Cisco 350-701 SCOR exam assesses a broad range of skills, including network, cloud, and content security; endpoint protection and detection; and secure network access, visibility, and enforcement. By covering these fundamental security technologies, you will gain the knowledge required to pass the 350-701 SCOR.
SPOTO provides you with all the necessary CCNP 350-701 dumps and training. If you need more 350-701 dumps, contact us with the lowest price.
Question 1
What does Cisco AMP for Endpoints use to help an organization detect different families of malware?
A. Tetra Engine to detect malware when the endpoint is connected to the cloud
B. Ethos Engine to perform fuzzy fingerprinting
C. Spero Engine with machine learning to perform dynamic analysis
D. ClamAV Engine to perform email scanning
Correct Answer: B
Question 2
What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?
A. SNMP probe
B. posture assessment
C. external identity source
D. CoA
Correct Answer: D
Question 3
A network administrator configures Dynamic ARP Inspection on a switch After Dynamic ARP Inspection is applied all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces and there is no err-disabled interface. What is causing this problem?
A. The no ip arp inspection trust command is applied on all user host interfaces
B. Dynamic ARP Inspection has not been enabled on all VLANs
C. DHCP snooping has not been enabled on all VLANs.
D. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
Correct Answer: C
Question 4
A network engineer must monitor user and device behavior within the on-premises network. This data must be sent to the Cisco Stealthwatch Cloud analytics platform for analysis. What must be done to meet this requirement, using the Ubuntu-based VM appliance deployed in a VMware-based hypervisor?
A. Configure a Cisco FMC to send syslogs to Cisco Stealthwatch Cloud.
B. Configure a Cisco FMC to send NetFlow to Cisco Stealthwatch Cloud.
C. Deploy the Cisco Stealthwatch Cloud PNM sensor that sends data to Cisco Stealthwatch Cloud.
D. Deploy a Cisco FTD sensor to send network events to Cisco Stealthwatch Cloud.
Correct Answer: C
Question 5
An organization has a Cisco ESA set up with DLP policies and would like to customize the action assigned for violations. The organization wants a copy of the message to be delivered with a message added to flag it as a DLP violation. Which actions must be performed in order to provide this capability?
A. quarantine and alter the subject header with a DLP violation
B. deliver and add disclaimer text
C. deliver and send copies to other recipients
D. quarantine and send a DLP violation notification
Correct Answer: B
Question 6
Which component of Cisco Umbrella architecture increases reliability of the service?
A. anycast IP
B. Cisco Talos
C. BGP route reflector
D. AMP Threat Grid
Correct Answer: B
Question 7
An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?
A. Configure the domain.com address in the block list.
B. Configure the *.domain.com address in the block list.
C. Configure the *.com address in the block list
D. Configure the *domain.com address in the block list.
Correct Answer: B
Question 8
What is a functional difference between a Cisco ASA and a Cisco IOS router with Zone-Based Policy Firewall?
A. The Cisco ASA can be configured for high availability, whereas the Cisco IOS router with Zone Based Policy Firewall cannot
B. The Cisco IOS router with Zone Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot.
C. The Cisco IOS router with Zone Based Policy Firewall denies all traffic by default, whereas the Cisco ASA starts out by allowing all traffic until rules are added.
D. The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.
Correct Answer: C
Question 9
An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?
A. Enable traffic analysis in the Cisco FTD.
B. Modify the access control policy to trust the industrial traffic.
C. Implement pre-filter policies for the CIP preprocessor.
D. Configure intrusion rules for the DNP3 preprocessor.
Correct Answer: D
Question 10
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?
A. Set the sftunnel to go through the Cisco FTD.
B. Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices.
C. Set the sftunnel port to 8305.
D. Manually change the management port on Cisco FMC and all managed Cisco FTD devices.
Correct Answer: D
Conclusion
SPOTO’s CCNP and CCIE Security Core SCOR 350-701 training and practice prepare you to pass the exam on the first attempt and are the only self-study resources approved by Cisco. SPOTO offers preparation tips and test-taking strategies to assist you in identifying areas of weakness and building both conceptual and practical knowledge.
