Cisco 350-701 SCOR Exam Questions Instant Access

Question 1

[Network Security]

What is provided by the Secure Hash Algorithm in a VPN?

Aintegrity

Bkey exchange

Cencryption

Dauthentication

Answer : A

The HMAC-SHA-1-96 (also known as HMAC-SHA-1) encryption technique is used by IPSec to ensure that a message has not been altered. (-> Therefore answer ''integrity'' is the best choice). HMAC-SHA-1 uses the SHA-1 specified in FIPS-190-1, combined with HMAC (as per RFC 2104), and is described in RFC 2404.

Question 2

[Security Concepts]

Cisco SensorBase gaihers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats Which term describes this process?

Adeployment

Bconsumption

Cauthoring

Dsharing

Answer : B

Cisco SensorBase gathers threat information from a variety of Cisco products and services, such as Cisco IPS, Cisco ASA, Cisco IronPort, Cisco Umbrella, and Cisco Talos, and performs analytics to find patterns on threats. This process is calledconsumption, which is one of the four phases of the Cisco Security Intelligence Operations (SIO) framework. The consumption phase involves collecting, aggregating, and analyzing threat data from multiple sources and providing actionable intelligence and tools to customers and partners. The consumption phase also leverages the Cisco SensorBase Network, which is the world's largest threat monitoring network that tracks millions of domains and IP addresses around the world and maintains a global watch list for Internet traffic. SensorBase provides Cisco with an assessment of reliability for known Internet domains and IP addresses, based on their reputation score, category, volume, and threat level.SensorBase also provides threat data overviews, such as the top email and spam senders by country, and the standard categories used to classify website content and attack types1234.Reference:=1: How Cisco's SensorBase works | Network World2: What is Cisco SensorBase?- networklore.com3: User Guide for AsyncOS 15.0 for Cisco Secure Web Appliance - GD ...4: Cisco Security Intelligence Operations At-A-Glance

Question 3

[Security Concepts]

Which technology provides the benefit of Layer 3 through Layer 7 innovative deep packet inspection,

enabling the platform to identify and output various applications within the network traffic flows?

ACisco NBAR2

BCisco ASAV

CAccount on Resolution

DCisco Prime Infrastructure

Answer : A

Cisco NBAR2 is a classification engine that recognizes and classifies a wide variety of protocols and applications based on their deep packet inspection (DPI) signatures. NBAR2 enables the platform to identify and output various applications within the network traffic flows, such as web, email, voice, video, and so on. NBAR2 also supports custom protocols and applications, allowing the platform to classify traffic based on user-defined criteria. NBAR2 helps the platform to apply the appropriate quality of service (QoS), security, and policy for each application or protocol.Reference:=

Some possible references are:

Cisco NBAR2

Classifying Network Traffic Using NBAR

Next Generation NBAR (NBAR2)

Question 4

[Content Security]

In which two ways does a system administrator send web traffic transparently to the Web Security Appliance?

(Choose two)

Aconfigure Active Directory Group Policies to push proxy settings

Bconfigure policy-based routing on the network infrastructure

Creference a Proxy Auto Config file

Dconfigure the proxy IP address in the web-browser settings

Euse Web Cache Communication Protocol

Answer : B, E

In order to send web traffic transparently to the Web Security Appliance (WSA), the system administrator can use one of these two methods:

Policy-based routing (PBR) on the network infrastructure: This method allows the administrator to define routing policies based on the source or destination IP address, port number, protocol, or other criteria of the web traffic. The administrator can then apply these policies to the network interfaces or subinterfaces and redirect the matching traffic to the WSA. This method does not require any configuration on the client side and can be applied to any type of web traffic, including HTTPS and FTP. However, this method may require additional network resources and maintenance, as well as coordination with other network administrators.

Web Cache Communication Protocol (WCCP) on the WSA and the network device: This method allows the administrator to configure the WSA and the network device (such as a router, switch, or firewall) to communicate with each other using WCCP, a Cisco proprietary protocol. The network device acts as a WCCP router and redirects the web traffic to the WSA, which acts as a WCCP client. The WSA then processes the traffic and returns it to the network device, which forwards it to the original destination. This method does not require any configuration on the client side and can be applied to HTTP, HTTPS, and native FTP traffic. However, this method requires that the network device supports WCCP and that the WSA and the network device are in the same Layer 2 domain.

Question 5

[Secure Network Access, Visibility, and Enforcement]

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392368270. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however it is unable to do so. Which command is required to enable the client to accept the server's authentication key?

Antp peer 1.1.1.1 key 1

Bntp server 1.1.1.1 key 1

Cntp server 1.1.1.2 key 1

Dntp peer 1.1.1.2 key 1

Answer : B

To configure an NTP enabled router to require authentication when other devices connect to it, use the

following commands:

NTP_Server(config)#ntp authentication-key 2 md5 securitytut

NTP_Server(config)#ntp authenticate

NTP_Server(config)#ntp trusted-key 2

Then you must configure the same authentication-key on the client router:

NTP_Client(config)#ntp authentication-key 2 md5 securitytut

NTP_Client(config)#ntp authenticate

NTP_Client(config)#ntp trusted-key 2

NTP_Client(config)#ntp server 10.10.10.1 key 2

Note: To configure a Cisco device as a NTP client, use the command ntp server <IP address>. For example:

Router(config)#ntp server 10.10.10.1. This command will instruct the router to query 10.10.10.1 for the time.

Question 6

[Security Concepts]

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

ASet content settings to High

BConfigure the intelligent proxy.

CUse destination block lists.

DConfigure application block lists.

Answer : B

Obviously, if you allow all traffic to these risky domains, users might access malicious content, resulting in an infection or data leak. But if you block traffic, you can expect false positives, an increase in support inquiries, and thus, more headaches. By only proxying risky domains, the intelligent proxy delivers more granular visibility and control.

The intelligent proxy bridges the gap by allowing access to most known good sites without being proxied and only proxying those that pose a potential risk. The proxy then filters and blocks against specific URLs hosting malware while allowing access to everything else.

Question 7

[Security Concepts]

Which Cisco Umbrella package supports selective proxy for Inspection of traffic from risky domains?

ASIG Advantage

BDNS Security Essentials

CSIG Essentials

DDNS Security Advantage

Answer : A

The Cisco Umbrella package that supports selective proxy for inspection of traffic from risky domains isSIG Advantage. SIG stands for Secure Internet Gateway, and it is a cloud-based service that provides comprehensive web security and threat intelligence. SIG Advantage includes all the features of DNS Security Advantage, such as DNS-layer protection, intelligent proxy, and cloud-delivered firewall, plus additional features such as full proxy, SSL decryption, advanced malware protection, and data loss prevention. Selective proxy is a feature that allows Umbrella to route risky domain requests to a proxy for deeper URL and file inspection, without impacting the performance or latency of legitimate traffic. Selective proxy is based on the reputation of the domains, which are classified into three categories: good, bad, and grey. Good domains are allowed without proxying, bad domains are blocked at the DNS layer, and grey domains are proxied for further inspection. Selective proxy is available in both DNS Security Advantage and SIG Advantage packages, but only SIG Advantage offers full proxy for all web traffic, which provides more granular control and visibility over web transactions and file types.Reference:

Cisco Umbrella Packages

Why Umbrella DNS Security?

Manage the Intelligent Proxy

Cisco Umbrella - Selected Proxy versus Full Proxy

Cisco Implementing and Operating Cisco Security Core Technologies 350-701 SCOR Exam Questions