350-701 Network Security • Complete Question Bank
Complete 350-701 Network Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ip access-list extended BLOCK_TRAFFIC deny ip host 10.1.1.100 192.168.0.0 0.0.255.255 permit ip any any ! interface GigabitEthernet0/0 ip access-group BLOCK_TRAFFIC in
A multinational company has deployed a Cisco Firepower 4100 series device as the perimeter firewall. The network consists of multiple internal segments: a corporate LAN (192.168.1.0/24), a data center (10.10.0.0/16), and a guest wireless network (172.16.0.0/16). The firewall is configured with the following access control policy rules:
1. Allow from any to any (for testing, but currently enabled) 2. Allow from corporate LAN to data center (destination ports TCP/443, TCP/8443) 3. Block from guest wireless to data center 4. Allow from any to internet (destination any)
Recently, the security team discovered that a host in the guest network (172.16.5.50) is communicating with a server in the data center (10.10.10.100) on TCP port 443. The security team wants to immediately block this traffic without affecting other legitimate communications. Which action should be taken first?
Refer to the exhibit. interface GigabitEthernet1/0/1 switchport access vlan 10 switchport mode access authentication host-mode multi-auth authentication port-control auto dot1x pae authenticator dot1x timeout tx-period 3 spanning-tree portfast interface GigabitEthernet1/0/2 switchport access vlan 20 switchport mode access authentication host-mode single-host authentication port-control auto dot1x pae authenticator dot1x timeout tx-period 30 spanning-tree portfast
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Modular Policy Framework for traffic inspection
High availability with active/standby or active/active
Graphical management interface
Command-line interface for configuration
VPN client for remote access
Drag a concept onto its matching description — or click a concept then click the description.
Symmetric block cipher
Asymmetric public-key algorithm
Hash function
Symmetric block cipher (legacy)
Key exchange algorithm
configure terminal access-list OUTSIDE extended permit tcp any host 203.0.113.10 eq www access-list OUTSIDE extended permit udp any host 203.0.113.10 eq domain nat (inside,outside) source dynamic any interface
interface GigabitEthernet0/0 ip address 10.1.1.1 255.255.255.0 ip access-group INBOUND in ! ip access-list extended INBOUND deny ip 10.0.0.0 0.255.255.255 any permit ip any any ! interface Serial0/0/0 ip address 172.16.1.1 255.255.255.252 ! router eigrp 100 network 10.1.1.0 0.0.0.255 network 172.16.1.0 0.0.0.3
%ASA-4-106023: Deny tcp src outside:203.0.113.50/443 dst DMZ:10.10.10.10/80 by access-group "OUTSIDE"
interface GigabitEthernet0/0 nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0 ! interface GigabitEthernet0/1 nameif outside security-level 0 ip address 192.168.1.1 255.255.255.0 ! access-list INSIDE_NAT extended permit ip 10.0.0.0 0.0.0.255 192.168.3.0 0.0.0.255 nat (inside,outside) source dynamic 10.0.0.0 255.255.255.0 interface