350-701 | ExamData

Question#11

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?

A. Generate the RSA key using the crypto key generate rsa command.
B. Configure the port using the ip ssh port 22 command.
C. Enable the SSH server using the ip ssh server command.
D. Disable telnet using the no ip telnet command.

Discover Answer

A

Question#12

Refer to the exhibit. Which type of authentication is in use?

A. POP3 authentication
B. SMTP relay server authentication
C. external user and relay mail authentication
D. LDAP authentication for Microsoft Outlook

Discover Answer

D

Question#13

Refer to the exhibit. An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?

A. ip dhcp snooping limit 41
B. ip dhcp snooping verify mac-address
C. ip dhcp snooping trust
D. ip dhcp snooping vlan 41

Discover Answer

C

Question#14

Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?

A. Site-to-site VPN preshared keys are mismatched.
B. Site-to-site VPN peers are using different encryption algorithms.
C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.
D. The access control policy is not allowing VPN traffic in.

Discover Answer

D

Question#15

Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

A. interesting traffic was not applied
B. encryption algorithm mismatch
C. authentication key mismatch
D. hashing algorithm mismatch

Discover Answer

C

Question#16

Which policy represents a shared set of features or parameters that define the aspects of a managed device that are likely to be similar to other managed devices in a deployment?

A. group policy
B. access control policy
C. device management policy
D. platform settings policy

Discover Answer

D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/ platform_settings_policies_for_managed_devices.pdf

Question#17

The Cisco ASA must support TLS proxy for encrypted Cisco Unified Communications traffic.
Where must the ASA be added on the Cisco UC Manager platform?

A. Certificate Trust List
B. Endpoint Trust List
C. Enterprise Proxy Service
D. Secured Collaboration Proxy

Discover Answer

A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/special/unified-communications/guide/unified-comm/unified-comm-tlsproxy.html

Question#18

Which two application layer preprocessors are used by Firepower Next Generation Intrusion Prevention System? (Choose two.)

A. SIP
B. inline normalization
C. SSL
D. packet decoder
E. modbus

Discover Answer

AC
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Layer_Preprocessors.html

Question#19

Which feature is configured for managed devices in the device platform settings of the Firepower Management Center?

A. quality of service
B. time synchronization
C. network address translations
D. intrusion policy

Discover Answer

B

Question#20

Which information is required when adding a device to Firepower Management Center?

A. username and password
B. encryption method
C. device serial number
D. registration key

Discover Answer

D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Device_Management_Basics.html#ID-2242-
0000069d