ExamGecko
Search Search Login
Home Home / Cisco / 350-701
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
What is a characteristic of Firepower NGIPS inline deployment mode?
Which ASA deployment mode can provide separation of management on a shared appliance?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Question 280 - 350-701 discussion

Report
Export

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

A.

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

Answers
A.

Change the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

B.

Make the priority for the new policy 5 and the primary policy 1

Answers
B.

Make the priority for the new policy 5 and the primary policy 1

C.

Change the encryption to AES* to support all AES algorithms in the primary policy

Answers
C.

Change the encryption to AES* to support all AES algorithms in the primary policy

D.

Make the priority for the primary policy 10 and the new policy 1

Answers
D.

Make the priority for the primary policy 10 and the new policy 1

Suggested answer: B

Explanation:

All IKE policies on the device are sent to the remote peer regardless of what is in the selected policy section.

The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first.

Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ikeprotocols/215470- site-to-site-vpn-configuration-on-ftd-ma.html

Show Answer
asked 10/10/2024
Ryan Campbell
24 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms