Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

350-701Free trialFree trial

By cisco
Aug, 2025

Verified

25Q per page

Question 26

When configuring ISAKMP for IKEv1 Phase 1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0.
The administrator is not sure what the IP address in this command is used for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

  • A: The key server that is managing the keys for the connection will be at 1.2.3.4.
  • B: The address that will be used as the crypto validation authority.
  • C: All IP addresses other than 1.2.3.4 will be allowed.
  • D: The remote connection will only be allowed from 1.2.3.4.

Question 27

A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?

  • A: define the encryption algorithm to be used by SNMPv3
  • B: set the password to be used for SNMPv3 authentication
  • C: map SNMPv3 users to SNMP views
  • D: specify the UDP port used by SNMP

Question 28

DRAG DROP -
Drag and drop the NetFlow export formats from the left onto the descriptions on the right.
Select and Place:

Image 1

Question 29

Image 1

Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?

  • A: Method
  • B: SAML Server
  • C: AAA Server Group
  • D: Group Policy

Question 30

An administrator is trying to determine which applications are being used in the network but does not want the network devices to send metadata to Cisco
Firepower. Which feature should be used to accomplish this?

  • A: Network Discovery
  • B: Access Control
  • C: Packet Tracer
  • D: NetFlow

Question 31

An engineer is implementing NTP authentication within their network and has configured both the client and server devices with the command ntp authentication-key 1 md5 Cisc392481137. The server at 1.1.1.1 is attempting to authenticate to the client at 1.1.1.2, however is unable to do so. Which command is required to enable the client to accept the server's authentication key?

  • A: ntp server 1.1.1.2 key 1
  • B: ntp peer 1.1.1.2 key 1
  • C: ntp server 1.1.1.1 key 1
  • D: ntp peer 1.1.1.1 key 1

Question 32

Due to a traffic storm on the network, two interfaces were error-disabled, and both interfaces sent SNMP traps. Which two actions must be taken to ensure that interfaces are put back into service? (Choose two.)

  • A: Enable the snmp-server enable traps command and wait 300 seconds.
  • B: Use EEM to have the ports return to service automatically in less than 300 seconds
  • C: Ensure that interfaces are configured with the error-disable detection and recovery feature.
  • D: Have Cisco Prime Infrastructure issue an SNMP set command to re-enable the ports after the preconfigured interval.
  • E: Enter the shutdown and no shutdown commands on the interfaces.

Question 33

Image 1

Refer to the exhibit. An administrator is adding a new Cisco FTD device to their network and wants to manage it with Cisco FMC. The Cisco FTD uses a registration key of Cisc392481137 and is not behind a NAT device. Which command is needed to enable this on the Cisco FTD?

  • A: configure manager add <FMC IP address> <registration key> 16
  • B: configure manager add DONTRESOLVE <registration key> FTD123
  • C: configure manager add <FMC IP address> <registration key>
  • D: configure manager add DONTRESOLVE <registration key>

Question 34

A network administrator needs to find out what assets currently exist on the network. Third-party systems need to be able to feed host data into Cisco Firepower.
What must be configured to accomplish this?

  • A: a Network Analysis policy to receive NetFlow data from the host
  • B: a File Analysis policy to send file data into Cisco Firepower
  • C: a Network Discovery policy to receive data from the host
  • D: a Threat Intelligence policy to download the data from the host

Question 35

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

  • A: Check integer, float, or Boolean string parameters to ensure accurate values.
  • B: Use prepared statements and parameterized queries.
  • C: Secure the connection between the web and the app tier.
  • D: Write SQL code instead of using object-relational mapping libraries.
  • E: Block SQL code execution in the web application database login.

Question 36

Which suspicious pattern enables the Cisco Tetration platform to learn the normal behavior of users?

  • A: file access from a different user
  • B: user login suspicious behavior
  • C: privilege escalation
  • D: interesting file access

Question 37

Which attribute has the ability to change during the RADIUS CoA?

  • A: authorization
  • B: NTP
  • C: accessibility
  • D: membership

Question 38

An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue?

  • A: Configure a service template within the switch to standardize the port configurations so that the correct information is sent to Cisco ISE.
  • B: Configure the ip dhcp snooping trust command on the DHCP interfaces to get the information to Cisco ISE.
  • C: Configure the authentication port-control auto feature within Cisco ISE to identify the devices that are trying to connect.
  • D: Configure the device sensor feature within the switch to send the appropriate protocol information.

Question 39

An organization deploys multiple Cisco FTD appliances and wants to manage them using one centralized solution. The organization does not have a local VM but does have existing Cisco ASA that must migrate over to Cisco FTDs. Which solution meets the needs of the organization?

  • A: Cisco FMC
  • B: CDO
  • C: CSM
  • D: Cisco FDM

Question 40

What is a benefit of using telemetry over SNMP to configure new routers for monitoring purposes?

  • A: Telemetry uses push and pull, which makes it more secure than SNMP.
  • B: Telemetry uses push and pull, which makes it more scalable than SNMP.
  • C: Telemetry uses a push method, which makes it faster than SNMP.
  • D: Telemetry uses a pull method, which makes it more reliable than SNMP.

Question 41

Image 1

Refer to the exhibit. A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced. What is the cause of this issue?

  • A: The hashing algorithm that was used was MD5, which is unsupported.
  • B: The key was configured in plain text.
  • C: NTP authentication is not enabled.
  • D: The router was not rebooted after the NTP configuration updated.

Question 42

An engineer has been tasked with configuring a Cisco FTD to analyze protocol fields and detect anomalies in the traffic from industrial systems. What must be done to meet these requirements?

  • A: Enable traffic analysis in the Cisco FTD.
  • B: Implement pre-filter policies for the CIP preprocessor.
  • C: Configure intrusion rules for the DNP3 preprocessor.
  • D: Modify the access control policy to trust the industrial traffic.

Question 43

An organization uses Cisco FMC to centrally manage multiple Cisco FTD devices. The default management port conflicts with other communications on the network and must be changed. What must be done to ensure that all devices can communicate together?

  • A: Change the management port on Cisco FMC so that it pushes the change to all managed Cisco FTD devices.
  • B: Set the sftunnel port to 8305.
  • C: Manually change the management port on Cisco FMC and all managed Cisco FTD devices.
  • D: Set the sftunnel to go through the Cisco FTD.

Question 44

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

  • A: crypto isakmp identity address 172.19.20.24
  • B: crypto ca identity 172.19.20.24
  • C: crypto enrollment peer address 172.19.20.24
  • D: crypto isakmp key Cisco0123456789 172.19.20.24

Question 45

A Cisco FTD engineer is creating a newIKEv2 policy called s2s00123456789 for their organization to allow additional protocols to terminate network devices with.
They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

  • A: Change the encryption to AES* to support all AES algorithms in the primary policy.
  • B: Make the priority for the primary policy 10 and the new policy 1.
  • C: Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy.
  • D: Make the priority for the new policy 5 and the primary policy 1.

Question 46

Which two kinds of attacks are prevented by multifactor authentication? (Choose two.)

  • A: phishing
  • B: brute force
  • C: man-in-the-middle
  • D: DDOS
  • E: tear drop

Question 47

What is a functional difference between a Cisco ASA and Cisco IOS router with Zone-Based Policy Firewall?

  • A: The Cisco ASA can be configured for high availability, whereas the Cisco IOS router with Zone-Based Policy Firewall cannot.
  • B: The Cisco IOS router with Zone-Based Policy Firewall can be configured for high availability, whereas the Cisco ASA cannot.
  • C: The Cisco ASA denies all traffic by default, whereas the Cisco IOS router with Zone-Based Policy Firewall starts out by allowing all traffic, even on untrusted interfaces.
  • D: The Cisco IOS router with Zone-Based Policy Firewall denies all traffic by default, whereas Cisco ASA starts out by allowing traffic until rules are added.

Question 48

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealthwatch406143794 command. Which additional command is required to complete the flow record?

  • A: cache timeout active 60
  • B: destination 1.1.1.1
  • C: match ipv4 ttl
  • D: transport udp 2055

Question 49

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

  • A: Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.
  • B: Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE.
  • C: Modify the current policy with the condition MFA: SourceSequence:DUO=true in the authorization conditions within Cisco ISE.
  • D: Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.

Question 50

What is the function of the crypto isakmp key cisc406143794 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?

  • A: It prevents all IP addresses from connecting to the VPN server.
  • B: It configures the pre-shared authentication key.
  • C: It configures the local address for the VPN server.
  • D: It defines what data is going to be encrypted via the VPN.
Page 2 of 27 • Questions 26-50 of 651
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!