ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 205 discussion

Actual exam question from Cisco's 350-701
Question #: 205
Topic #: 1
[All 350-701 Questions]

After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?

  • A. Modify web proxy settings.
  • B. Modify outbound malware scanning policies.
  • C. Modify identification profiles.
  • D. Modify an access policy.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by trickbot at May 12, 2021, 11:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
entitty
Highly Voted 4 years ago
A - Configuring Web Proxy Settings - https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_0100.html
upvoted 16 times
ureis
2 years, 6 months ago
Why Intercepting Web Requests if we can block specific URL in a ACP policy ? D is the anwser imo
upvoted 3 times
Demon_Queen_Velverosa
9 months ago
For future people who view this. Don’t let this user throw you off and you start to over think. Even though they have a valid point the answer is still Afor a few reasons. 1 the attack already happened meaning what ever protections they had failed. Thus it doesn’t matter if they block it or not as it won’t protect from over website threats hence you modify the web security appliance proxy settings to hopefully prevent such attacks from other URL. It’s being proactive. 2. The attack happened already, but now you block this one URL. So…. Your telling me your going to block every URL on the internet that attacks you or is bad with a ACL? Good luck trying to block the ocean as that not practical. Thus if you think blocking the URL is the way to go than you probably are not ready for a career in this field tbh.
upvoted 2 times
...
...
...
Iarn
Highly Voted 3 years, 1 month ago
Selected Answer: A
The Web Security appliance intercepts requests that are forwarded to it by clients or other devices over the network. The appliance works in conjunction with other network devices to intercept traffic. These may be ordinary switches, transparent redirection devices network taps,and other proxy servers or Web Security appliances.
upvoted 5 times
...
Basuso
Most Recent 7 months, 2 weeks ago
Selected Answer: D
For me, you modify the Access Policy, so D choice. This is how you would enable URL Filtering and perform any actual security control for the traffic. Web Proxy Settings are usually what kind of port it would use to listen for HTTP/S Proxying, Caching settings, Authentication Settings, etc.
upvoted 1 times
...
Happy_Shepherd26
7 months, 3 weeks ago
Selected Answer: D
On the WSA, to filter traffic based on Web Reputation you need to enable it on the Access Policies
upvoted 1 times
...
Demon_Queen_Velverosa
9 months ago
To clarify this gives you a hint it’s the was as it’s not talking about only blocking that url but phishing attacks in general. “ What must be done in order to prevent this from happening in the future?”
upvoted 1 times
Demon_Queen_Velverosa
9 months ago
I meant WSA as I am using my phone and stupid auto correct I am to lazy to turn off.
upvoted 1 times
...
...
Demon_Queen_Velverosa
9 months ago
Selected Answer: A
It’s A
upvoted 1 times
...
Premium_Pils
10 months, 1 week ago
Selected Answer: A
A - WSA. "Web reputation filtering protects client devices from visiting potentially harmful websites that contain malware or phishing links." + " URLs are checked against a list of known websites in the Cisco URL filtering database of more than 50 million blacklisted sites." https://study-ccnp.com/cisco-secure-web-appliance-cisco-wsa/ , https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_010000.html
upvoted 1 times
...
MPoels
1 year, 3 months ago
Selected Answer: D
Configure URL filters for Access Policy https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance-virtual/220557-configure-custom-url-categories-in-secur.html#toc-hId--1455911870
upvoted 3 times
Demon_Queen_Velverosa
9 months ago
Again don’t fall for this comment as the ACL is not the way to go in this day and age as we have better security measures than an ACL. Remember the web security appliance can help find fishing attempts hence an attack was successful as it managed to sneak by the WSA. That’s why an answer regarding modifying the web proxy config settings is the answer as the answer is the best solution to prevent future phishing attacks. This be a ok answer is the WSA was not mentioned as an answer.
upvoted 1 times
...
...
bobie
2 years, 1 month ago
Selected Answer: A
I chose A since the term "malicious website" corresponds to the topic WSA.
upvoted 1 times
...
Dorr20
2 years, 2 months ago
WSA uses access policies to decide what to allow and what to block. "Settings" usually reffer to the appliance settings not to a policy. I'll go with - D
upvoted 1 times
...
Emlia1
2 years, 6 months ago
A or D
upvoted 2 times
...
pohqinan
3 years, 3 months ago
Answer is D https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Access_Control_Rules__URL_Filtering.html
upvoted 2 times
...
rbrain
3 years, 5 months ago
Selected Answer: D
Could it be D, i go for D: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/url_filtering.html Tricky question.
upvoted 1 times
dr4gn00t
3 years, 4 months ago
Question is not focused on any specific product, therefore I think A is best answer in general, if you consider product can be WSA, Firepower, Umbrella or anything between..
upvoted 1 times
bob511
3 years, 3 months ago
except you would modify an access policy to do this on FTD
upvoted 1 times
...
...
...
Cock
3 years, 5 months ago
The answer is D
upvoted 1 times
...
testtaker13
3 years, 7 months ago
why not B?
upvoted 1 times
NullNull88
2 years, 9 months ago
B because the issue is with user requests to known malicious websites. Outbound malware scanning sounds more specific to the question.
upvoted 1 times
...
...
Fazy
3 years, 9 months ago
D is the correct answer
upvoted 4 times
...
jshow
3 years, 11 months ago
i believe its access policy....u can create an ips and attach it to the access policy to prevent
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel