Share your SCOR Experience
February 23rd, 2020
Go to comments
Please share with us your experience to prepare for the new SCOR 350-701 exam, your materials, the way you learned, your recommendations… But please DO NOT share any information about the detail of the exam or your personal information, your score, exam date and location, your email…
Your posts are warmly welcome! Hope you will find useful information here!
Note: Currently there are no lab sims for this exam, only multiple choice and drag drop questions.
hello admins,
please update the page, some students say there are new questions. one of them named Mannu says there are over 50 percent new questions.
please update !!
i prepared from section 1 to 5
did you checked the concept question too , i belive some are coming from it
Hello Guys, any update?
Any news, i have exam the day after tomorrow
Please help
no bro i only prepare sec 1 to 5. i will check the side sections in few days and give feedback if anything came from there. guys please share your feedback also
It’s not possible that there are 50% new questions
@F, I wish you all the best with your exam.
Also, could you please share your feedback afterward? It will clear up the confusion.
Passed today. A few questions seemed to be new but nothing to be worried about. Study all Question from Sectut and you are well prepared.
@ PadCave – Thx a lot for the update. As well folks study questions from Sec concepts !!!
HI anyone know of a study for Palo Alto PCNSE? someone who had passed using that site?
i skiped the seucurity sections i guess most question came from there
Any news?
What is a benefit of using Cisco Tetration?
A. It collects telemetry data from servers and then uses software sensors to analyze flow information.
B. It collects policy compliance data and process details.
C. It collects enforcement data from servers and collects interpacket variation.
D. It collects near-real time data from servers and inventories the software packages that exist on servers
what is the correct A or D guys i saw differetent reports about this question
@James bond
the answer is D
Tetration takes an inventory of every software package installed in each endpoint and compares it to known CVEs to check for vulnerable software packages installed on the servers.
Tetration analyze workloads not flow
anyone can confirm is all questions came from premium section 1 to 5 and right sight menu. please tell.
An organization is trying to improve their Defense in Depth by blocking malicious destinations prior to a connection being established. The solution must be able to block certain applications from being used within the network. Which product should be used to accomplish this goal?
A. Cisco Firepower
B. Cisco Umbrella
C. ISE
D. AMP
Really confused about wording “prior to a connection being established” and “must be able to block certain applications” Tried googling and still got struggle to digest it. Anyone have hands on experience on umbrella? Would appreciate if anyone have a better explanation for this appliance and feature to better understand the answer. Thanks
@Kuru
Umbrella is a DNS layer security , It can not block the application itself ,but it blocks the DNS traffic of the application so it will block it before the connection being established
Hello Guys, I passed the exam today, You have to study the 5 parts and the side sections questions and take the composite questions at least 10 time, and you will do fine.
@omar,
can you share dumps and study material via email.
mu email. abdulbasitmirza @ yahoo . com
Hello all
do the premium account on securitytut valid or not ?
please confirm this point
@omar
did you take new questions on exam?
passed the exam just now,
premium account is enough if you study from it very well ( the 5 SCOR new questions sections + all other sections of SCOR 350-701 not only new questions)
you must practice very well and guarantee that you are 100% confident before joining the exam as i found around 7 new question
so being fully confident with what you have in premium account will let you get the passing score + focusing on the new questions you can slightly guess if you are understanding what studied from secTUT
Good luck to all
am sorry i was totally stressed from the exam and can’t remember the new questions
but one related to anyconnect , another related to GRE vs ipsec with crypto map , one related to what is best for organizations with multiple remote sites (site2site vpn / dmvpn/ gre /…)
i was having around 2 or 3 only DD in the exam !
thats all what i can remeber , good luck for all
Passed the exam yesterday.
Obviously whoever is saying there is 50% new question is too lazy to study all the sections here on SecurityTUT!!!
I would say 30-40% of questions were from the old sections (“Security Concepts” to “Security Products & Solutions” – nothing from old “Drag Drop Questions”)
Another 30-40% of questions were from the new sections – mainly from “New SCOR Questions – Part 5” and some “New SCOR Questions – Part 4”
The rest were from the other sections as well as new question – I would say about 6-7
SecurityTUT doesn’t have the access to the new questions unless students share them here so the admin can update the website so stop asking!
I manage to remember few, maybe someone else can add to it:
Something about Cisco Tetration extract and IPFIX:
A.
B.
C.
D.
How can Cisco Tetration connect to something within customer/3rd party network if the customer/3rd party network doesn’t allow incoming connections:
A. Reverse tunnel
B. GRE tunnel
C. Source NAT
D. Destination NAT
What protocol to use for WCA to connect to something using SSHv2 with generated SSH key…
A. SCP
B. FTP
C. manual download
D. ?
Difference between GRE over IPSec and IPSec with crypto-map
A. GRE over IPSec supports Multicast traffic
B. GRE over IPSec supports non-IP protocols
C.
D.
What protocols would administrator use to secure data in transit/to make sure data is secure.
A. RC4
B. RSA-3084
C. ?
D. AES256
E. SHA-384
Hi all,
Currently studying for the exam.
Which questions are most valid?
I have been through :
SCOR NEW 1-5
Security Concepts 1 and 2
Starting the Composit quizzes tomorrow.
Do I need to study all the other sections such as VPN Questions, Python etc etc
Hi Team, I passed the exam today. I got like 5 new questions only. 2 of them about security zones, and one regarding IPsec VPN not being established (related to proxy IDs). Sorry, but I can’t remember the exact questions.
I studied the New SCOR Questions (part 1 to 5), and the questions under “SCOR 350-701” category at the right-side menu.
Good luck!
Hi ,
How many questions are in total to study in the premium?
passed today
only one question was new to me
about how to connec stealthwatch cloud to onpremisses datacenter
a.public ip
b.private ip
c.nat id
d.unique key
e.
A LOT! Like 750 or something loool
Kindly recommend checkpoint practice questions and answers.
hi @securitytut, did you manage to update those new qns mentioned by @Script ,@Haider & other guys. I didnt see those qns on premium subsc
You guys are the greatest of all times. Passed my exam yesterday. Premium account is valid, just less than 5 new MCQ questions on VPN and one new drag and drop(AAA)
From the other sites, I can see that they have updated the content of their dump it appears that there are new set of questions. Can anyone confirm?
Passed yesterday. 104 questions. 3 drag and drop and about 10 new questions. Premium was very helpful.
these are all i can remember from my exam
Cisco umbrella
Dns sig
Sig security
Debug picture and determine what command was entered
Tacacs steps drag and drop
Mab authentication
Use ip address as username pw
Use caller station id as username pw
Use mac address as username pw
there are new questions on exam?
Hi Everyone, I passed the exam on May 24, 2023.
The actual questions about 90% that I found in securitytut.
you pass exam with securitytut dump?
what do you mean with this link?
can not uderstand you
Passed the exam one week ago, the dumps are 90 to 93% valids, just around 10 new (easy) questions about SNMP, ESAv vs ESA appliance !
new question
A network engineer has been tasked with configuring OSPF neighbor authentication on the WAN router for a branch office. The WAN router connects to the OSPF backbone area via an MPLS circuit that terminates on interface GigabitEthernet 0/0/0. The router id for this router is tied to the loopback0 interface. The password that should be used for neighbor authentication and this password should be encrypted when transmitted over the WAN. Which two IOS commands are required to enable OSPF neighbor authentication on this scenario? (Choose two)
A. Ip ospf message-digest-key under the GigabitEthernet0/0/0 interface configuration
B. Ip ospf authentication-key under Loopback0 interface configuration
C. Service password-encryption under global configuration mode
D. Area 0 authentication under the OSPF routing process configuration
E. Area 0 authentication message-digest under the OSPF routing process configuration
Answer A, E
New question
Which action adds IOCs to customize detections for a new attack?
A. Upload the IOCs into the installed Endpoint IOC feature within Cisco AMP For Endpoints.
B. Use the initiate Endpoint IOC scan feature to gather the IOC information and push it to the clients.
C. Modify the base policy within Cisco AMP for Endpoints to include simple custom detections.
D. Add a custom Advanced detection to include the IOCs needed within Cisco For endpoints.
Answer is A
Pass! Got at least more than 10 new questions 4 D&D and 2 of them are new also. Study premium as it will train you to at least give you idea of what to answer for those new questions. Good luck!
Sorry I cant remember the new questions as I was focus on just finishing the exam.
Studied the 5 SCOR new questions sections + all other sections!
how many wrong answer you can give during exam?
passed the exam today just one hour before.
all Questions are valid. got 5 new Questions. But not so hard
To fellow learners , please do not read only new scor exam rather learn all individual topics as told by securitytut Admin.
@securitytut first of all thank you very much. second there are 104 Questions in real Exam and not 102 Exam. Would be better if you change it in to big composite Exam.
@Nahid – Thx f update !!!
I only receive status of Pass. Didnt even tell what percentage I got, No details of result.
Just completed exam 10mins ago. Passed. I got 104 Question. 10 DnD and about 5 new questions. I spent 5 months studying. Questions from all areas of this site are covered. You can do it if you study hard. Remember Cisco exam changes in July 20th so need to pass this before this otherwise I think there will be new questions not sure. Good luck and thanks SecutyTut, your study guide was excellent.
@Koi, to get a guide as to how you scored you need to check your score at the Prometic site. Its shows you there.
1 20:38:27: IPSEC (validate transform proposal): proxy identities not supported
2 20:38:27: ISAKMP (0:2): IPsec policy invalidated proposal
3 20:38:27: ISAKMP (0:2): SA not acceptable!
4 20:38:27: ISAKMP (0:2): delating node -660087920 error TRUE reason “QM rejected”
87). Refer to the exhibit. An administrator is configuring a VPN tunnel on a Cisco router. The information provided by the administrator of the remote end of the VPN tunnel was that IKEv1 is the tunnel with a preshared. The encryption for both phases in AES and the hash for both phases is SHA-256. The source is 10.10.10.x/24 and the destination subnet is 10.10.20.x/24. The local device cannot establish a VPN tunnel and the debug message shown here is seen in the log file. What must be verified to correct the configuration?
A. Ensure that the ACLs that define interesting traffic symmetrical on both ends
B. Ensure that the IKE version identical on both ends.
C. Ensure that the ISAKMP policy configuration is identical on both ends.
D. Ensure that the preshared key is identical on both ends.
Answer is A or C ???
Just done the exam an hour ago and passed, can confirm 90-93% is from securitytut. Thank you for all your support. I had 5 DND and 5 New Questions. I can confirm that the Q from aaa is valid and answer is A. Please study parts 1-5 and the right hand side menu. its enough to pass the exam. Good Luck All
Thanks Securitytut, I passed the exam. The questions are all valid; study those to pass. Also can confirm that there were about 5 new questions. Now on to the next one!
A company has an infrastructure ACI policy on its perimeter router that denies FC 1918 address, unused address ranges, any packets that use the IP address range that is assigned to the internal IP infrastructure, and 127.0.0.1. All these rules apply to incoming traffic from the internet. Which two attacks are prevented by using this method? (Choose two)
A. Losing the line protocol keep-alives and routing protocol update
B. Spoofing the IP address of another customer to steal service
C. DOS attack that cause high CPU utilization
D. Gaining of access to network devices using a spoofed address
E. Routing processor resource exhaustion
B,C or B,D??
pass the exam today i got 3 new questions,good luck to everyone
please if anyone have a valid dump send to me at {email not allowed} as i get another dump.
what about the exam score for people who pass the exam? it is very enough dump or has incorrect question?
appreacate your help.
please if anyone have a valid dump send to me at mario_aiad2014 @ yahoo com as i get another dump.
what about the exam score for people who pass the exam? it is very enough dump or has incorrect question?
appreacate your help.
I am currently changing my career from networking to cybersecurity. My Cisco certifications will expire in 15 days, and I need to pass the SCOR exam within one week in order to keep them active. Please help!
@Yeshi – If current CCNP cert is expiring then you can re-cert with CCNP Core new exam but there is LAB and SIMs in the exam, so easiest way is SCOR, exam has only test questions !!!
I just passed the exam, thank you @securitytut. All qns were from premium
@scor – thx for update!
My friends , I passed the exam
recommendations
Your study all question part 1,2,3,4,5,6 and question SCOR 350-701. ALL question Securitytut
THIS PART TOO:
Security Concepts
Security Concepts 2
Encryption Questions
VPNs Questions
Software Defined Network SDN
Python & API
Firewall & Intrusion Prevention
Firewall & Intrusion Prevention 2
Email & Web Solutions
Cloud Questions
Identity Services Engine
Layer 2 Security
Secure Network Access
Exfiltration Techniques
Malware Protection & AMP
AAA Questions
Endpoint Protection & Detection
Cisco Umbrella
Security Products & Solutions
Drag Drop Questions
Question new 10 I don’t remember.
TANK GO PASSED THE EXAMEN
I passed the exam, recomentations
You study all question, BUT ALL QUESTION (PART 1,2,3,4,5,6) + THE OTHER QUESTION
New question 10, question with opposite answer
THANK GOD I PASSED THE EXAMEN
All questions were legit, I think I got only one or two answers wrong.
only two or three questions are new.
Thank you Securitytut team. THe primium is valid. Just cleared my SCOR exam today. Got pretty much 98% question from premium account. Had two new question in exam.
1 – IaaS provider resposiblility….
a-VMs
b-VPC
c-PHY network
d-application
e-hypervisor
2-ASA provided by vendor to customer and configs shouldn’t be accesible at phisical location and console cable
a-config revxxxxx….
b-no serv pass rec
c-aaa …login consol
d-no pres butt for pass rec
Other then that all quesitons are valid from premium!!!
Good luck all.
Please answer the above mentioned questions that IK posted:
1 – IaaS provider responsibility….
a-VMs
b-VPC
c-PHY network (this seems to be the correct answer to me)
d-application
e-hypervisor
2-ASA provided by vendor to customer and configs shouldn’t be accessible at physical location and console cable…
a-config revxxxxx….
b-no serv pass rec
c-aaa …login consol
d-no pres butt for pass rec
Not sure about this one but should be something to do with console access being disabled like ‘no exec’ on line con 0 or line aux 0….
@IK what question were from premium? the one that securityboy-boy said?
@TK yes, exactly !!!
Please answer the above mentioned questions that IK posted:
1 – IaaS provider responsibility….(Choose two answer question)
a-VMs
b-VPC
c-PHY network (this seems to be the correct answer to me)
d-application
e-hypervisor (this seems to be the correct answer to me)
2-ASA provided by vendor to customer and configs shouldn’t be accessible at physical location and console cable…
a-config revxxxxx….
b-no serv pass rec
c-aaa …login consol (this seems to be the correct answer to me) because RADIUS with AD group will gave permistion to access device via CONSOLE
d-no pres butt for pass rec
Not sure about this one but should be something to do with console access being disabled like ‘no exec’ on line con 0 or line aux 0….
Just pass my SCOR exam today. This is still valid.
@RC Thanks :)
Just Passed the exam, just 4-5 new questions. but study the sections all will be good.
i remember one new drag and drop for tacacs configuration and what umbrella uses for dns filtering : DNS Security Essentials, DNS Security Advantage, SIG Essentials, SIG Advantage. Good luck to all and appreciate this site for all the help!!!
Seeing a couple of different answers for this..
An administrator enables Cisco Threat Intelligence Director on a Cisco FMC. Which process uses STIX and allows uploads and downloads of block lists?
A. editing
B. sharing
C. authoring
D. consumption
I would say B but 9tut stating D
Another with two different Answers
An engineer needs to add protection for data in transit and have headers in the email message Which configuration is needed to accomplish this goal?
A. Provision the email appliance
B. Deploy an encryption appliance.
C. Map sender !P addresses to a host interface.
D. Enable flagged message handling
9TUT states B, I believe it to be A…
@Maria and All, do we have any consolidated file or something like that , as i m planning to start and give exam asap.
Passed exam this morning and can confirm premium is valid. Had a few new questions but not a lot, cant remember them.
My study approach was as follows
Study SCOR 1-3 until you are hitting 80/90%
Study SCOR 4-6 until you are hitting 80/90%
Study Security Concepts > Security Products & Solutions until you are hitting 80/90%
Complete Drag and drops both in SCOR 1-6 and on the side as I had A DND from the old questions there.
The complete composite quizzes.
When I didnt know an answer in the composite quiz I googled it in another browser to find the answer and carried on with the quiz, after a while they stick.
Thanks 9TUT you guys are the best.
Also I did SCOR 1-6 and just completed the drag and drops for a whole day. Would be good if 9TUT could put all DNDs into a single section on a link on the side for future ease.
Passed today! Thank you Security Tut! I studied ALL section, score 77 to 79 percent on all composite quizzes. Maybe one or two new questions. Good Luck to all!
Anyone knows when do we get the score report?
They no longer give score report. If you log into the prometric site they give you a percentage of what you got for each area but not the final score
Just passed the exam today! Cisco Advanced Phishing Protection question with different choices. tacacs and aaa DND (easy). IP add and url should be blocked or allowed in cisco umbrella. Many questions from here.
Q: Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats. Which term describes this process?
A. deployment
B. consumption
C. authoring
D. sharing
Which one is the correct answer?
Which common threat can be prevented by implementing port security on switch ports?
A. VLAN hopping attacks
B. spoofing attacks
C. denial-of-service attacks
D. eavesdropping attacks
Which one is the correct answer? B or C?
how many questions in total as part of premium?
passed. most questions from here. thanks.
@anyone-help,.
denial-of-service
using sticky where it can hold only one mac address before err-disable or shut depending on switch. this helps to prevent mac flooding where valid mac addresses are pushed out of the table.
https://www.interserver.net/tips/kb/mac-flooding-prevent/
,
Can you please check & update about question 59?
Q59: Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)
A. posture assessment
B. aaa server radius dynamic-author
C. tacacs-server host 10.1.1250 key password
D. CoA
E. aaa authorization exec default local
B & D seems to be the right answer
Passed 2 days ago.
All is valid, 98% correct.
3 NEW questions, 5 D&D, 103 question total.
@fido & @SecurityTut: Please confirm below two questions:
Q: Cisco SensorBase gathers threat information from a variety of Cisco products and services and performs analytics to find patterns on threats. Which term describes this process?
A. deployment
B. consumption
C. authoring
D. sharing
Which one is the correct answer?
Q59: Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)
A. posture assessment
B. aaa server radius dynamic-author
C. tacacs-server host 10.1.1250 key password
D. CoA
E. aaa authorization exec default local
Which two are the correct answers?
Can you please check the question?
A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials. However printer and video cameras cannot based on the interface configuration provided. What must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?
A. Change the default policy in Cisco ISE to allow all devices not using machine authentication
B. Enable insecure protocols within Cisco ISE in the allowed protocols configuration
C. Configure authentication event fail retry 2 action authorize vlan 41 on the interface
D. Add mab to the interface configuration
Please verify if it is A or D?
Question: Refer to the exhibit.
interface GigabitEthernet1/0/18
switchport access vlan 41
switchport mode access
switchport voice vlan 44
device-tracking attach-policy IPDT_MAX_10
authentication periodic
authentication timer reauthenticate server
access-session host-mode multi-domain
access-session port-control auto
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 3
spanning-tree portfast
service-policy type control subscriber POLICY_Gi1/0/18
A Cisco ISE administrator adds a new switch to an 802.1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials. However printer and video cameras cannot based on the interface configuration provided. What must be to get these devices on to the network using Cisco ISE for authentication and authorization while maintaining security controls?
A. Change the default policy in Cisco ISE to allow all devices not using machine authenticationcorrect
B. Enable insecure protocols within Cisco ISE in the allowed protocols configuration
C. Configure authentication event fail retry 2 action authorize vlan 41 on the interface
D. Add mab to the interface configuration
A or D? Please verify.
@SecurityTut, Following question is most confusing to me, please verify.
Q59: Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)
A. posture assessment
B. aaa server radius dynamic-author
C. tacacs-server host 10.1.1250 key password
D. CoA
E. aaa authorization exec default local
Which two are the correct answers?
Hello SecurityTut,
Can you please correct the answer to number 13, please?
I see the answer you have selected is +10, but in your diagram, that would be allowed, not blocked. It should be -10. That being said, I think you’re looking in the wrong place.
Here is the Cisco configuration guide for FirePOWER URL Filtering — https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/url_filtering.html#id_74537
You can see in the section named, “Configuring URL Conditions”, the reputation options are:
1 – High Risk
3 – Benign sites with security risks.
Also, See this document — https://community.cisco.com/t5/security-knowledge-base/ftd-url-filtering-how-it-works/ta-p/3347292
The options are :
1 – High Risk
2 – Suspicious Websites
3 – Benign Sites with Security Risk
4 – Benign Sites
5 – Well Known
Based on the above information, the answer should be A, 1
OR PLEASE EXPLAIN
@securitytut @cftut , is there a way I can transfer my premium membership to this “www.securitytut.com” from “www.cftut.com” .
I failed the exam for SCNF , and now I cannot retake the same exam within 6days. And tomorrow it will expire. Thanks in advanced!
@jephtah2020: We are sorry but the Premium Membership cannot be transferred between two sites.
Hello SecurityTut,
Can you please correct the answer to number 13, please?
I see the answer you have selected is +10, but in your diagram, that would be allowed, not blocked. It should be -10. That being said, I think you’re looking in the wrong place.
Here is the Cisco configuration guide for FirePOWER URL Filtering — https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/url_filtering.html#id_74537
You can see in the section named, “Configuring URL Conditions”, the reputation options are:
1 – High Risk
3 – Benign sites with security risks.
Also, See this document — https://community.cisco.com/t5/security-knowledge-base/ftd-url-filtering-how-it-works/ta-p/3347292
The options are :
1 – High Risk
2 – Suspicious Websites
3 – Benign Sites with Security Risk
4 – Benign Sites
5 – Well Known
Based on the above information, the answer should be A, 1
OR PLEASE EXPLAIN OTHERWISE….
Thanks
Can you please check & update about question 59?
Q59: Which two configurations must be made on Cisco ISE and on Cisco TrustSec devices to force a session to be adjusted after a policy change is made? (Choose two)
A. posture assessment
B. aaa server radius dynamic-author
C. tacacs-server host 10.1.1250 key password
D. CoA
E. aaa authorization exec default local
B & D seems to be the right answer… OR PLEASE EXPLAIN OTHERWISE…
Premium is very valid. Thank you Securitytut!
4 d&d – all here. 1 new question about ASAv –
Good luck to all!
Hi All,
how many total questions on the premium website to study ?
@ Dom – I didn’t count them all, but I’d say 500+. My exam had 104q – 103 were from premium. All 4 of my d&d were from premium. They don’t give you score but they give percentages. I scored 90%+ in all categories. I did use the 350-701 cert guide as well, but there are many q’s on Cisco software that are unfamiliar to me , which is where this site really helped. Good luck!
Just came to know that current exam is changing on the 20th July 2023. Will there be great changes in the exam questions?
https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/scor-350-701.html
Appreciate anyone can reply.