Question 1mediummultiple choice
Read the full Cloud Security explanation →350-701 Cloud Security • Complete Question Bank
Complete 350-701 Cloud Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. Cisco Cloudlock Policy: Policy Name: Block High-Risk Apps Application: Any Action: Block Risk Level: High User: All Users Cloudlock Activity Log: User: [email protected] Application: Dropbox Action: Blocked Reason: Risk Level (High)
Refer to the exhibit.
AWS CloudTrail Log:
{
"eventVersion": "1.08",
"userIdentity": {
"arn": "arn:aws:iam::123456789012:user/Admin",
"accountId": "123456789012"
},
"eventTime": "2025-03-28T14:35:00Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "AuthorizeSecurityGroupIngress",
"requestParameters": {
"groupId": "sg-0abcd1234",
"ipPermissions": {
"ipProtocol": "tcp",
"fromPort": 3389,
"toPort": 3389,
"ipRanges": [{"cidrIp": "0.0.0.0/0"}]
}
}
}Refer to the exhibit.
Cisco CloudLock configuration snippet:
dlp-policy EXAMPLE_POLICY
match condition:
file-extension .csv
content-regex "\d{3}-\d{2}-\d{4}"
action:
notify admin
block downloadDrag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Client requesting network access
Network device that enforces access control
RADIUS server that validates credentials
Extensible Authentication Protocol framework
Protocol used for AAA services
Refer to the exhibit. ``` interface GigabitEthernet0/0 nameif inside security-level 100 ip address 10.1.1.1 255.255.255.0 ! interface GigabitEthernet0/1 nameif outside security-level 0 ip address 198.51.100.1 255.255.255.0 ! access-list OUTSIDE extended permit tcp any host 198.51.100.100 eq https ! access-group OUTSIDE in interface outside ! route outside 0.0.0.0 0.0.0.0 198.51.100.2 ```
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}
```Refer to the exhibit. ciscoftd(config)# show running-config | section nat nat (inside,outside) source static 10.0.1.0 10.0.1.0 destination static 192.168.1.0 192.168.1.0 no-proxy-arp route-lookup
Refer to the exhibit.
{
"policyName": "DLP-Confidential",
"rules": [
{
"condition": {
"content": {
"contains": "secret"
}
},
"action": "block"
}
]
}Refer to the exhibit. cisco-umbrella-cli> show summary Total DNS queries: 1500 Total blocked: 25 Total allowed: 1475
ip access-list extended CLOUD-FILTER deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any permit ip any any
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.0.2.0/24"
}
}
}
]
}{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*",
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "us-east-1"
}
}
}crypto ikev2 proposal azure-proposal encryption aes-cbc-256 integrity sha256 group 14 ! crypto ikev2 policy azure-policy match fvrf any proposal azure-proposal ! crypto ipsec transform-set azure-transform esp-aes 256 esp-sha256-hmac mode tunnel ! crypto map AZURE-MAP 10 ipsec-isakmp set peer 20.10.0.1 set transform-set azure-transform match address azure-traffic ! interface Tunnel200 ip address 10.10.10.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel destination 20.10.0.1 tunnel mode ipsec ipv4 crypto map AZURE-MAP ! ip access-list extended azure-traffic permit ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255