Cisco 350-701 Practice Test - Questions Answers, Page 34
Question list
List of questions
Related questions
Refer to the exhibit.
What will occur when this device tries to connect to the port?
802.1X will not work, but MAB will start and allow the device on the network.
802.1X will not work and the device will not be allowed network access
802 1X will work and the device will be allowed on the network
802 1X and MAB will both be used and ISE can use policy to determine the access level
A network engineer must configure a Cisco ESA to prompt users to enter two forms of information before gaining access The Cisco ESA must also join a cluster machine using preshared keys What must be configured to meet these requirements?
Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA CLI.
Enable two-factor authentication through a RADIUS server and then join the cluster by using the Cisco ESA GUI
Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA GUI.
Enable two-factor authentication through a TACACS+ server and then join the cluster by using the Cisco ESA CLI
Which portion of the network do EPP solutions solely focus on and EDR solutions do not?
server farm
perimeter
core
East-West gateways
Refer to the exhibit.
An engineer is implementing a certificate based VPN. What is the result of the existing configuration?
The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.
Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully
The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER
The OU of the IKEv2 peer certificate is set to MANGLER
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?
Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not
Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.
URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA
Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA
What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?
trusted automated exchange
Indicators of Compromise
The Exploit Database
threat intelligence
An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services They want to use this information for behavior analytics and statistics Which two actions must be taken to implement this requirement? (Choose two.)
Configure Cisco ACI to ingest AWS information.
Configure Cisco Thousand Eyes to ingest AWS information.
Send syslog from AWS to Cisco Stealthwatch Cloud.
Send VPC Flow Logs to Cisco Stealthwatch Cloud.
Configure Cisco Stealthwatch Cloud to ingest AWS information
What is the function of the crypto is a kmp key cisc406397954 address 0.0.0.0 0.0.0.0 command when establishing an IPsec VPN tunnel?
It defines what data is going to be encrypted via the VPN
lt configures the pre-shared authentication key
It prevents all IP addresses from connecting to the VPN server.
It configures the local address for the VPN server.
An organization wants to improve its cybersecurity processes and to add intelligence to its data The organization wants to utilize the most current intelligence data for URL filtering, reputations, and vulnerability information that can be integrated with the Cisco FTD and Cisco WSA What must be done to accomplish these objectives?
Create a Cisco pxGrid connection to NIST to import this information into the security products for policy use
Create an automated download of the Internet Storm Center intelligence feed into the Cisco FTD and Cisco WSA databases to tie to the dynamic access control policies.
Download the threat intelligence feed from the IETF and import it into the Cisco FTD and Cisco WSA databases
Configure the integrations with Talos Intelligence to take advantage of the threat intelligence that it provides.
Refer to the exhibit.
ntp authentication-key 10 md.5 ciscol23 ntp trusted-key 10
A network engineer is testing NTP authentication and realizes that any device synchronizes time with this router and that NTP authentication is not enforced What is the cause of this issue?
The key was configured in plain text.
NTP authentication is not enabled.
The hashing algorithm that was used was MD5. which is unsupported.
The router was not rebooted after the NTP configuration updated.
Question