350-701 無料問題集「Cisco Implementing and Operating Cisco Security Core Technologies」

（A）Configure transparent traffic redirection using WCCP in the Cisco WSA and on the network device

（B）Configure active traffic redirection using WPAD in the Cisco WSA and on the network device

（C）Use PAC keys to allow only the required network devices to send the traffic to the Cisco WSA

（D）Use the Layer 4 setting in the Cisco WSA to receive explicit forward requests from the network device

（A）slowloris

（B）pharming

（C）phishing

（D）SYN flood

（A）authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

（B）secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

（C）authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX

（D）authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX

（A）Configure endpoint firewall policies to stop the exploit traffic from being allowed to run and replicate throughout the network.

（B）Set up a well-defined endpoint patching strategy to ensure that endpoints have critical vulnerabilities patched in a timely fashion.

（C）Configure a posture policy in Cisco Identity Services Engine to check that an endpoint patch level is met before allowing access on the network.

（D）Configure a posture policy in Cisco Identity Services Engine to install the MS17-010 patch before allowing access on the network.

（E）Set up a profiling policy in Cisco Identity Service Engine to check and endpoint patch level before allowing access on the network.

（A）Windows registry values

（B）DNS integrity checks

（C）endpoint protection software version

（D）device operating system version

（E）DHCP snooping checks

（A）GRE over IPsec

（B）DMVPN

（C）SSL VPN

（D）site-to-site iPsec

（A）strong user authentication

（B）complex cloud-based web proxies

（C）encryption

（D）antispoofing programs

（E）DLP solutions

（A）transparent user identification

（B）web usage controls

（C）user session restrictions

（D）SOCKS proxy services

（A）Open port 8905 on the firewall between the Cisco ISE nodes

（B）Add the DNS entry for the new Cisco ISE node into the DNS server

（C）Make the new Cisco ISE node a secondary PAN before registering it with the primary.

（D）Change the IP address of the new Cisco ISE node to the same network as the others.

（A）privacy control checks

（B）distributed dashboard

（C）distributed software upgrade

（D）robust security policy enforcement

（E）on-device content management

（A）WSA

（B）access point

（C）ESA

（D）ASA

（A）In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted

（B）DAI associates a trust state with each switch.

（C）DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.

（D）DAI intercepts all ARP requests and responses on trusted ports only.

（A）Integration

（B）Multivendor

（C）Event

（D）Intent

（A）a File Analysis policy to send file data into Cisco Firepower

（B）a Network Analysis policy to receive NetFlow data from the host

（C）a Network Discovery policy to receive data from the host

（D）a Threat Intelligence policy to download the data from the host