CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 42)

Page 42 of 153
PDF with 703 Questions

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used.
However, the connection is failing.
Which action should be taken to accomplish this goal?

  1. Disable telnet using the no ip telnet command.
  2. Enable the SSH server using the ip ssh server command.
  3. Configure the port using the ip ssh port 22 command.
  4. Generate the RSA key using the crypto key generate rsa command.

Answer(s): D

Explanation:

In this question, the engineer was trying to secure the connection so maybe he was trying to allow SSH to the device. But maybe something went wrong so the connection was failing (the connection used to be good). So maybe he was missing the "crypto key generate rsa" command.



A network administrator is using the Cisco ESA with AMP to upload files to the cloud for analysis. The network is congested and is affecting communication. How will the Cisco ESA handle any files which need analysis?

  1. AMP calculates the SHA-256 fingerprint, caches it, and periodically attempts the upload.
  2. The file is queued for upload when connectivity is restored.
  3. The file upload is abandoned.
  4. The ESA immediately makes another attempt to upload the file.

Answer(s): C

Explanation:

The appliance will try once to upload the file; if upload is not successful, for example because of connectivity problems, the file may not be uploaded. If the failure was because the file analysis server was overloaded, the upload will be attempted once more.


Reference:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796- technoteesa-00.html
In this question, it stated "the network is congested" (not the file analysis server was overloaded) so the appliance will not try to upload the file again.



Which type of algorithm provides the highest level of protection against brute-force attacks?

  1. PFS
  2. HMAC
  3. MD5
  4. SHA

Answer(s): D



What must be configured in Cisco ISE to enforce reauthentication of an endpoint session when an endpoint is deleted from an identity group?

  1. posture assessment
  2. CoA
  3. external identity source
  4. SNMP probe

Answer(s): B

Explanation:

Cisco ISE allows a global configuration to issue a Change of Authorization (CoA) in the Profiler Configuration page that enables the profiling service with more control over endpoints that are already authenticated.
One of the settings to configure the CoA type is "Reauth". This option is used to enforce reauthentication of an already authenticated endpoint when it is profiled.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/
b_ise_admin_guide_sample_chapter_010101.html



Page 42 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote