Share your SCOR Experience
February 23rd, 2020
Go to comments
Please share with us your experience to prepare for the new SCOR 350-701 exam, your materials, the way you learned, your recommendations… But please DO NOT share any information about the detail of the exam or your personal information, your score, exam date and location, your email…
Your posts are warmly welcome! Hope you will find useful information here!
Note: Currently there are no lab sims for this exam, only multiple choice and drag drop questions.
Hi guys, do you have any estimated date for the new questions?
Thanks!!!
Hello you passed today with the Q161?
Note: Please do not open any suspicious links (especially short links and links that need to remove some words to open) in the comment section above as they are usually spams and may harm your computer.
hi, i have updated questions dumps, if any want here is my email alisroman161 @ gmail . com
the Q161 is invalled a lot new questions. There are 20 from the 105 questions from the Q161.
I Faild today with 823/825
@Henkjan sorry man, hopefully you pass it next time.
How many questions in the exam?
Some new questions, can’t remember them verbatim…
1) asked about CoA port to allow throughout network
two TCP ports
two UDP ports 1700/3799
book mentions 3799…
2) question about features/benefits of ftd? vs asa
3)asked about DNS tunneling
4)different question about SDN southbound APIs
5) asked about NIST
6) asked question basically definition of CVE
7) think asked about who maintains CVE
8) about four questions about AMP
9) one question about SVTI config issue
10) one question with output about IPSEC issue with ACL?
11) Lots of ESA/WSA questions
12) question about a menu option in ISE for adding/allowing object?
13) question about program wrappers
14) question about ransomeware and a specific attribute of the ones listed on page 101.
15) new question about Sophos engine/outbreak filters – ESA
16) 2 questions about sql injection and whether database attack or user input/webform maniplulation
17) question about PII
18) new question about PKI
19) questions about FMC vs FTD, firepower vs ASA, and access methods/features, about 5? new for firewalls section
20) new question about control plane vs data plane
21) question about sandboxing – AMP
22) questions about TALOS
23) questions about wccp for WSA
24) question about stealthwatch cloud
about all I can remember…if you know the foundation it should be passable.
@NXTo – easiest is for sure SWSA 300-725 exam. The rest like Firepower or ISE are the beasts.
@Karen_Smack_Down many thanks, do you remember how many new questions?
@Anonymous
How many times did you take the exam? LOL
think i found the new dumps here : nwexam com……
not sure yet….anyone used that site before ???
Please update here if someone took the exam recently.
Is premium valid ?
@bobo did you try those dumps?
Hi pls share updated dumps my email address is betswe1 @ gmail . com
@Karen_Smack_Down
Can u verify is this new ques you face in exam
How does DNS Tunneling exfiltrate data?
A. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
B. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
C. An attacker opens a reverse DNS shell to get into the client’s system and install malware on it.
D. An attacker uses a non-standard DNS port to gain access to the organization’s DNS servers in order to poison the resolutions.
Refer to the exhibit
An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?
A. ip dhcp snooping limit 41
B. ip dhcp snooping verify mac-address
C. ip dhcp snooping vlan 41
D. ip dhcp snooping trust
What are two benefits of Flexible NetFlow records
A. They provide attack prevention by dropping the traffic.
B. They allow the user to configure flow information to perform customized traffic identification
C. They provide accounting and billing enhancements
D. They provide monitoring of a wider range of IP packet information from Layer 2 to 4.
E. They converge multiple accounting technologies into one accounting mechanism
most of s1t3s updated for over 200q.
I guess the file was valid now
@Kati
Can you share the new 200q file please
someone can share the new file 200q please
Please share the new dump with us.
Please help to share the updated dump. Will be needing to take before Jan 17.
Thank you very much.
Why is everyone trying to cheat the exams?
When I goto a job site and see all of you agency workers screwing up – I tend to fire you instantly.
I have a track record for firing people after 1 screw up and everyone comes in with a CCNP level! So be careful. You want to write CCNP after your name and cant perform the tasks – Take all the exams you want to take, but when you screw up – You’re Fired!
I see 52 new questions from 12/27 under premium. Is premium now valid?
Anyone has SCOR cbt nuggets? It was released last month. Kindly share. Thank you.
for those who have taken the exam, check if is valid.
https://cloud.degoo.com/share/QvQvwsXS2mNaHy
225q file
many questions have the wrong answers. better do a review
Sell the OCG and do away with the paid exams. That simple.
@Oracle_Crack
Yes very similar to what you posted.
Total 105 questions.
20 from 161
80+ New
@Kati, looks legit..the premium new questions here are also legit.
I feel like there are some I saw on the exam that is not listed. Mostly AMP questions, another VPN question, and another SQL injection question. I can’t remember the details though I would recognize it when I see it…
@Why, Because this is a tool to learn and add more depth to what Cisco is looking for. I went through the exam topics. I did labs using eve-ng with Khawar Butt’s VPN youtube videos.
I watched other courses and read the Cisco documentation to know the answers to the questions were correct, and in doing so was more prepared.
I read through the official guide twice and took notes. So, with all that said and with a mostly new exam, I still missed passing by less than 10 points. I understood most of the material but was still found wanting.
Mini rant: on my exam, I remember clearly it asked about CoA protocol being allowed throughout the network and had both UDP 1700 and UDP 3799. Both are listed in official Cisco documentation. This is only mentioned briefly in the official guide on pages 454 and 456 for UDP 3799.
NOWHERE in the official guide does it mention UDP 1700!!! That is one I believe I got incorrect as I couldn’t remember which of the two UDP ports was correct.
A lot of questions were/are like that, only briefly mentioned and not a focus of the exam topics. Sophos engine and outbreak filters are a perfect example. This question is briefly mentioned on pages 1236 and 1271.
Now I am going through the Cisco Live training along with Khawar butt CCIE V5 my work has to prepare again.
I don’t work with AMP/ESA/WSA(IRONPORT) as that is another section. I work a lot with ASAs, VPNs, dot1x/ISE, radius/tacacs, Splunk, logging and scripting and other SIEMs.
We have CCIE’s where I work that make mistakes. It is called being human. But they own it and fix it.
” I fire someone after one mistake” what a joke. Okay big guy…Toxic work environment. I wouldn’t work for you for twice my current pay.
An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?
A.Disable telnet using the no ip telnet command.
B.Generate the RSA key using the crypto key generate rsa command.
C.Configure the port using the ip ssh port 22 command.
D.Enable the SSH server using the ip ssh server command.
I am thinking D but dumpS say A or B ? Thoughts ?
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-algorithm-ccc.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-xe-3se-3650-cr-book/sec-a1-xe-3se-3850-cr-book_chapter_0110.html
CBT Nuggets SCOR link:
magnet:?xt=urn:btih:b8c6da9c620ba1c5702d51bf7c5a247c61f4e51f&dn=CBT%20Nuggets%20-%20Implementing%20and%20Operating%20Cisco%20Security%20Core%20Technologies%20350-701%20SCOR&tr=http%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&tr=http%3a%2f%2ftracker.kicks-ass.net%2fannounce
@Kati Thank you
For those who took the exam let us know if it’s valid
@anonymous, regarding ssh question it could be B
https://community.cisco.com/t5/switching/getting-ssh-error-connection-refused/td-p/1894810
@Anonymous…
‘B’ is the correct answer
key words “prevent insecure algorithms”
This implies that SSH would be configured as telnet does not use an algorithm(plain text) to secure traffic.
‘A’: would be incorrect as you would configure connectivity via global command
!
ip ssh version 2 !(for example and via )
!
line vty 0 15
!
transport input ssh (to allow secure shell connections)
!
Similarly you do not need to specify SSH to use 22. It uses port 22 by default.
So ‘C’ is also incorrect.
!
‘D’ is also incorrect as the correct global command would be ‘ip ssh version 2’ and allowing remote connections would be on in the line config mode via the ‘transport input ssh’ command…
See the command: crypto key generate rsa general-keys modulus 4096
Think of the command as the higher the number (4096) the more difficult it is to brute force.
So the smaller the number the easier it is to attack. Like a 1 meter thick wall is easier to break through than a 4096 meter thick wall.
@alain, thank you! downloading now.
I found one file which is only 225q and the guy who gave me this file said these are the latest questions from which he passed his exam. can anyone verify this file?
@Agent47, where is the file that needs to be verified? Please post the info for the new file then it can be verified.
Passed my exam today with the q225, 80 of the questions from the 105 where the same.
Hi guys,
Care to share CBT nuggets for Security Core? :)
Can someone share the latest valid dump?
mega . nz / file / ktJw0boC#J8Ev8L0xp9MewxR5kdGu-gZJoE77h17rn_fC3C-ccQA
For which 2 conditions can an endpoint be checked using ISE posture assessment?
the answer should be “Window Service” and “Window Firewall” right?
@fer, the link is already shared (torrent magnet link)
@Question Yes I believe so. Posture assessment wouldnt check against identity and when it comes to the browser, it can check which services are installed, but not against which is set to default.
Hello guys i want to buy the scor dump
Which is better
Pass4sure or do you recommend other sites?
What is a benefit of using Cisco FMC over Cisco ASDM?
A. Cisco FMC uses Java while Cisco ASDM uses HTML5.
B. Cisco FMC provides centralized management while Cisco ASDM does not.
C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices
Correct answer should be “B”. Cisco FMC does not support all firewall products. It only supports FTD and Firepower products, not ASA.
OR
“D” FMC can manage ASAs Firepower Module and the FTD – thus all FW products
Not C > ASDM provides management to multiple ASAs Centralized ?) and the FMC can manage ASAs Firepower Module and the FTD
what do you think ?
hi guys
Kindly share with me the 2 vaild dumps , thanks in advance
@Anonimous
You are right. B is the a Right Ans.
Passed with 917 score. Today. JAN 9. Thanks to premium membership of Securitytut.
@917 Passed
Congratz.. Which Dumps you prepare.
What are two benefits of Flexible NetFlow records? (Choose two)
A. They allow the user to configure flow information to perform customized traffic identification
B. They provide attack prevention by dropping the traffic
C. They provide accounting and billing enhancements
D. They converge multiple accounting technologies into one accounting mechanism
E. They provide monitoring of a wider range of IP packet information from Layer 2 to 4
Answer: A C D is all correct? :
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/flexible-netflow/product_data_sheet0900aecd804b590b.html
Key Advantages to using Flexible NetFlow:
• Flexibility, scalability of flow data beyond traditional NetFlow
• The ability to monitor a wider range of packet information producing new information about network behavior not available today
• Enhanced network anomaly and security detection
• User configurable flow information to perform customized traffic identification and the ability to focus and monitor specific network behavior
• Convergence of multiple accounting technologies into one accounting mechanism
Anyone watched CCNP SCOR from CBT nuggets? what’s your opinion?
PFS vs SHA
Which type of algorithm provides the highest level of protection against brute-force attacks?
A. PFS
B. HMAC
C. MD5
D. SHA
Answer: D
It could be A. PFS as Perfect Forward Secrecy (PFS), also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically.???
Maybe I am overthinking it as PFS is noy an algorithm as SHA but ….
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention
System? (Choose two.)
A. SIP
B. inline normalization
C. SSL
D. packet decoder
E. modbus
Ans: B and D. what do you think?
@AA I register on the membership here in securitytut, and almost all the questions are in the premium membership.
Thanks Securitytut.
@Black
A and C its correct.
see this config guide
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Layer_Preprocessors.html
Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two)
A.Create a class map to match interesting traffic.
B.Define a NetFlow collector by using the flow-export command.
C.Apply NetFlow Exporter to the outside interface in the inbound direction.
D.Create an ACL to allow UDP traffic on port 9996.
E.Enable NetFlow Version 9.
Answers : B and C
This looks like an old question from 300-206 exam and I think it should be A and B ???
In which two ways does a system administrator send web traffic transparently to the Web Security Appliance? (Choose two)
A. configure Active Directory Group Policies to push proxy settings
B. configure policy-based routing on the network infrastructure
C. reference a Proxy Auto Config file
D. configure the proxy IP address in the web-browser settings
E. use Web Cache Communication Protocol
Answer: in dumps C E
I think it should be B and C …text book states that Transparent mode uses WCCP(L3-4) or PBR(L4) on Layer 3 or 4 devices
What is provided by Secure Hash Algorithm in a VPN?
A. Integrity
B. Key Exchange
C. Encryption
D. Authentication
Dump says B but this should be A. Your thoughts?
@beelzebub, A should be the answer. The others just don’t make any sense.
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)
A. secure access to on-premises and cloud applications
B. identification and correction of application vulnerabilities before allowing access to resources
C. single sign-on access to on-premises and cloud applications
D. integration with 802.1x security using native Microsoft Windows supplicant
E. flexibility of different methods of 2FA such as phone callbacks, SMS passcodes, and push notifications
A & E or A & C
@Ghost
What are two reasons for implementing a multifactor authentication solution such as Duo Security provide to an organization? (Choose two)
I think it’s A and E.
A and C are Correct
@Black
I don’t think C would be correct since the question is pertaining to “multifactor” authentication.
“What is single sign-on? Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.”
@beelzebub
A and E are correct
Question 13
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
A. 1
B. 3
C. 5
D. 10
Answer: D or B?
Question 18
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?
A. Configure the Cisco WSA to modify policies based on the traffic seen
B. Configure the Cisco ESA to receive real-time updates from Talos
C. Configure the Cisco WSA to receive real-time updates from Talos
D. Configure the Cisco ESA to modify policies based on the traffic seen
Answer: D or B?
Question 19
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
A. Encrypted Traffic Analytics
B. Threat Intelligence Director
C. Cognitive Threat Analytics
D. Cisco Talos Intelligence
Answer: B or D?
Question 20
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
A. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.
B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
D and E or B and D?
Question 21
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify an access policy
B. Modify identification profiles
C. Modify outbound malware scanning policies
D. Modify web proxy settings
Answer: A or C?
Question 31
A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)
B. trust
E. allow or E. monitor?
Question 32
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
A. mirror port
B. Flow
C. NetFlow
D. VPC flow logs
Answer: C or D?
Question 44
What is a benefit of using Cisco FMC over Cisco ASDM?
A. Cisco FMC uses Java while Cisco ASDM uses HTML5.
B. Cisco FMC provides centralized management while Cisco ASDM does not.
C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices
Answer: B or D?
Question 48
What is an attribute of the DevSecOps process?
A. mandated security controls and check lists
OR
C. development security?
Does anybody have the latest dumps or can tell where to find them.
Question 26
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure
Answer: B or C?
Question 13
A network administrator is configuring a rule in an access control policy to block certain URLs and selects the “Chat and Instant Messaging” category. Which reputation score should be selected to accomplish this goal?
A. 1
B. 3
C. 5
D. 10
Answer: D or B?
Question 18
An organization received a large amount of SPAM messages over a short time period. In order to take action on the messages, it must be determined how harmful the messages are and this needs to happen dynamically. What must be configured to accomplish this?
A. Configure the Cisco WSA to modify policies based on the traffic seen
B. Configure the Cisco ESA to receive real-time updates from Talos
C. Configure the Cisco WSA to receive real-time updates from Talos
D. Configure the Cisco ESA to modify policies based on the traffic seen
Answer: D or B?
Question 19
Which product allows Cisco FMC to push security intelligence observable to its sensors from other products?
A. Encrypted Traffic Analytics
B. Threat Intelligence Director
C. Cognitive Threat Analytics
D. Cisco Talos Intelligence
Answer: B or D?
Question 20
What are two differences between a Cisco WSA that is running in transparent mode and one running in explicit mode? (Choose two)
A. When the Cisco WSA is running in transparent mode, it uses the WSA’s own IP address as the HTTP request destination.
B. The Cisco WSA responds with its own IP address only if it is running in explicit mode.
C. The Cisco WSA is configured in a web browser only if it is running in transparent mode.
D. The Cisco WSA uses a Layer 3 device to redirect traffic only if it is running in transparent mode.
E. The Cisco WSA responds with its own IP address only if it is running in transparent mode.
D and E or B and D?
Question 21
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify an access policy
B. Modify identification profiles
C. Modify outbound malware scanning policies
D. Modify web proxy settings
Answer: A or C?
Question 26
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure
Answer: B or C?
Question 31
A Cisco Firepower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two)
B. trust
E. allow or E. monitor?
Question 32
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
A. mirror port
B. Flow
C. NetFlow
D. VPC flow logs
Answer: C or D?
Question 44
What is a benefit of using Cisco FMC over Cisco ASDM?
A. Cisco FMC uses Java while Cisco ASDM uses HTML5.
B. Cisco FMC provides centralized management while Cisco ASDM does not.
C. Cisco FMC supports pushing configurations to devices while Cisco ASDM does not.
D. Cisco FMC supports all firewall products whereas Cisco ASDM only supports Cisco ASA devices
Answer: B or D?
Question 48
What is an attribute of the DevSecOps process?
A. mandated security controls and check lists
OR
C. development security?
I have passed SCOR 350-701 on 12-Jan-2021.
Some Questions was really confusing from Content Security & Endpoint Protection and Detection.
Any latest dumps 2021 ?
@Shuvo Sarker, kindly share materials used for the preparation of the exam(dumps, books etc..)
@alis I passed in 350-701 last week with 89% marks. If any want in cheap cost email me alisroman 1 6 1 @ g mail . c o m
@Fernandeen_ingah
for question 48
‘C’ should be correct.
See the OCG page 1166-1167
“The OWASP Proactive Controls
(https://www.owasp.org/index.php/OWASP_Proactive_Controls)
is a collection of secure development practices and
guidelines that any software developer should follow to
build secure applications. These practices will help you
to shift security earlier into design, coding, and testing.
Here are the OWASP Top 10 Proactive Controls:”
@Fernandeen_ingahA
BLUF: ‘B’ is correct.
‘A’ is incorrect – It is actually reverse…ASDM=Java, FMC=HTML5
+
“Ensure the ASDM client system runs a supported version of Java JRE.”
From: https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html
+
You can connect to the FMCv web interface using the network information you have just configured.
From: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-initial-setup.html
!
!
!
‘B’ is correct answer…What is a benefit? in this context…an advantage of using one thing over another…FMC is centralized management – ASDM is Local=Distributed=non-Centralized=More Work.
+
“FirePOWER module that is installed on an ASA can be managed by either:
Firepower Management Center (FMC) – This is the off-box management solution.
ASDM – This is the on-box management solution.”
From:https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html
!
!
!
‘C’ is incorrect…While there are benefits to using FMC over ASDM for certain configuration changes…is how the configuration is being saved/applied a benefit? The real benefit is being able to manage multiple devices from a single application interface (FMC) vs having to connect to each device (ASDM).
!
!
!
‘D’ is incorrect. Again, FMC is centralized management vs Local, distributed management with ASDM. “FirePOWER module that is installed on an ASA can be managed by either:
Firepower Management Center (FMC) – This is the off-box management solution.
OR
ASDM – This is the on-box management solution.”
Question 32
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization’s public cloud to send telemetry using the cloud provider’s mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
A. mirror port
B. Flow
C. NetFlow
D. VPC flow logs
Answer: C or D?
‘D’ Correct Answer
Key part of the question is “using the cloud provider’s mechanisms”
Key Concept is “Cloud” = Virtualization.
VPC = Virtual Private Cloud
“Now there’s a new option for Amazon Web Services (AWS) customers who operate virtual private cloud (VPC) networks. AWS recently introduced VPC Flow Logs, which facilitate logging of all the IP traffic to, from, and across your network. These logs are stored as records in special Amazon CloudWatch log groups and provide the same kind of information as NetFlow data.”
From: https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch-cloud/at-a-glance-c45-739851.html
VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as Google Kubernetes Engine nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.
Amazon Web Services (AWS) Virtual Private Cloud (VPC) Flow Logs containing network flow metadata offer a powerful resource for security. Not only can you log all IP flows in a VPC network with help from flow logs, but you can also use this data to perform various types of flow analysis. That brings security and network processes practiced in AWS environments closer to those practiced for conventional IT. Importantly, as you will see here, flow logs help enable a very specific security technology called entity modeling, which can significantly improve your network security and overall AWS server understanding.
From:https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch-cloud/at-a-glance-c45-739850.html
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. After you’ve created a flow log, you can retrieve and view its data in the chosen destination.
From:https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
NetFlow is used by IT professionals to analyze network traffic flow and volume to determine where traffic is coming from, where it is going to, and how much traffic is being generated. NetFlow-enabled routers export traffic statistics as NetFlow records which are then collected by a NetFlow collector.
Question 26
Which Cisco platform ensures that machines that connect to organizational networks have the recommended antivirus definitions and patches to help prevent an organizational malware outbreak?
A. Cisco WiSM
B. Cisco ESA
C. Cisco ISE
D. Cisco Prime Infrastructure
Answer: B or C?
C is correct answer…
https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_compliance.html
Search keyword “patches” for topic “Create Patch Management Conditions”
The ESA is Cisco Email Security Appliance. This topic is relevant to questions dealing with Sophos engine and outbreak filters.
See the OCG starting at page 1187.
Question 21
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify an access policy
B. Modify identification profiles
C. Modify outbound malware scanning policies
D. Modify web proxy settings
Answer: A or C?
‘C’ is correct answer.
See “Overview of Scanning Outbound Traffic”
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_01111.pdf
Anyone attempted this exam of late? Premium Membership valid?
@@bbb you are right – answers B and C are correct – transparent mode uses PBR and WCCP
@Karen – can you remember those below from your exam
5) asked about NIST ….National Institute of Standarts and Technology …what did the question asked for ? Wast it general or specific about FIPS,SP(500/800/1800),ITL builetin ?
12) question about a menu option in ISE for adding/allowing object?………….
Administration > System > Admin Access > Administrators > Admin Users > Add
Administration > System > Admin Access > Administrators > Admin Groups
Administration > System > Admin Access > Authorization > Permissions>Data Access>Add:
1.Full 2.Read-Only 3.No Access
13) question about program wrappers :?
1. API wrappers are language-specific kits or packages that wrap sets of API calls into easy-to-use functions. The wrapper programmatically calls multiple API calls without requiring user interaction, further automating projects.
OR
2.Wrappers offer hackers a method to slip past a user’s
normal defenses. A wrapper is a program used to
combine two or more executables into a single packaged
program. Wrappers are also referred to as binders,
packagers, and EXE binders because they are the
functional equivalent of binders for Windows Portable
Executable files. Some wrappers only allow programs to
be joined; others allow the binding together of three,
four, five, or more programs. Basically, these programs
perform like installation builders and setup programs.
Besides allowing you to bind a program, wrappers add
additional layers of obfuscation and encryption around
the target file, essentially creating a new executable file.
14) question about ransomeware and a specific attribute of the ones listed on page 101:
Ransomware
Over the past few years, ransomware has been used by
criminals making money out of their victims and by
hacktivists and nation-state attackers causing
disruption. Ransomware can propagate like a worm or a
virus but is designed to encrypt personal files on the
victim’s hard drive until a ransom is paid to the
attacker. Ransomware has been around for many years
but made a comeback in recent years. …………..
Ransomware can encrypt specific files in your system or
all your files, in some cases including the master boot
record of your hard disk drive.
15) new question about Sophos engine/outbreak filters – ESA – can you remember anything – I cannot find any Sophos question
17) question about PII – what is PII – sorry dont recal PII ?:(
ANYONE SEAN THOSE QUESTIONS ON THE EXAM ???
=====================
An authorization policy should always implement which of the following concepts?
(Select all that apply.)
Choose:
a Need to know
b Access control filter logs
c Access control debugging logs
d Implicit deny
========================
You are hired to configure a site-to-site VPN between a Cisco FTD device and a Cisco IOS-XE router. Which of the following encryption and hashing protocols will you select for optimal security?
Choose one:
a AES-192, SHA, Diffie-Hellman Group 21
b AES-256, SHA, Diffie-Hellman Group 21
c IDEA, SHA, Diffie-Hellman Group 2
d AES-192, SHA, Diffie-Hellman Group 5
===============
In which type of Cisco WSA deployment mode is the client configured to use the web proxy?
Choose one:
Explicit forward mode
a WCCP mode
b None of these answers is correct
c Transparent mode
===============
The Cisco ESA acts as a mail transfer agent. The Cisco ESA is the destination of which public records?
Choose one:
a MX
b AA
c C-NAME
d All of these answers are correct
=======================
Cisco AMP for Endpoints has connectors for which of the following operating systems?
Choose one:
a Windows
b MacOS
c All of these answers are correct
d Android
=======================
hi
I am preparing for SCORE exam. Can anyone please kindly share materials used for the preparation of the exam such as valid dumps, books , nuggets etc?
thank you
lol :) this is not possible/or maybe I am missing something .
Q.You are hired to configure a site-to-site VPN between a Cisco FTD device and a Cisco IOS-XE router. Which of the following encryption and hashing protocols will you select for optimal security?
Choose one:
a AES-192, SHA, Diffie-Hellman Group 21
b AES-256, SHA, Diffie-Hellman Group 21
c IDEA, SHA, Diffie-Hellman Group 2 >>> Questions are from the SCOR textbook and this is the right answer ?????!!!!!
d AES-192, SHA, Diffie-Hellman Group 5
Anyone have any knowledge of c i s sp site for collaboration like this ?
was anyone pass this exam with q255 dumps recently?
Is this dump is valid?
Which features of Cisco Email Security can protect your organization against email threats? (Choose two.)
A. time-based one-time passwords
B. data loss prevention
C. NetFlow
D. geolocation-based filtering
E. heuristic-based filtering
I’m TOTALLY sure B is the first correct answer but I’m sticking with D & E. I feel D is more correct because of the reasons:
– Prevent email threats coming from specific geographic regions.
– Allow or disallow emails coming from specific geographic regions.
Anyone tried SPOTO dumps for the SCOR exam?
@Alex
I would not trust anyone asking for that kind of money online !!!
Dumps/community here have always worked the best for me, stick around, learn, contribute and
stay away from spammers!
Yeah, I passed 350-701 with 917 score in Japan. The contents here are still valid!
I am planning taking 350-715 sise next, but i have to wait a little as new questions seem to be added according to the information here.
Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
A. Site-to-site VPN peers are using different encryption algorithms.
B. Site-to-site VPN preshared keys are mismatched.
C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.
D. The access control policy is not allowing VPN traffic in.
Answer: C or D ?
@wedo
It is D…all others are irrelevant to the question
The Exabit is showing Phase1 and Phase2 completed ….so A and B have been completed successfully ….C is not relevant to IPsec as it is RAVPN feature…that leaves only D
225q is valid. I just passed the exam on January 15. 912/1000 points
An organization is receiving SPAM emails from a known malicious domain. What must be configured in order to prevent the session during the initial TCP communication?
A. Configure the Cisco ESA to drop the malicious emails.
B. Configure policies to quarantine malicious emails.
C. Configure policies to stop and reject communication
D. Configure the Cisco ESA to reset the TCP connection.
Answer: A or C?
An organization is implementing URL blocking using Cisco Umbrella. The users are able to go to some sites but other sites are not accessible due to an error. Why is the error occurring?
A. Client computers do not have the Cisco Umbrella Root CA certificate installed.
B. IP-Layer Enforcement is not configured.
C. Intelligent proxy and SSL decryption is disabled in the policy.
D. Client computers do not have an SSL certificate deployed from an internal CA server.
Answer: A or C?
which type of protection encrypts RSA keys when they are exported and imported?
A. file
B. passphrase
C. NGE
D. nonexportable
What is right answer?
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
A. Modify an access policy.
B. Modify identification profiles.
C. Modify outbound malware scanning policies
D. Modify web proxy settings
Answer: A or C
???!!!
there is a dump with all valid answers???
Is 225q dumps still valid ?
Are there any practical questions ?