ExamGecko
Search Search Login
Home Home / Cisco / 350-701
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which compliance status is shown when a configured posture policy requirement is not met?
An engineer is configuring device-hardening on a router in order to prevent credentials from being seen if the router configuration was compromised. Which command should be used?
Which two features are used to configure Cisco ESA with a multilayer approach to fight viruses and malware? (Choose two)
Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two)
Which Cisco platform onboards the endpoint and can issue a CA signed certificate while also automatically configuring endpoint network settings to use the signed endpoint certificate, allowing the endpoint to gain network access?
An engineer wants to generate NetFlow records on traffic traversing the Cisco ASA. Which Cisco ASA command must be used?
DRAG DROP Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right.
What is a characteristic of Firepower NGIPS inline deployment mode?
Which ASA deployment mode can provide separation of management on a shared appliance?
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

Question 286 - 350-701 discussion

Report
Export

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of 172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

A.

crypto ca identity 172.19.20.24

Answers
A.

crypto ca identity 172.19.20.24

B.

crypto isakmp key Cisco0123456789 172.19.20.24

Answers
B.

crypto isakmp key Cisco0123456789 172.19.20.24

C.

crypto enrollment peer address 172.19.20.24

Answers
C.

crypto enrollment peer address 172.19.20.24

D.

crypto isakmp identity address 172.19.20.24

Answers
D.

crypto isakmp identity address 172.19.20.24

Suggested answer: B

Explanation:

The command "crypto isakmp identity address 172.19.20.24" is not valid. We can only use "crypto isakmp identity {address | hostname}. The following example uses preshared keys at two peers and sets both their ISAKMP identities to the IP address.

At the local peer (at 10.0.0.1) the ISAKMP identity is set and the preshared key is specified: crypto isakmp identity address crypto isakmp key sharedkeystring address 192.168.1.33 At the remote peer (at 192.168.1.33) the ISAKMP identity is set and the same preshared key is specified: crypto isakmp identity address crypto isakmp key sharedkeystring address 10.0.0.1

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/seccrc4.html#wp3880782430The command "crypto enrollment peer address" is not valid either.

The command "crypto ca identity …" is only used to declare a trusted CA for the router and puts you in the caidentity configuration mode. Also it should be followed by a name, not an IP address. For example: "crypto ca identity CA-Server"

-> Answer A is not correct.

Only answer B is the best choice left.

Show Answer
asked 10/10/2024
Valerio Lorenzani
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms