Free Cisco 300-740 Practice Questions 2026 | Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT)

What does the MITRE ATT&CK framework catalog?

A. Techniques utilized in cyber attacks

B. Patterns of system vulnerabilities

C. Models of threat intelligence sharing

D. Standards for information security management

Which common strategy should be used to mitigate directory traversal attacks in a cloud environment?

A. Use anti-cross-site request forgery tokens.

B. Apply the principle of least privilege.

C. Implement functionality validation

D. Limit file system permissions.

An engineer is configuring multifactor authentication using Duo. The implementation must use Duo Authentication Proxy and the Active Directory as an identity source. The company uses Azure and a local Active Directory. Which configuration is needed to meet the requirement?

A. Configure the Identity Source as "SAML" on the Single Sign-On tab in the Duo Admin Panel, and configure the forwarding proxy as "local" for the Identity Source.

B. Configure the Identity Source as "SAML" on the Single Sign-On tab, and configure the authentication proxy with the "[cloud]" section.

C. Configure the Identity Source as "Active Directory" on the Single Sign-On tab in the Duo Admin Panel, and configure the permit list to "Local database".

D. Configure the Identity Source as "Active Directory" on the Single Sign-On tab, and configure the authentication proxy with the "[sso]" section.

Refer to the exhibit. An engineer is investigating the critical alert received in Cisco Secure Network Analytics. The engineer confirms that the incident is valid. Which two actions must be taken? (Choose two.)

A. Inform the incident management team.

B. Block IP address 66.77.197.165

C. Uninstall the Conduit software.

D. Shut down the host.

E. Quarantine the host

Refer to the exhibit. An engineer must integrate Cisco Cloudlock with Salesforce in an organization. Despite the engineer's successful execution of the Salesforce integration with Cloudlock, the administrator still lacks the necessary visibility. What should be done to meet the requirement?

A. From Salesforce, configure the service parameters.

B. From Salesforce, enable the View All Data permission.

C. From Cloudlock, configure the service parameters.

D. From Cloudlock, enable the View All Data permission.

What is associated with implementing Cisco zero-trust architecture?

A. It verifies trust before granting access to resources.

B. It focuses on perimeter-based security.

C. It assumes that all network traffic is trustworthy.

D. It provides the same security as the VPN technology.

A recent InfraGard news release indicates the need to establish a risk ranking for all onpremises and cloud services. The ACME Corporation already performs risk assessments for on-premises services and has applied a risk ranking to them. However, the cloud services that were used lack risk rankings. What Cisco Umbrella function should be used to meet the requirement?

A. Secure Internet Gateway

B. Domain Name Server Filtering

C. URL Categorization by Talos

D. App Discovery

Refer to the exhibit. An engineer is analyzing a Cisco Secure Firewall Management Center report. Which activity does the output verify?

A. An HTTP response from IP address 10.1.104.101 was blocked.

B. An HTTP request to IP address 10.1.113.7 was blocked.

C. A DNS request to IP address 172.17.1.2 was blocked.

D. A DNS response from IP address 10.1.108.100 was blocked.

Refer to the exhibit. An engineer is investigating an unauthorized connection issue using Cisco Secure Cloud Analytics. Which two actions must be taken? (Choose two.)

A. Reinstall the host from a recent backup.

B. Inform the incident management team.

C. Validate the IDS logs

D. Block the unwanted IP addresses on the firewall

E. Reinstall the host from scratch.

Refer to the exhibit. An engineer is investigating an issue by using Cisco Secure Cloud Analytics. The engineer confirms that the connections are unauthorized and informs the incident management team. Which two actions must be taken next? (Choose two.)

A. Reinstall the host from a recent backup.

B. Quarantine the host

C. Reinstall the host from scratch.

D. Create a firewall rule that has a source of linux-gcp-east-4c, a destination of Any, and a protocol of SSH.

E. Create a firewall rule that has a source of Any, a destination of linux-gcp-east-4c, and a protocol of SSH.