2026 思科CCNP 350-701 SCOR历年真题与题库解析｜安全核心考试备考资料汇总

Which standard is used to automate exchanging cyber threat information?

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the is

Which two services must remain as on premises equipment when a hybrid email solution is deployed? (Choose two.)

An organization has a Cisco Secure Cloud Analytics deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue?

Which two solutions help combat social engineering and phishing at the endpoint level? (Choose two.)

What are two characteristics of the RESTful architecture used within Cisco DNA Center? (Choose two.)

Which feature must be configured before implementing NetFlow on a router?

Which capability is provided by application visibility and control?

Which solution protects hybrid cloud deployment workloads with application visibility and segmentation?

An organization is using CSR1000 routers in their private cloud infrastructure. They must upgrade their code to address vulnerabilities within their running code version. Who is responsible for these upgrades?

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?

Which function is included when Cisco AMP is added to web security?

Which DoS attack uses fragmented packets in an attempt to crash a target machine?

Which feature is used in a push model to allow for session identification, host reauthentication, and session termination?

Which configuration method provides the option to prevent physical and virtual endpoint devices that are in the same base EPG or uSeg from being able to communicate with each other with VMware VDS or Microsoft vSwitch?

Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two.)

Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

An organization is trying to implement micro-segmentation on the network and wants to be able to gain visibility on the applications within the network. The solution must be able to maintain and force compliance. Which product should be used to meet these

An administrator configures a new destination list in Cisco Umbrella so that the organization can block specific domains for its devices. What should be done to ensure that all subdomains of domain.com are blocked?

Which two activities are performed using Cisco DNA Center? (Choose two.)

An engineer enabled SSL decryption for Cisco Umbrella intelligent proxy and needs to ensure that traffic is inspected without alerting end-users. Which action accomplishes this goal?

Which feature only implements on the Cisco ASA in the transparent mode?

What is the term for the concept of limiting communication between applications or containers on the same node?

An organization has noticed an increase in malicious content downloads and wants to use Cisco Umbrella to prevent this activity for suspicious domains while allowing normal web traffic. Which action will accomplish this task?

Which product allows Cisco FMC to push security intelligence observables to its sensors from other products?

Why should organizations migrate to a multifactor authentication strategy?

A network engineering team wants to configure web reputation URL filtering in Cisco vManage by setting the web reputation to Moderate Risk. Which reputation score must be configured in vManage for the URL filtering?

An engineer is onboarding a teleworker to Cisco Umbrella. After the worker's home network identity is configured, which additional action must be taken to complete the network registration?

Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

An email administrator is setting up a new Cisco ESA. The administrator wants to enable the blocking of greymail for the end user. Which feature must the administrator enable first?

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

Which two capabilities does TAXII support? (Choose two.)

What are two functionalities of northbound and southbound APIs within Cisco SDN architecture? (Choose two.)

What is a description of microsegmentation?

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

Which two deployment model configurations are supported for Cisco FTDv in AWS? (Choose two.)

For a given policy in Cisco Umbrella, how should a customer block websites based on a custom list?

Which action adds IOCs to customize detections for a new attack?

An engineer is configuring Cisco WSA and needs to enable a separated email transfer flow from the Internet and from the LAN. Which deployment mode must be used to accomplish this goal?

An administrator is adding a new Cisco ISE node to an existing deployment. What must be done to ensure that the addition of the node will be successful when inputting the FQDN?

Which two endpoint measures are used to minimize the chances of falling victim to phishing and social engineering attacks? (Choose two.)

Which two algorithms must be used when an engineer is creating a connection that will have classified data across it? (Choose two.)

Which IETF attribute is supported for the RADIUS CoA feature?

A company identified a phishing vulnerability during a pentest. What are two ways the company can protect employees from the attack? (Choose two.)

Which feature is supported when deploying Cisco ASAv within the AWS public cloud?

When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?

An engineer configures new features within the Cisco Umbrella dashboard and wants to identify and proxy traffic that is categorized as risky domains and may contain safe and malicious content. Which action accomplishes these objectives?

An engineer needs to configure cloud logging on Cisco ASA with SAL integration. Which parameter must be considered for this configuration?

What is a difference between encrypted passwords and hardcoded passwords?

A network administrator needs a solution to match traffic and allow or deny the traffic based on the type of application, not just the source or destination address and port used. Which kind of security product must the network administrator implement to

A security engineer must add destinations into a destination list in Cisco Umbrella. What describes the application of these changes?

What is a feature of an endpoint detection and response solution?

Which file type is supported when performing a bulk upload of destinations into a destination list on Cisco Umbrella?

What is the benefit of integrating Cisco ISE with an MDM solution?

An engineer must configure a Cisco Secure Email Gateway to use DLP for a company. The company also wants to see the content of emails that violate the DLP policy. Which configuration must be modified in the Data Loss Prevention Settings section to meet th

An organization has a Cisco Secure Cloud Analytics deployment in their environment. Cloud logging is working as expected, but logs are not being received from the on-premise network. What action will resolve this issue?

What are the two types of managed Intercloud Fabric deployment models? (Choose two.)

Which telemetry data captures variations seen within the flow, such as the packets TTL, IP/TCP flags, and payload length?

Which API technology with SDN architecture is used to communicate with a controller and network devices such as routers and switches?

What is a difference between GRE over IPsec and IPsec with crypto map?

Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

An engineer must modify a policy to block specific addresses using Cisco Umbrella. The policy is created already and is actively used by devices, using many of the default policy elements. What else must be done to accomplish this task?

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?

Which type of API is being used when a security application notifies a controller within a software-defined network architecture about a specific security threat?

What is a required prerequisite to enable malware file scanning for the Secure Internet Gateway?

Which feature requires a network discovery policy on the Cisco Firepower NGIPS?

Which method must be used to connect Cisco Secure Workload to external orchestrators at a client site when the client does not allow incoming connections?

Which action configures the IEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms?

Which open standard creates a framework for sharing threat intelligence in a machine-digestible format?

Which two probes are configured to gather attributes of connected endpoints using Cisco Identity Services Engine? (Choose two.)

When wired 802.1X authentication is implemented, which two components are required? (Choose two.)

What is a commonality between DMVPN and FlexVPN technologies?

A switch with Dynamic ARP Inspection enabled has received a spoofed ARP response on a trusted interface. How does the switch behave in this situation?

An administrator has been tasked with configuring the Cisco Secure Email Gateway to ensure there are no viruses before quarantined emails are delivered. In addition, delivery of mail from known bad mail servers must be prevented. Which two actions must be

An organization wants to use Cisco FTD or Cisco ASA devices. Specific URLs must be blocked from being accessed via the firewall, which requires that the administrator input the bad URL categories that the organization wants blocked into the access policy.

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?

An organization wants to implement a cloud-delivered and SaaS based solution to provide visibility and threat detection across the AWS network. The solution must be deployed without software agents and rely on AWS VPC flow logs instead. Which solution mee

Which solution for remote workers enables protection, detection, and response on the endpoint against known and unknown threats?

Which Cisco solution extends network visibility, threat detection, and analytics to public cloud environments?

When an assessment of cloud services and applications is conducted, which tool is used to show user activity and data usage across the applications?

Which action blocks specific IP addresses whenever a computer with Cisco AMP for Endpoints installed connects to the network?

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to miti

Which solution provides end-to-end visibility of applications and insights about application performance?

What is a capability of EPP compared to EDR?

How should an organization gain visibility into encrypted flows leaving the organization?

How does a Cisco Secure Firewall help to lower the risk of exfiltration techniques that steal customer data?

An administrator is implementing management plane protection and must configure an interface on a Cisco router to only terminate management packets that are destined for the router. Which set of IOS commands must be used to complete the implementation?

What is an attribute of Cisco Talos?

What is the definition of phishing?

What is a capability of the Cisco ISE guest service in the web-based portal?

A company named Org.Co plans to migrate a messaging app to a software as a service offering. A security engineer must protect data-at-rest and data in transit, and the solution must enforce policy-based security control automatically. What must be integra