CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 67)

Page 67 of 153
PDF with 703 Questions

What is the benefit of installing Cisco AMP for Endpoints on a network?

  1. It provides operating system patches on the endpoints for security.
  2. It provides flow-based visibility for the endpoints network connections.
  3. It enables behavioral analysis to be used for the endpoints.
  4. It protects endpoint systems through application control and real-time scanning

Answer(s): D



An administrator is configuring a DHCP server to better secure their environment. They need to be able to ratelimit the traffic and ensure that legitimate requests are not dropped. How would this be accomplished?

  1. Set a trusted interface for the DHCP server
  2. Set the DHCP snooping bit to 1
  3. Add entries in the DHCP snooping database
  4. Enable ARP inspection for the required VLAN

Answer(s): A

Explanation:

To understand DHCP snooping we need to learn about DHCP spoofing attack first.

DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle". The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.



Refer to the exhibit.



What will happen when the Python script is executed?

  1. The hostname will be translated to an IP address and printed.
  2. The hostname will be printed for the client in the client ID field.
  3. The script will pull all computer hostnames and print them.
  4. The script will translate the IP address to FODN and print it

Answer(s): C



Refer to the exhibit.



When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates.
Which configuration item must be modified to allow this?

  1. Group Policy
  2. Method
  3. SAML Server
  4. DHCP Servers

Answer(s): B

Explanation:

In order to use AAA along with an external token authentication mechanism, set the "Method" as "Both" in the Authentication.



Page 67 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote