Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)
635 Reviews
Exam Code
350-701
Exam Name
Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)
Questions
726 Questions Answers With Explanation
Update Date
04, 26, 2026
Price
Was :
$90
Today :
$50
Was :
$108
Today :
$60
Was :
$126
Today :
$70
Why Should You Prepare For Your Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) With MyCertsHub?
At MyCertsHub, we go beyond standard study material. Our platform provides authentic Cisco 350-701 Exam Dumps, detailed exam guides, and reliable practice exams that mirror the actual Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) test. Whether you’re targeting Cisco certifications or expanding your professional portfolio, MyCertsHub gives you the tools to succeed on your first attempt.
Verified 350-701 Exam Dumps
Every set of exam dumps is carefully reviewed by certified experts to ensure accuracy. For the 350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) , you’ll receive updated practice questions designed to reflect real-world exam conditions. This approach saves time, builds confidence, and focuses your preparation on the most important exam areas.
Realistic Test Prep For The 350-701
You can instantly access downloadable PDFs of 350-701 practice exams with MyCertsHub. These include authentic practice questions paired with explanations, making our exam guide a complete preparation tool. By testing yourself before exam day, you’ll walk into the Cisco Exam with confidence.
Smart Learning With Exam Guides
Our structured 350-701 exam guide focuses on the Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)'s core topics and question patterns. You will be able to concentrate on what really matters for passing the test rather than wasting time on irrelevant content. Pass the 350-701 Exam – Guaranteed
We Offer A 100% Money-Back Guarantee On Our Products.
After using MyCertsHub's exam dumps to prepare for the Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) exam, we will issue a full refund. That’s how confident we are in the effectiveness of our study resources.
Try Before You Buy – Free Demo
Still undecided? See for yourself how MyCertsHub has helped thousands of candidates achieve success by downloading a free demo of the 350-701 exam dumps.
MyCertsHub – Your Trusted Partner For Cisco Exams
Whether you’re preparing for Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) or any other professional credential, MyCertsHub provides everything you need: exam dumps, practice exams, practice questions, and exam guides. Passing your 350-701 exam has never been easier thanks to our tried-and-true resources.
Cisco 350-701 Sample Question Answers
Question # 1
What is a difference between GRE over IPsec and IPsec with crypto map?
A. Multicast traffic is supported by IPsec with crypto map. B. GRE over IPsec supports non-IP protocols. C. GRE provides its own encryption mechanism. D. IPsec with crypto map oilers better scalability.
Answer: B
Explanation: The difference between GRE over IPsec and IPsec with crypto map is that
GRE (Generic Routing Encapsulation) over IPsec can encapsulate and transport non-IP
protocols across an IP network, whereas IPsec with crypto map is typically used for IP
traffic. GRE tunnels wrapped in IPsec provide a way to transport multicast traffic and other
protocol types across an IPsec VPN, offering greater flexibility in the types of traffic that can
be secured
Question # 2
What are two ways a network administrator transparently identifies users using Active
Directory on the Cisco WSA? (Choose two.)
A. Create an LDAP authentication realm and disable transparent user identification. B. Create NTLM or Kerberos authentication realm and enable transparent useridentification. C. Deploy a separate Active Directory agent such as Cisco Context Directory Agent. D. The eDirectory client must be installed on each client workstation. E. Deploy a separate eDirectory server; the dent IP address is recorded in this server
Answer: B,C
Explanation: A network administrator can transparently identify users using Active
Directory on the Cisco WSA in two ways:
Create NTLM or Kerberos authentication realm and enable transparent user
identification. This option allows the WSA to use the NTLM or Kerberos protocol to
authenticate users without prompting them for credentials. The WSA must join the
Active Directory domain and have a valid service principal name (SPN) for this
option to work1.
Deploy a separate Active Directory agent such as Cisco Context Directory Agent
(CDA). This option allows the WSA to receive user-to-IP mappings from the CDA,
which monitors the Active Directory domain controllers for user logon events. The
CDA must be installed on a Windows server and have access to the domain
controllers and the WSA2.
The other options are not ways to transparently identify users using Active Directory on the
Cisco WSA. Creating an LDAP authentication realm and disabling transparent user
identification will require users to enter their credentials manually. Installing the eDirectory
client on each client workstation or deploying a separate eDirectory server are not related
to Active Directory, but to Novell eDirectory, which is a different directory service3.
References := 1: User Guide for AsyncOS 11.0 for Cisco Web Security Appliances,
Chapter: Acquire End-User Credentials, Topic: Active Directory/Kerberos, page 4-3. 2:
User Guide for AsyncOS 11.0 for Cisco Web Security Appliances, Chapter: Acquire EndUser Credentials, Topic: Active Directory Agent, page 4-5. 3: User Guide for AsyncOS 11.0
for Cisco Web Security Appliances, Chapter: Acquire End-User Credentials, Topic:
eDirectory, page 4-8.
Question # 3
Which solution is more secure than the traditional use of a username and password andencompasses at least two of the methods of authentication?
A. single-sign on B. RADIUS/LDAP authentication C. Kerberos security solution D. multifactor authentication
Answer: D
Explanation: Multifactor authentication (MFA) is a solution that requires the user to
provide two or more verification factors to gain access to a resource, such as an
application, online account, or a VPN. MFA is more secure than the traditional use of a
username and password because it reduces the risk of identity theft, phishing, and
credential compromise. MFA can use different types of factors, such as something the user
knows (e.g., password, PIN), something the user has (e.g., smartphone, token, smart
card), or something the user is (e.g., fingerprint, facial recognition). MFA can be
implemented using various methods, such as security defaults, Conditional Access
policies, or third-party solutions123. References:
Vulnerability Detection and Patch Management - Cisco 4: Cisco Tetration Platform Data Sheet - Cisco
Question # 5
Which metric is used by the monitoring agent to collect and output packet loss and jitter
information?
A. WSAv performance B. AVC performance C. OTCP performance D. RTP performance
Answer: D
The monitoring agent uses the RTP (Real-time Transport Protocol) performance metric to
collect and output packet loss and jitter information. RTP is a network protocol used for
delivering audio and video over IP networks. It provides mechanisms for timestamping,
sequence numbering, and delivery monitoring, which allow for the measurement of packet
loss and jitter. RTP is specifically designed for real-time multimedia streaming applications,
which are more sensitive to changes in the transmission characteristics of data networks than other applications. Therefore, RTP performance is a suitable metric for monitoring and
collecting packet loss and jitter information.
The other options are not directly related to measuring packet loss and jitter. TCP
(Transmission Control Protocol) is a transport protocol that ensures reliable and ordered
delivery of data, but it is not typically used for real-time multimedia applications. WSAv
(Web Security Virtual Appliance) is a Cisco solution for web security, but it does not
measure packet loss and jitter. AVC (Application Visibility and Control) is a technology that
monitors and controls network applications, but it does not focus on packet loss and
jitter. References :=
Measuring Delay, Jitter, and Packet Loss with Cisco IOS SAA and RTTMON1
Implementing and Operating Cisco Security Core Technologies (SCOR) v1.02
Cisco 350-701: Which metric used by monitoring agent to collect and output
packet loss and jitter information?
Question # 6
An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices Thedefault management port conflicts with other communications on the network and must be changed What must be done to ensure that all devices can communicate together?
A. Set the sftunnel to go through the Cisco FTD B. Change the management port on Cisco FMC so that it pushes the change to allmanaged Cisco FTD devices C. Set the sftunnel port to 8305. D. Manually change the management port on Cisco FMC and all managed Cisco FTDdevices
Answer: D
Explanation: The management port on Cisco FMC is used to establish a secure
connection with the managed Cisco FTD devices. If the default management port (8305)
conflicts with other communications on the network, it must be changed on both the Cisco
FMC and the Cisco FTD devices. This cannot be done automatically by the Cisco FMC, as
it would lose connectivity with the devices. Therefore, the administrator must manually
change the management port on the Cisco FMC and all the managed Cisco FTD devices
using the command line interface (CLI). The steps to change the management port are as
follows:
Log into the CLI of the Cisco FMC and the Cisco FTD devices using a console
connection or SSH.
Enter the configure network {ipv4 | ipv6} manual ip_address netmask datainterfaces command to change the management port on the Cisco FMC. For example, configure network ipv4 manual 10.10.10.10 255.255.255.0 datainterfaces changes the management port to 10.10.10.10/24.
Enter the configure network {ipv4 | ipv6} manual ip_address netmask gateway
management-only command to change the management port on the Cisco FTD
devices. For example, configure network ipv4 manual 10.10.10.11 255.255.255.0
10.10.10.10 management-only changes the management port to 10.10.10.11/24
and sets the gateway to the Cisco FMC’s management port.
Save the configuration and restart the Cisco FMC and the Cisco FTD devices.
Verify the connectivity between the Cisco FMC and the Cisco FTD devices using
the show managers command on the Cisco FTD devices and the show
devices command on the Cisco FMC.
References :=
Firepower Management Center Device Configuration Guide, 7.1 - Device
Management
Change management port fmc 1600 - Cisco Community
Solved: FMC 2120 FTD Management Only Port - Cisco Community
Change the FMC Access Interface from Management to Data
Question # 7
Why is it important for the organization to have an endpoint patching strategy?
A. so the organization can identify endpoint vulnerabilities B. so the internal PSIRT organization is aware of the latest bugs C. so the network administrator is notified when an existing bug is encountered D. so the latest security fixes are installed on the endpoints
Answer: D
Question # 8
What is the target in a phishing attack?
A. perimeter firewall B. IPS C. web server D. endpoint
Answer: D
Explanation: The target in a phishing attack is the endpoint, which is the device or system
that the user interacts with, such as a computer, smartphone, or tablet. Phishing attacks
aim to steal or damage sensitive data by deceiving people into revealing personal
information like passwords and credit card numbers, or clicking on malicious links or
attachments that can install malware on the endpoint. Phishing attacks can be delivered
through various channels, such as email, phone, or text message, but they all rely on social
engineering techniques to manipulate the user’s trust and curiosity. By compromising the
endpoint, attackers can gain access to the user’s accounts, files, network, or other resources. Therefore, endpoint security is essential to prevent phishing attacks and protect
the user’s data and identity. References:
What Is a Phishing Attack? Definition and Types - Cisco
8 types of phishing attacks and how to identify them
What Is Phishing? | Microsoft Security
Phishing | What Is Phishing?
Question # 9
A network engineer must configure a Cisco ESA to prompt users to enter two forms ofinformation before gaining access The Cisco ESA must also join a cluster machine usingpreshared keys What must be configured to meet these requirements?
A. Enable two-factor authentication through a RADIUS server and then join the cluster byusing the Cisco ESA CLI B. Enable two-factor authentication through a RADIUS server and then join the cluster byusing the Cisco ESA GUI C. Enable two-factor authentication through a TACACS+ server and then join the cluster byusing the Cisco ESA GUI. D. Enable two-factor authentication through a TACACS+ server and then join the cluster byusing the Cisco ESA CLI
Answer: A
Explanation: Two-factor authentication is a security feature that requires users to provide
two forms of information before gaining access to the Cisco ESA. The two factors are
usually something the user knows, such as a password, and something the user has, such
as a token or a code. Two-factor authentication can be enabled for specific user roles on
the Cisco ESA through a RADIUS server, which is an external authentication server that
supports the Remote Authentication Dial-In User Service (RADIUS) protocol. The RADIUS
server can generate and validate the second factor for the users, such as a one-time
password (OTP) or a time-based one-time password (TOTP). To enable two-factor
authentication through a RADIUS server, the network engineer must configure the RADIUS
server settings on the Cisco ESA, and assign the user roles that require two-factor
authentication to use the RADIUS server as the authentication source. This can be done on
the System Administration > Users page in the web interface, or by using the userconfig
command in the CLI12.
A cluster is a group of Cisco ESAs that share the same configuration information and can
be managed centrally. A cluster can provide increased reliability, flexibility, and scalability
for the email security system. To join a cluster, a Cisco ESA must have the same AsyncOS
version as the other cluster members, and must use a pre-shared key to authenticate with the cluster leader. The pre-shared key is a secret passphrase that is configured on the
cluster leader and must be entered on the joining appliance. To join a cluster by using the
Cisco ESA CLI, the network engineer must use the clusterconfig command, which allows
the engineer to create a new cluster, join an existing cluster, or leave a cluster. The
clusterconfig command also allows the engineer to specify the communication port and the
hostname or IP address of the cluster leader. If the Cisco ESA has enabled two-factor
authentication, the network engineer must also use the clusterconfig > prepjoin command
to configure the pre-shared key before joining the cluster34.
Therefore, option A is the correct answer, and the other options are incorrect. Option B is
incorrect because the cluster configuration options must be done via the CLI on the Cisco
ESA and cannot be created or joined in the GUI. Option C is incorrect because the Cisco
ESA does not support TACACS+ as an external authentication source, only LDAP and
RADIUS. Option D is incorrect because it also uses TACACS+, which is not supported by
the Cisco ESA. References :=
User Guide for AsyncOS 14.0 for Cisco Secure Email Gateway - GD (General
Deployment) - Distributing Administrative Tasks
User Guide for AsyncOS 14.0 for Cisco Secure Email Gateway - GD (General
Deployment) - External Authentication
Configure an Email Security Appliance (ESA) Cluster
User Guide for AsyncOS 14.0 for Cisco Secure Email Gateway - GD (General
Deployment) - Centralized Management
Question # 10
Email security has become a high priority task for a security engineer at a large multinational organization due to ongoing phishing campaigns. To help control this, the engineerhas deployed an Incoming Content Filter with a URL reputation of (-10 00 to -6 00) on theCisco ESA Which action will the system perform to disable any links in messages thatmatch the filter?
A. Defang B. Quarantine C. FilterAction D. ScreenAction
Answer: A
Defanging is the process of modifying a URL in a message to prevent it from being
clickable. This can help protect users from malicious links that have a low URL reputation
score. Defanging is one of the actions that can be configured in the Incoming Content Filter
on the Cisco ESA. The other actions are Quarantine, FilterAction, and ScreenAction.
Quarantine sends the message to a quarantine area for further inspection. FilterAction
applies a predefined action such as drop, bounce, or deliver. ScreenAction displays a
warning message to the user before allowing them to access the URL. Defanging is the only action that disables the links in the message without affecting the delivery or visibility
of the message12. References: 1: URL Filtering on the Cisco IronPort ESA – Mikail’s
Blog 2: Configure URL Filtering for Secure Email Gateway and Cloud Gateway - Cisco
An engineer must configure Cisco AMP for Endpoints so that it contains a list of files thatshould not be executed by users. These files must not be quarantined. Which action meetsthis configuration requirement?
A. Identity the network IPs and place them in a blocked list. . B. Modify the advanced custom detection list to include these files. C. Create an application control blocked applications list. D. Add a list for simple custom detection.
Answer: C
Explanation:
create an application control blocked applications list. This option allows you to specify a
list of files that you want to prevent from running on the endpoints that have the AMP
connector installed. The files are identified by their SHA-256 hashes, and you can upload
them individually or in a batch. The files are not quarantined, but they are blocked from
execution and reported as events in the AMP console1. This option is different from the
simple custom detection list, which is used to detect and quarantine specific files that are
considered malicious2. The advanced custom detection list is also used to detect and
quarantine files, but it allows you to specify more criteria such as file size, file name, and
file path3. The IP block and allow lists are used to control the network traffic to and from the
endpoints, not the file execution4. References: 1: Configure Application Control on the
AMP for Endpoints Portal 2: Configure a Simple Custom Detection List on the AMP for
Endpoints Portal 3: [Configure an Advanced Custom Detection List on the AMP for
Endpoints Portal] 4: [Configure IP Block and Allow Lists on the AMP for Endpoints Portal]
Question # 12
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility,
provide policy integration and deployment, and implement security policies with access
lists?
A. VMware APIC B. VMwarevRealize C. VMware fusion D. VMware horizons
Answer: A
Explanation: VMware APIC is a platform that integrates with Cisco ACI to provide
enhanced visibility, policy integration and deployment, and security policies with access
lists. VMware APIC is a virtual appliance that runs on VMware vSphere and communicates
with the Cisco APIC controller. VMware APIC allows administrators to create and manage
Cisco ACI policies for VMware virtual machines and networks. VMware APIC also provides
a unified view of the physical and virtual network topology, health, and statistics. VMware
APIC supports the following modes of Cisco ACI and VMware integration:
VMware VDS: When integrated with Cisco ACI, the VMware vSphere Distributed
Switch (VDS) enables administrators to configure VM networking in the ACI fabric.
Cisco ACI Virtual Edge: Cisco ACI Virtual Edge is a distributed service that
provides Layer 4 to Layer 7 services for applications running on VMware vSphere.
Cisco Application Virtual Switch (AVS): Cisco AVS is a distributed virtual switch
that provides policy-based network services for VMware vSphere
environments. References:
Cisco ACI with VMware VDS Integration
Cisco ACI and VMware NSX-T Data Center Integration
Cisco ACI and VMware: The Perfect Pair
Setting the Record Straight: Confusion about ACI on VMware Technologies
Question # 13
Which Cisco WSA feature supports access control using URL categories?
A. transparent user identification B. SOCKS proxy services C. web usage controls D. user session restrictions
Answer: C
Web usage controls are a feature of Cisco Web Security Appliance (WSA) that allow
administrators to define and enforce policies for web access based on URL categories.
URL categories are groups of websites that share a common theme or content, such as
news, sports, entertainment, etc. Cisco WSA uses the Cisco Dynamic Content Analysis
Engine and the Talos Security Intelligence and Research Group to provide accurate and
up-to-date URL categorization. Administrators can use the web usage controls to allow,
block, warn, or monitor web requests based on the URL category of the destination
website. They can also create custom URL categories to include or exclude specific
domains or URLs from the predefined categories. Web usage controls help administrators
to control web traffic, enhance security, improve productivity, and comply with regulatory
and organizational requirements. References :=
Some possible references are:
Web Usage Controls - Cisco Web Security Appliance User Guide, Cisco
Cisco Web Usage Control Filtering Categories Data Sheet, Cisco
Define Custom URL Categories in WSA, Cisco
Question # 14
Which API method and required attribute are used to add a device into Cisco DNA Centerwith the native API?
A. GET and serialNumber B. userSudiSerlalNos and deviceInfo C. POST and name D. lastSyncTime and pid
Answer: C
To add a device into Cisco DNA Center with the native API, the POST method and
the name attribute are required. The POST method is used to create a new resource on the
server, such as a device. The name attribute is used to specify the hostname or IP address
of the device to be added. The POST method requires a JSON body that contains the
device information, such as the name, type, role, credentials, and other optional
parameters. The Cisco DNA Center API documentation provides an example of the JSON
body and the response for adding a device1. The Cisco DNA Center Platform User Guide
also explains how to use the native API to add devices2. References := 1: Cisco DNA
Center API Documentation - Add Device 2: Cisco DNA Center Platform User Guide,
Release 2.3.5 - Manage Devices Using the Native API
Question # 15
What is a benefit of a Cisco Secure Email Gateway Virtual as compared to a physicalSecure Email Gateway?
A. simplifies the distribution of software updates B. provides faster performance C. provides an automated setup process D. enables the allocation of additional resources
Answer: D
Explanation: One of the benefits of a Cisco Secure Email Gateway Virtual appliance
compared to a physical one is the ability to allocate additional resources as needed. Virtual
appliances can be easily scaled up by allocating more CPU, memory, or storage resources,
providing flexibility and scalability in response to changing demands or growth.
Question # 16
A network administrator is modifying a remote access VPN on an FTD managed by anFMC. The administrator wants to offload traffic to certain trusted domains. Theadministrator wants this traffic to go out of the client's local internet and send other internetbound traffic over the VPN Which feature must the administrator configure?
A. dynamic split tunneling B. local LAN access C. dynamic access policies D. reverse route injection
Answer: A
In a remote access VPN configuration, dynamic split tunneling allows traffic
to certain trusted domains to bypass the VPN tunnel and exit through the client's local
internet gateway. This feature selectively directs only the necessary traffic over the VPN,
while allowing direct internet access for specific domains or traffic deemed safe or trusted,
optimizing bandwidth and performance for remote users.
Question # 17
A network security engineer must export packet captures from the Cisco FMC web browserwhile troubleshooting an issue. When navigating to the address https://<FMCIP>/capure/CAPI/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file.Which action must the engineer take to resolve this issue?
A. Disable the proxy setting on the browser B. Disable the HTTPS server and use HTTP instead C. Use the Cisco FTD IP address as the proxy server setting on the browser D. Enable the HTTPS server for the device platform policy
Answer: D
The error 403: Forbidden indicates that the web server denied access to the
requested resource, which in this case is the PCAP file. One possible reason for this error
is that the HTTPS server is not enabled for the device platform policy, which is a
configuration that applies to the FTD devices managed by the FMC. The device platform
policy defines the settings for the management interface, the SSH access, the SNMP, the
NTP, the DNS, and the HTTPS server. The HTTPS server allows the FMC to access the
FTD devices via HTTPS and perform tasks such as packet capture, packet tracer, and file
transfer. If the HTTPS server is not enabled for the device platform policy, the FMC cannot
access the PCAP file from the FTD device via HTTPS. Therefore, the engineer must
enable the HTTPS server for the device platform policy in order to resolve this issue. To
enable the HTTPS server for the device platform policy, the engineer must follow these
steps:
Log in to the FMC web interface and navigate to Devices > Platform Settings.
Select the device platform policy that applies to the FTD device and click Edit.
In the General tab, check the Enable HTTPS Server checkbox and click Save.
Deploy the policy changes to the FTD device and wait for the deployment to
complete.
Try to access the PCAP file again from the FMC web browser using the same
address.
Alternatively, the engineer can also enable the HTTPS server for the FTD device from the
FTD CLI using the command configure network https-server enable. However, this method
is not recommended because it may cause a configuration conflict with the FMC123
References := 1: Use Firepower Threat Defense Captures and Packet Tracer - Cisco 2:
Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager,
Firepower Threat Defense Command Reference - C through D Commands [Cisco
Firepower NGFW] - Cisco
Question # 18
Which Cisco security solution determines if an endpoint has the latest OS updates andpatches installed on the system?
A. Cisco Endpoint Security Analytics B. Cisco AMP for Endpoints C. Endpoint Compliance Scanner D. Security Posture Assessment Service
Answer: B
Cisco AMP for Endpoints is the Cisco security solution that determines if an endpoint has
the latest OS updates and patches installed on the system. Cisco AMP for Endpoints is a
cloud-based endpoint protection platform that provides advanced malware prevention,
detection, and response capabilities. One of the features of Cisco AMP for Endpoints is the
Endpoint Compliance Scanner, which allows administrators to create and enforce policies
that check the compliance status of endpoints based on various criteria, such as OS
version, patch level, antivirus status, firewall status, and more. The Endpoint Compliance
Scanner can also remediate non-compliant endpoints by applying patches, updating
antivirus signatures, enabling firewall, and so on. By using the Endpoint Compliance Scanner, administrators can ensure that all endpoints are up to date and secure against
known vulnerabilities and threats. References:
Cisco AMP for Endpoints
Endpoint Compliance Scanner
Implementing and Operating Cisco Security Core Technologies (SCOR) - Module
4: Endpoint Protection and Detection
Question # 19
Based on the NIST 800-145 guide, which cloud architecture is provisioned for exclusiveuse by a specific group of consumers from different organizations and may be owned,managed, and operated by one or more of those organizations?
A. hybrid cloud B. private cloud C. community cloud D. public cloud
Answer: C
According to the NIST 800-145 guide1, a community cloud is a cloud
infrastructure that is provisioned for exclusive use by a specific community of consumers
from organizations that have shared concerns (e.g., mission, security requirements, policy,
and compliance considerations). It may be owned, managed, and operated by one or more
of the organizations in the community, a third party, or some combination of them, and it
may exist on or off premises. A community cloud differs from a private cloud, which is
provisioned for exclusive use by a single organization, and a public cloud, which is
provisioned for open use by the general public. A hybrid cloud is a composition of two or
more distinct cloud infrastructures (private, community, or public) that remain unique
entities, but are bound together by standardized or proprietary technology that enables
data and application portability (e.g., cloud bursting for load balancing between
clouds). References := 1: NIST SP 800-145, The NIST Definition of Cloud Computing,
page 3.
Question # 20
An administrator configures a new destination list in Cisco Umbrella so that theorganization can block specific domains for its devices. What should be done to ensure thatall subdomains of domain.com are blocked?
A. Configure the *.com address in the block list. B. Configure the *.domain.com address in the block list C. Configure the *.domain.com address in the block list D. Configure the domain.com address in the block list
Answer: D
: To block all subdomains of domain.com, the administrator should configure
the domain.com address in the block list. This is because Umbrella automatically applies a
left side and right side wildcard to every domain in a block or allow destination list.
Therefore, adding domain.com to a block list will result in requests to domain.com or its
subdomains, such as www.domain.com, being blocked. Adding a wildcard character (*) is
not supported and will not work. Adding the *.com address in the block list will block all
domains that end with .com, which is not the desired outcome. References:
Understanding Destination lists supported entries and error messages
Wildcards and Destination Lists
Question # 21
What is a description of microsegmentation?
A. Environments deploy a container orchestration platform, such as Kubernetes, tomanage the application delivery. B. Environments apply a zero-trust model and specify how applications on different serversor containers can communicate. C. Environments deploy centrally managed host-based firewall rules on each server orcontainer. D. Environments implement private VLAN segmentation to group servers with similarapplications.
Answer: B
Microsegmentation is a network security strategy that breaks a network into
smaller network “segments” to boost security and control over data traffic1. Unlike
traditional network security, which primarily defends the network’s outer boundaries,
microsegmentation focuses on securing individual workloads and devices within the
network2. Microsegmentation uses an allow-list model to significantly reduce the attack
surface across different workload types and environments3. Microsegmentation is also
referred to as application segmentation or east-west segmentation in a multicloud data
center4.
Option B is the correct description of microsegmentation, as it captures the essence of
applying a zero-trust model and specifying how applications on different servers or
containers can communicate. Option A is incorrect, as deploying a container orchestration
platform is not a sufficient condition for microsegmentation. Option C is incorrect, as
deploying host-based firewall rules is not a necessary condition for microsegmentation.
Option D is incorrect, as implementing private VLAN segmentation is a different technique from microsegmentation. References: An Introduction to Microsegmentation in Network
Security. What Is Micro-Segmentation? - Cisco. What Is Microsegmentation? - Palo Alto
Networks. What Is Microsegmentation in Networking? Beginner’s Guide.
Question # 22
Which two protocols must be configured to authenticate end users to the Cisco WSA?(Choose two.)
A. TACACS+ B. CHAP C. NTLMSSP D. RADIUS E. Kerberos
Answer: C,E
The Cisco WSA supports mainly two authentication protocols: LDAP and
NTLM. LDAP is a standard protocol for accessing directory services, such as Active
Directory or OpenLDAP. NTLM is a proprietary protocol for authenticating Windows clients
to Windows servers. NTLM has two versions: NTLMv1 and NTLMv2. NTLMSSP (NT LAN
Manager Security Support Provider) is a variant of NTLMv2 that provides additional
security features, such as message integrity and confidentiality. The Cisco WSA supports
both LDAP and NTLMSSP using basic authentication, which requires the user to enter a
username and password. The Cisco WSA also supports Kerberos, which is a network
authentication protocol that uses tickets to authenticate users and services. Kerberos is
based on symmetric-key cryptography and requires a trusted third party, called the Key
Distribution Center (KDC), to issue and validate tickets. Kerberos is more secure and
efficient than NTLM, as it does not require the user to enter credentials repeatedly and does not send passwords over the network. The Cisco WSA supports Kerberos only in
standard mode, not in cloud connector mode. The Cisco WSA does not support TACACS+
or CHAP as authentication protocols. TACACS+ is a Cisco proprietary protocol for
authenticating network devices and users to a central server. CHAP is a challengeresponse protocol for authenticating PPP connections. These protocols are not designed
for web security appliances and are not compatible with the Cisco WSA. References:
User Guide for AsyncOS 11.0 for Cisco Web Security Appliances (Section:
Acquire End-User Credentials)
Cisco WSA Authentication
WSA Authentication
Question # 23
What are two ways that Cisco Container Platform provides value to customers who utilizecloud service providers? (Choose two.)
A. Allows developers to create code once and deploy to multiple clouds B. helps maintain source code for cloud deployments C. manages Docker containers D. manages Kubernetes clusters E. Creates complex tasks for managing code
Answer: A,D
Cisco Container Platform (CCP) is a solution that simplifies the deploymen and management of containerized applications across multiple clouds. It provides the
following benefits to customers who utilize cloud service providers12:
Allows developers to create code once and deploy to multiple clouds. CCP is
based on open source components, such as Kubernetes and Docker, that are
compatible with various cloud platforms. This enables developers to write code
once and run it anywhere, without worrying about the underlying infrastructure or
vendor lock-in. CCP also supports hybrid and multicloud scenarios, allowing
customers to leverage the best features of different cloud providers and optimize
their costs and performance.
Manages Kubernetes clusters. CCP automates the installation, configuration, and
maintenance of Kubernetes clusters, which are groups of nodes that run
containerized applications. CCP provides a simple GUI-driven menu system to
deploy clusters, as well as automated monthly updates for bug fixes, feature
enhancements, and security patches. CCP also offers a choice of networking
solutions, such as Cisco ACI, Calico, or Contiv, to connect and secure the clusters.
CCP also integrates with Cisco AppDynamics and Prometheus for visibility and
monitoring of the clusters and applications. References:
Cisco Container Platform - Cisco
Cisco Container Platform - At-a-Glance - Cisco
Question # 24
An engineer is configuring their router to send NetfFow data to Stealthwatch which has anIP address of 1 1 11 using the flow record Stea!thwatch406397954 command Whichadditional command is required to complete the flow record?
A. transport udp 2055 B. match ipv4 ttl C. cache timeout active 60 D. destination 1.1.1.1
Answer: D
The destination command is required to complete the flow record and
specify the IP address of the Stealthwatch collector that will receive the NetFlow data. The
transport udp 2055 command is also needed, but it is part of the flow exporter
configuration, not the flow record. The match ipv4 ttl and cache timeout active 60
commands are optional and can be used to customize the flow record, but they are not
mandatory. The flow record defines the fields that are collected and exported for each flow,
such as source and destination IP addresses, ports, protocols, etc. The flow exporter defines the destination, source, transport protocol, and port for sending the NetFlow data.
The flow monitor binds the flow record and the flow exporter together and applies them to
an interface. The following is an example of a complete NetFlow configuration for sending
data to Stealthwatch:
flow exporter EXPORTER description Export NetFlow to Stealthwatch destination 1.1.1.1
export-protocol netflow-v9 source Vlan100 transport udp 2055 ! flow record RECORD
description NetFlow record match datalink mac source address input match datalink mac
destination address input match datalink vlan input match ipv4 ttl match ipv4 tos match ipv4
protocol match ipv4 source address match ipv4 destination address match transport
source-port match transport destination-port match interface input collect interface output
collect counter bytes long collect counter packets long collect timestamp absolute first
collect timestamp absolute last ! flow monitor IPv4_NETFLOW record RECORD exporter
EXPORTER cache timeout active 60 ! interface <> ip flow monitor IPv4_NETFLOW input
! References : Configuring and Troubleshooting NetFlow for Stealthwatch, Cisco NetFlow
Configuration, Building a Better Monitoring Solution with Flexible Netflow
Question # 25
A large organization wants to deploy a security appliance in the public cloud to form a siteto-site VPNand link the public cloud environment to the private cloud in the headquarters data center.Which Ciscosecurity appliance meets these requirements?
A. Cisco Cloud Orchestrator B. Cisco ASAV C. Cisco WSAV D. Cisco Stealthwatch Cloud
Answer: B
Feedback That Matters: Reviews of Our Cisco 350-701 Dumps
Narmada SanghviApr 29, 2026
MyCertsHub helped me turn complex Cisco security topics into something manageable. The labs were the real game changer because the theory stuck because of the hands-on practice.
Margaret TylerApr 28, 2026
I went into 350-701 thinking the VPN and secure network design questions would be my weak spots. Those became my strongest areas after I used MyCertsHub. Couldn’t be happier with the result.
Delilah JamesApr 28, 2026
What impressed me most was how updated the material was. Even the newer security features were covered, so I didn’t get caught off guard during the exam.
Brian HamiltonApr 27, 2026
I liked the fact that the course didn't just dump information; it also explained why certain configurations work. That helped me remember details under exam pressure.
Charlie RossApr 27, 2026
Unlike other study guides, this one kept me interested. I was able to study during my work hours and still pass the 350-701 with confidence thanks to the short, clear modules.
Patrick TurnerApr 26, 2026
The scenario-based practice questions were gold. They mirrored the way Cisco frames real-world security problems in the actual test.
Narmada Sanghvi
Margaret Tyler
Charlie Ross
Patrick Turner