Download Cisco.350-701.NewDumps.2021-04-16.71q.tqb

Vendor: Cisco
Exam Code: 350-701
Exam Name: Implementing and Operating Cisco Security Core Technologies
Date: Apr 16, 2021
File Size: 3 MB

Demo Questions

Question 1
What is a characteristic of a bridge group in ASA Firewall transparent mode?
  1. It includes multiple interfaces and access rules between interfaces are customizable
  2. It is a Layer 3 segment and includes one port and customizable access rules
  3. It allows ARP traffic with a single access rule
  4. It has an IP address on its BVI interface and is used for management traffic
Correct answer: A
Explanation:
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.  Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.  You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.  Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html  Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
A bridge group is a group of interfaces that the ASA bridges instead of routes. Bridge groups are only supported in Transparent Firewall Mode. Like any other firewall interfaces, access control between interfaces is controlled, and all of the usual firewall checks are in place.  
Each bridge group includes a Bridge Virtual Interface (BVI). The ASA uses the BVI IP address as the source address for packets originating from the bridge group. The BVI IP address must be on the same subnet as the bridge group member interfaces. The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.  
You can include multiple interfaces per bridge group. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside. For example, if you have three inside segments that you do not want to communicate with each other, you can put each segment on a separate interface, and only allow them to communicate with the outside interface. Or you can customize the access rules between interfaces to allow only as much access as desired.  
Reference: 
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/intro-fw.html  
Note: BVI interface is not used for management purpose. But we can add a separate Management slot/port interface that is not part of any bridge group, and that allows only management traffic to the ASA.
Question 2
When Cisco and other industry organizations publish and inform users of known security findings and vulnerabilities, which name is used?
  1. Common Security Exploits
  2. Common Vulnerabilities and Exposures
  3. Common Exploits and Vulnerabilities
  4. Common Vulnerabilities, Exploits and Threats
Correct answer: B
Explanation:
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures(CVE). CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.  The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security services.  Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Vendors, security researchers, and vulnerability coordination centers typically assign vulnerabilities an identifier that’s disclosed to the public. This identifier is known as the Common Vulnerabilities and Exposures(CVE). CVE is an industry-wide standard. CVE is sponsored by US-CERT, the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.  
The goal of CVE is to make it’s easier to share data across tools, vulnerability repositories, and security services.  
Reference: CCNP And CCIE Security Core SCOR 350-701 Official Cert Guide
Question 3
Which two fields are defined in the NetFlow flow? (Choose two)
  1. type of service byte
  2. class of service bits
  3. Layer 4 protocol type
  4. destination port
  5. output logical interface
Correct answer: AD
Explanation:
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: Ingress interface (SNMP ifIndex)  Source IP address  Destination IP address  IP protocol  Source port for UDP or TCP, 0 for other protocols  Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols  IP Type of Service  Note: A flow is a unidirectional series of packets between a given source and destination.
Cisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: 
  • Ingress interface (SNMP ifIndex)  
  • Source IP address  
  • Destination IP address  
  • IP protocol  
  • Source port for UDP or TCP, 0 for other protocols  
  • Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols  
  • IP Type of Service  
Note: A flow is a unidirectional series of packets between a given source and destination.
EXAM SIMULATOR

How to Open TQB Files?

Use Taurus Exam Simulator to open TQB files

Taurus Exam Simulator


Taurus Exam Simulator for Windows/macOS/Linus

Download

Taurus Exam Studio
Enjoy a 20% discount on Taurus Exam Studio!

You now have the chance to acquire Exam Studio at a discounted rate of 20%.

Get Now!