[Jun-2026] Free 350-701 Exam Questions 350-701 Actual Free Exam Questions [Q170-Q194]

Share

[Jun-2026] Free 350-701 Exam Questions 350-701 Actual Free Exam Questions

Verified 350-701 dumps and 727 unique questions


The Implementing and Operating Cisco Security Core Technologies (SCOR) exam, coded as 350-701, evaluates the candidates' expertise in the areas of network security, cloud security, content security, endpoint protection, and secure network access. 350-701 exam is designed to assess the candidates' abilities to design, deploy, configure, manage, and troubleshoot security solutions that meet the industry's best practices and standards.

 

NEW QUESTION # 170
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud native CASB and cloud cybersecurity platform. What should be used to meet these requirements?

  • A. Cisco Cloudlock
  • B. Cisco NGFW
  • C. Cisco Umbrella
  • D. Cisco Cloud Email Security

Answer: A

Explanation:
Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.
Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.
Reference:
Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.


NEW QUESTION # 171
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

  • A. Protect against input validation and character escapes in the endpoint.
  • B. Protect systems with an up-to-date antimalware program
  • C. Patch for cross-site scripting.
  • D. Install a spam and virus email filter.
  • E. Perform backups to the private cloud.

Answer: B,D

Explanation:
Explanation : Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim's machine.


NEW QUESTION # 172
In which cloud services model is the tenant responsible for virtual machine OS patching?

  • A. PaaS
  • B. SaaS
  • C. IaaS
  • D. UCaaS

Answer: C

Explanation:
ExplanationOnly in On-site (on-premises) and IaaS we (tenant) manage O/S (Operating System).


NEW QUESTION # 173
How does Cisco Stealthwatch Cloud provide security for cloud environments?

  • A. It assigns Internet-based DNS protection for clients and servers.
  • B. It prevents exfiltration of sensitive data.
  • C. It delivers visibility and threat detection.
  • D. It facilitates secure connectivity between public and private networks.

Answer: C

Explanation:
ExplanationCisco Stealthwatch Cloud: Available as an SaaS product offer to provide visibility and threat detection within public cloud infrastructures such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).


NEW QUESTION # 174
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?

  • A. flow exporter
  • B. flow-export destination inside 1.1.1.1 2055
  • C. ip flow-export destination 1.1.1.1 2055
  • D. ip flow monitor input

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_nsel.h


NEW QUESTION # 175
An organization has a Cisco Stealthwatch Cloud deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network, what action will resolve this issue?

  • A. Configure security appliances to send syslogs to Cisco Stealthwatch Cloud
  • B. Configure security appliances to send NetFlow to Cisco Stealthwatch Cloud
  • C. Deploy a Cisco FTD sensor to send events to Cisco Stealthwatch Cloud
  • D. Deploy a Cisco Stealthwatch Cloud sensor on the network to send data to Cisco Stealthwatch Cloud You can also monitor on-premises networks in your organizations using Cisco Stealthwatch Cloud. In order to do so, you need to deploy at least one Cisco Stealthwatch Cloud Sensor appliance (virtual or physical appliance).

Answer: D


NEW QUESTION # 176
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the "Chat and Instant Messaging" category. Which reputation score should be selected to accomplish this goal?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa111/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01111.html


NEW QUESTION # 177
An organization has two systems in their DMZ that have an unencrypted link between them for communication.
The organization does not have a defined password policy and uses several default accounts on the systems.
The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?

  • A. missing encryption
  • B. weak passwords
  • C. lack of input validation
  • D. lack of file permission

Answer: A

Explanation:
The version 9 export format uses templates to provide access to observations of IP packet flows in a flexible and extensible manner. A template defines a collection of fields, with corresponding descriptions of structure and semantics.
The version 9 export format uses templates to provide access to observations of IP packet flows in a flexible and extensible manner. A template defines a collection of fields, with corresponding descriptions of structure and semantics.
Reference:
The version 9 export format uses templates to provide access to observations of IP packet flows in a flexible and extensible manner. A template defines a collection of fields, with corresponding descriptions of structure and semantics.


NEW QUESTION # 178
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

  • A. To protect the endpoint against malicious file transfers
  • B. To establish secure VPN connectivity to the corporate network
  • C. To enforce posture compliance and mandatory software
  • D. To ensure that assets are secure from malicious links on and off the corporate network

Answer: D

Explanation:
ExplanationUmbrella Roaming is a cloud-delivered security service for Cisco's next-generation firewall. It protects your employees even when they are off the VPN.


NEW QUESTION # 179
Drag and drop the steps from the left into the correct order on the right to enable AppDynamics to monitor an EC2 instance in Amazon Web Services.

Answer:

Explanation:


NEW QUESTION # 180
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

  • A. Dynamic ARP Inspection has not been enabled on all VLANs
  • B. The no ip arp inspection trust command is applied on all user host interfaces
  • C. DHCP snooping has not been enabled on all VLANs.
  • D. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.

Answer: B


NEW QUESTION # 181
Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.)

  • A. Enable the snmp-server enable traps command and wait 300 seconds
  • B. Ensure that interfaces are configured with the error-disable detection and recovery feature
  • C. Enter the shutdown and no shutdown commands on the interfaces
  • D. Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.
  • E. Use EEM to have the ports return to service automatically in less than 300 seconds

Answer: B,C


NEW QUESTION # 182
Which term describes when the Cisco Secure Firewall downloads threat intelligence updates from Cisco Tables?

  • A. sharing
  • B. analysis
  • C. authoring
  • D. consumption

Answer: D

Explanation:
When the Cisco Secure Firewall downloads threat intelligence updates from Cisco Talos, it is engaged in
"consumption." This term refers to the process of receiving and utilizing threat intelligence data to enhance security measures. Cisco Talos provides comprehensive threat intelligence that Cisco Secure Firewall consumes to update its threat detection and prevention capabilities.


NEW QUESTION # 183
Drag and drop the posture assessment flow actions from the left into a sequence on the right.

Answer:

Explanation:


NEW QUESTION # 184
What are two Detection and Analytics Engines of Cognitive Threat Analytics? (Choose two)

  • A. command and control communication
  • B. URL categorization
  • C. snort
  • D. data exfiltration
  • E. intelligent proxy

Answer: A,D

Explanation:
Cisco Cognitive Threat Analytics helps you quickly detect and respond to sophisticated, clandestine attacks that are already under way or are attempting to establish a presence within your environment. The solution automatically identifies and investigates suspicious or malicious web-based traffic. It identifies both potential and confirmed threats, allowing you to quickly remediate the infection and reduce the scope and damage of an attack, whether it's a known threat campaign that has spread across multiple organizations or a unique threat you've never seen before.
Detection and analytics features provided in Cognitive Threat Analytics are shown below:
+ Data exfiltration: Cognitive Threat Analytics uses statistical modeling of an organization's network to identify anomalous web traffic and pinpoint the exfiltration of sensitive data. It recognizes data exfiltration even in HTTPS-encoded traffic, without any need for you to decrypt transferred content
+ Command-and-control (C2) communication: Cognitive Threat Analytics combines a wide range of data, ranging from statistics collected on an Internet-wide level to host-specific local anomaly scores. Combining these indicators inside the statistical detection algorithms allows us to distinguish C2 communication from benign traffic and from other malicious activities. Cognitive Threat Analytics recognizes C2 even in HTTPSencoded or anonymous traffic, including Tor, without any need to decrypt transferred content, detecting a broad range of threats
...
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/cognitive-threat-analytics/at- aglance-c45-736555.pdf


NEW QUESTION # 185

Refer to the exhibit. What does the API do when connected to a Cisco security appliance?

  • A. get the process and PID information from the computers in the network
  • B. create an SNMP pull mechanism for managing AMP
  • C. gather the network interface information about the computers AMP sees
  • D. gather network telemetry information from AMP for endpoints

Answer: C


NEW QUESTION # 186
Which attribute has the ability to change during the RADIUS CoA?

  • A. Accessibility
  • B. NTP
  • C. Membership
  • D. Authorization

Answer: D

Explanation:
The RADIUS Change of Authorization (CoA) feature provides a mechanism to change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated.
Reference:
sy-book/sec-rad-coa.html


NEW QUESTION # 187
Drag and drop the cloud security assessment components from the left onto the definitions on the right.

Answer:

Explanation:
Steps:


NEW QUESTION # 188
Which network monitoring solution uses streams and pushes operational data to provide a near real-time view of activity?

  • A. model-driven telemetry
  • B. SMTP
  • C. syslog
  • D. SNMP

Answer: A

Explanation:
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data. Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc. Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming. Reference: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics.
Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming.
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data. Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc. Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Applications can subscribe to specific data items they need, by using standard-based YANG data models over NETCONF-YANG. Cisco IOS XE streaming telemetry allows to push data off of the device to an external collector at a much higher frequency, more efficiently, as well as data on-change streaming. Reference: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide


NEW QUESTION # 189
Refer to the exhibit,

which command results in these messages when attempting to troubleshoot an iPsec VPN connection?

  • A. debug crypto isakmp connection
  • B. debug crypto Ipsec
  • C. debug crypto isakmp
  • D. debug crypto ipsec endpoint

Answer: C

Explanation:
The command that results in these messages when attempting to troubleshoot an iPsec VPN connection is debug crypto isakmp. This command displays debug information about the Internet Key Exchange (IKE) protocol, which is used to establish security associations (SAs) for IPsec VPNs. The messages in the exhibit show various steps and statuses of the IKE negotiation process, such as creating and deleting peer structures, receiving and sending packets, and checking the compatibility of the security policies and proposals. The other commands are either invalid (debug crypto ipsec endpoint and debug crypto isakmp connection) or display different information (debug crypto ipsec shows the details of the IPsec encryption and decryption operations). References:
https://www.cisco.com/c/en/us/training-events/training-certifications/training/training-services/courses
/implementing-and-operating-cisco-security-core-technologies-scor.html
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-
00.html


NEW QUESTION # 190
What is the primary benefit of deploying an ESA in hybrid mode?

  • A. They identify data that the ASA sends to the Firepower module.
  • B. You can fine-tune its settings to provide the optimum balance between security and performance for your environment.
  • C. It provides the lowest total cost of ownership by reducing the need for physical appliances.
  • D. They correlate data about intrusions and vulnerability.

Answer: D


NEW QUESTION # 191
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

  • A. terminal
  • B. profile
  • C. url
  • D. selfsigned

Answer: B

Explanation:
A trustpoint enrollment mode, which also defines the trustpoint authentication mode, can be performed via 3 main methods:
1. Terminal Enrollment - manual method of performing trustpoint authentication and certificate enrolment using copy-paste in the CLI terminal.
2. SCEP Enrollment - Trustpoint authentication and enrollment using SCEP over HTTP.
3. Enrollment Profile - Here, authentication and enrollment methods are defined separately. Along with terminal and SCEP enrollment methods, enrollment profiles provide an option to specify HTTP/TFTP commands to perform file retrieval from the Server, which is defined using an authentication or enrollment url under the profile.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/211333- IOSPKI-Deployment-Guide-Initial-Design.html


NEW QUESTION # 192
In which two ways does the Cisco Advanced Phishing Protection solution protect users? (Choose two.)

  • A. It automatically removes malicious emails from users' inbox.
  • B. It prevents trojan horse malware using sensors.
  • C. It prevents use of compromised accounts and social engineering.
  • D. It secures all passwords that are shared in video conferences.
  • E. It prevents all zero-day attacks coming from the Internet.

Answer: A,C

Explanation:
Cisco Advanced Phishing Protection (AAP) is a solution that adds sophisticated machine learning capabilities to Cisco Email Security to block advanced identity deception attacks for inbound email by assessing its threat posture1. It also uses both global and local telemetry data combined with analytics and modeling to validate the reputation and authenticity of senders2. AAP provides sender authentication and BEC detection capabilities, and uses advanced machine learning techniques, real-time behavior analytics, relationship modeling and telemetry to protect against identity deception-based threats3.
In two ways, the Cisco Advanced Phishing Protection solution protects users:
* It prevents use of compromised accounts and social engineering. AAP detects and blocks phishing emails that attempt to impersonate legitimate senders, such as executives, partners, or customers, and trick users into revealing sensitive information or transferring funds. AAP analyzes the sender's identity, behavior, and relationship with the recipient, and assigns a risk score to the email. If the email is deemed suspicious or malicious, AAP can quarantine it, flag it, or deliver it with a warning4.
* It automatically removes malicious emails from users' inbox. AAP provides retrospective analysis and
* remediation capabilities, which means that it can identify and remove emails that were initially delivered but later found to be malicious. AAP leverages the Cisco Talos threat intelligence network and the Sensor-based solution to continuously monitor the threat landscape and update the email disposition accordingly. If an email is reclassified as malicious, AAP can automatically delete it from the users' inbox, or notify the administrator or the user to take action45.
The other options are incorrect because they do not accurately describe the functions of AAP. AAP does not prevent all zero-day attacks coming from the Internet, as it focuses on phishing and identity deception attacks.
AAP does not prevent trojan horse malware using sensors, as sensors are used to collect and analyze email data, not to block malware. AAP does not secure all passwords that are shared in video conferences, as it is not related to video conferencing security. Therefore, the correct answer is A and C. References:
* Cisco's Security Innovations to Protect the Endpoint and Email
* Cisco Advanced Phishing Protection - Cisco Video Portal
* Cisco Advanced Phishing Protection At A Glance - AVANTEC
* User Guide for Cisco Advanced Phishing Protection
* Cisco Secure Email Threat Defense - Cisco
* Integrating the Email Gateway with Cisco Advanced Phishing Protection


NEW QUESTION # 193
What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

  • A. Telemetry uses push and pull which makes it more secure than SNMP
  • B. Telemetry uses push and pull, which makes it more scalable than SNMP
  • C. Telemetry uses a push method which makes it faster than SNMP
  • D. Telemetry uses a pull mehod, which makes it more reliable than SNMP

Answer: C

Explanation:
SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change which can often break scripts.
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data.
Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.
Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Referfence: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide/streaming telemetry SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change which can often break scripts.
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data.
Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.
SNMP polling can often be in the order of 5-10 minutes, CLIs are unstructured and prone to change which can often break scripts.
The traditional use of the pull model, where the client requests data from the network does not scale when what you want is near real-time data.
Moreover, in some use cases, there is the need to be notified only when some data changes, like interfaces status, protocol neighbors change etc.
Model-Driven Telemetry is a new approach for network monitoring in which data is streamed from network devices continuously using a push model and provides near real-time access to operational statistics. Referfence: https://developer.cisco.com/docs/ios-xe/#!streaming-telemetry-quick-start-guide/streaming telemetry


NEW QUESTION # 194
......

Latest 100% Passing Guarantee - Brilliant 350-701 Exam Questions PDF: https://www.verifieddumps.com/350-701-valid-exam-braindumps.html

350-701 Dumps for Pass Guaranteed - Pass 350-701 Exam: https://drive.google.com/open?id=1gMpEWJQk6TiyuljJ2TThSvLXX1DuUDZk