350-701 Free Practice Test

- (Exam Topic 1)
Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two)

1. A. Patch for cross-site scripting.
2. B. Perform backups to the private cloud.
3. C. Protect against input validation and character escapes in the endpoint.
4. D. Install a spam and virus email filter.
5. E. Protect systems with an up-to-date antimalware program

Correct Answer: DE
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputablesource. It is usually done through email. The goal is to steal sensitive data like credit card and login information,or to install malware on the victim’s machine.

- (Exam Topic 2)
What is the role of Cisco Umbrella Roaming when it is installed on an endpoint?

1. A. To protect the endpoint against malicious file transfers
2. B. To ensure that assets are secure from malicious links on and off the corporate network
3. C. To establish secure VPN connectivity to the corporate network
4. D. To enforce posture compliance and mandatory software

Correct Answer: B
Umbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall. It protects your employees even when they are off the VPN.

- (Exam Topic 3)
An engineer is deploying Cisco Advanced Malware Protection (AMP) for Endpoints and wants to create a policy that prevents users from executing file named abc424952615.exe without quarantining that file What type of Outbreak Control list must the SHA.-256 hash value for the file be added to in order to accomplish this?

1. A. Advanced Custom Detection
2. B. Blocked Application
3. C. Isolation
4. D. Simple Custom Detection

Correct Answer: B

- (Exam Topic 3)
Refer to the exhibit.

What are two indications of the Cisco Firepower Services Module configuration? (Choose two.)

1. A. The module is operating in IDS mode.
2. B. Traffic is blocked if the module fails.
3. C. The module fails to receive redirected traffic.
4. D. The module is operating in IPS mode.
5. E. Traffic continues to flow if the module fails.

Correct Answer: AE
sfr {fail-open | fail-close [monitor-only]} <- There's a couple different options here. The first one is fail-open which means that if the Firepower software module is unavailable, the ASA will continue to forward traffic. fail-close means that if the Firepower module fails, the traffic will stop flowing. While this doesn't seem ideal, there might be a use case for it when securing highly regulated environments. The monitor-only switch can be used with both and basically puts the Firepower services into IDS-mode only. This might be useful for initial testing or setup.

- (Exam Topic 3)
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures The configuration is created in the simple detection policy section, but it does not work What is the reason for this failure?

1. A. The administrator must upload the file instead of the hash for Cisco AMP to use.
2. B. The MD5 hash uploaded to the simple detection policy is in the incorrect format
3. C. The APK must be uploaded for the application that the detection is intended
4. D. Detections for MD5 signatures must be configured in the advanced custom detection policies

Correct Answer: D