CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 28)

Page 28 of 153
PDF with 703 Questions

Refer to the exhibit.



What does the number 15 represent in this configuration?

  1. privilege level for an authorized user to this router
  2. access list that identifies the SNMP devices that can access the router
  3. interval in seconds between SNMPv3 authentication attempts
  4. number of possible failed attempts until the SNMPv3 user is locked out

Answer(s): B

Explanation:

The syntax of this command is shown below:
snmp-server group [group-name {v1 | v2c | v3 [auth | noauth | priv]}] [read read-view] [write write- view] [notify notify-view] [access access-list]
The command above restricts which IP source addresses are allowed to access SNMP functions on the router. You could restrict SNMP access by simply applying an interface ACL to block incoming SNMP packets that don't come from trusted servers. However, this would not be as effective as using the global SNMP commands shown in this recipe. Because you can apply this method once for the whole router, it is much simpler than applying ACLs to block SNMP on all interfaces separately. Also, using interface ACLs would block not only SNMP packets intended for this router, but also may stop SNMP packets that just happened to be passing through on their way to some other destination device.



Under which two circumstances is a CoA issued? (Choose two)

  1. A new authentication rule was added to the policy on the Policy Service node.
  2. An endpoint is deleted on the Identity Service Engine server.
  3. A new Identity Source Sequence is created and referenced in the authentication policy.
  4. An endpoint is profiled for the first time.
  5. A new Identity Service Engine server is added to the deployment with the Administration persona

Answer(s): B,D

Explanation:

The profiling service issues the change of authorization in the following cases:
­ Endpoint deleted--When an endpoint is deleted from the Endpoints page and the endpoint is disconnected or removed from the network.
An exception action is configured--If you have an exception action configured per profile that leads to an unusual or an unacceptable event from that endpoint. The profiling service moves the endpoint to the corresponding static profile by issuing a CoA.
­ An endpoint is profiled for the first time--When an endpoint is not statically assigned and profiled for the first time; for example, the profile changes from an unknown to a known profile. + An endpoint identity group has changed--When an endpoint is added or removed from an endpoint identity group that is used by an authorization policy. The profiling service issues a CoA when there is any change in an endpoint identity group, and the endpoint identity group is used in the authorization policy for the following:
++ The endpoint identity group changes for endpoints when they are dynamically profiled ++ The endpoint identity group changes when the static assignment flag is set to true for a dynamic endpoint ­ An endpoint profiling policy has changed and the policy is used in an authorization policy--When an endpoint profiling policy changes, and the policy is included in a logical profile that is used in an authorization policy. The endpoint profiling policy may change due to the profiling policy match or when an endpoint is statically assigned to an endpoint profiling policy, which is associated to a logical profile. In both the cases, the profiling service issues a CoA, only when the endpoint profiling policy is used in an authorization policy.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/ise/2- 1/admin_guide/b_ise_admin_guide_21/
b_ise_admin_guide_20_chapter_010100.html



Refer to the exhibit.



A network administrator configures command authorization for the admin5 user.
What is the admin5

user able to do on HQ_Router after this configuration?

  1. set the IP address of an interface
  2. complete no configurations
  3. complete all configurations
  4. add subinterfaces

Answer(s): B

Explanation:

The user "admin5" was configured with privilege level 5. In order to allow configuration (enter global configuration mode), we must type this command:
(config)#privilege exec level 5 configure terminal
Without this command, this user cannot do any configuration.
Note: Cisco IOS supports privilege levels from 0 to 15, but the privilege levels which are used by default are privilege level 1 (user EXEC) and level privilege 15 (privilege EXEC)



A network engineer has entered the snmp-server user andy myv3 auth sha cisco priv aes 256 cisc0380739941 command and needs to send SNMP information to a host at 10.255.254.1.
Which command achieves this goal?

  1. snmp-server host inside 10.255.254.1 version 3 andy
  2. snmp-server host inside 10.255.254.1 version 3 myv3
  3. snmp-server host inside 10.255.254.1 snmpv3 andy
  4. snmp-server host inside 10.255.254.1 snmpv3 myv3

Answer(s): A

Explanation:

The command "snmp-server user user-name group-name [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access access-list]" adds a new user (in this case "andy") to an SNMPv3 group (in this case group name "myv3") and configures a password for the user.
In the "snmp-server host" command, we need to:
+ Specify the SNMP version with key word "version {1 | 2 | 3}" + Specify the username ("andy"), not group name ("myv3").
Note: In "snmp-server host inside ..." command, "inside" is the interface name of the ASA interface through which the NMS (located at 10.255.254.1) can be reached.



Page 28 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote