CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 26)

Page 26 of 153
PDF with 703 Questions

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time.
What two catalyst switch security features will prevent further violations? (Choose two)

  1. DHCP Snooping
  2. 802.1AE MacSec
  3. Port security
  4. IP Device track
  5. Dynamic ARP inspection
  6. Private VLANs

Answer(s): A,E



Which command enables 802.1X globally on a Cisco switch?

  1. dot1x system-auth-control
  2. dot1x pae authenticator
  3. authentication port-control aut
  4. aaa new-model

Answer(s): A



Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?

  1. 1
  2. 2
  3. 6
  4. 31

Answer(s): C

Explanation:

Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential.
Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access- Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server.


Reference:

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networkingservices/config_guide_c17-663759.html



A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface.
What is causing this problem?

  1. DHCP snooping has not been enabled on all VLANs.
  2. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
  3. Dynamic ARP Inspection has not been enabled on all VLANs
  4. The no ip arp inspection trust command is applied on all user host interfaces

Answer(s): D

Explanation:

Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.



Page 26 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote