suspicious emails based on various criteria, such as the sender’s address, the subject line, the content, or the attachments. For example, Microsoft Outlook has a Junk Email Filter that can move potential phishing emails to a separate folder or delete them automatically. Users should also be careful not to open or reply to any unsolicited or unexpected emails, especially those that ask for personal or financial information, or contain links or attachments.

Other mechanisms that can help control phishing attacks include:

Use strong passwords and enable two-factor authentication. Even if users fall victim to phishing attacks and reveal their passwords, they can still protect their accounts by using strong and unique passwords for each service, and enabling two-factor authentication (2FA) whenever possible. 2FA adds an extra layer of security by requiring users to enter a code or a token that is sent to their phone or email, or generated by an app, in addition to their password. This way, even if attackers obtain the password, they cannot access the account without the second factor.

Don’t ignore update messages. Users should always keep their operating systems, browsers, and applications updated with the latest security patches and fixes. These updates can help prevent phishing attacks that exploit known vulnerabilities or bugs in the software. Users should also use antivirus and antispyware software that can detect and remove malware that may be installed by phishing attacks.

Exercise caution when opening emails or clicking on links. Users should always be skeptical and vigilant when they receive emails or messages that ask them to take urgent or unusual actions, such as verifying their account, updating their payment information, or downloading a file. Users should also check the sender’s address, the spelling and grammar, and the URL of any links before clicking on them. Users can hover over the link to see the actual destination, or use a link scanner tool, such as VirusTotal, to check if the link is malicious or not.

References :=

1: https://safebrowsing.google.com/ 2: https://support.microsoft.com/en-us/office/overview-of-the-junk-email-filter-5ae3ea8e-cf41-4fa0-b02a-3b96e21de089 3: https://www.virustotal.com/gui/home/url

 In a PaaS model, the cloud provider is responsible for managing and maintaining the underlying infrastructure, such as the hypervisor, the virtual machine, and the network. The tenant only needs to focus on developing and deploying the application, which runs on the cloud platform. The tenant is responsible for ensuring the security and availability of the application, as well as applying any patches or updates to the application code or configuration12. References :=

Shared responsibility in the cloud

Best practices for secure PaaS deployments

The process in DevSecOps where all changes in the central code repository are merged and synchronized is called Continuous Integration (CI). CI is a practice that aims to improve the quality and speed of software development by automating the building, testing, and integration of code changes. CI enables developers to collaborate more effectively and detect errors early in the development cycle. CI also helps to ensure that the code in the repository is always in a deployable state and conforms to the security and quality standards123. References: 1: Implementing and Operating Cisco Security Core Technologies (SCOR) course, Module 5: Secure Network Access, Identity Management, and Visibility, Lesson 5.1: Introducing DevSecOps 2: DevSecOps code process - AT&T4 3: Building a DevSecOps Culture - from a Technical Perspective5

 IKEv1 is the authentication protocol that is reliable and supports ACK and sequence for IPsec VPN. IKEv1 is a key management protocol that is used in conjunction with IPsec to establish secure and authenticated connections between IPsec peers. IKEv1 uses UDP port 500 and consists of two phases: phase 1 and phase 2. In phase 1, the peers authenticate each other and negotiate a shared secret key that is used to encrypt the subsequent messages. In phase 2, the peers negotiate the security parameters for the IPsec tunnel, such as the encryption and authentication algorithms, the lifetime, and the mode (transport or tunnel). IKEv1 uses ACK and sequence numbers to ensure the reliability and integrity of the messages exchanged between the peers. ACK is an acknowledgment message that confirms the receipt of a previous message. Sequence number is a unique identifier that is assigned to each message to prevent replay attacks and to detect missing or out-of-order messages. IKEv1 also supports various authentication methods, such as pre-shared keys, digital certificates, and extended authentication (XAUTH). References : Internet Key Exchange for IPsec VPNs Configuration Guide, Security for VPNs with IPsec Configuration Guide, IPSec Architecture

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_client_posture_policies.html#:~:text=Policy%20Requirement%20Types-,Mandatory%20Requirements,the%20requirements%20within%20the%20time%20specified%20in%20the%20remediation%20timer%20settings.,-For%20example%2C%20you

Mandatory Requirements During policy evaluation, the agent provides remediation options to clients who fail to meet the mandatory requirements defined in the posture policy. End users must remediate to meet the requirements within the time specified in the remediation timer settings