350-701 Free Practice Test

- (Exam Topic 2)
When configuring ISAKMP for IKEv1 Phase1 on a Cisco IOS router, an administrator needs to input the command crypto isakmp key cisco address 0.0.0.0. The administrator is not sure what the IP addressing in this command issued for. What would be the effect of changing the IP address from 0.0.0.0 to 1.2.3.4?

1. A. The key server that is managing the keys for the connection will be at 1.2.3.4
2. B. The remote connection will only be allowed from 1.2.3.4
3. C. The address that will be used as the crypto validation authority
4. D. All IP addresses other than 1.2.3.4 will be allowed

Correct Answer: B
The command crypto isakmp key cisco address 1.2.3.4 authenticates the IP address of the 1.2.3.4 peer by using the key cisco. The address of “0.0.0.0” will authenticate any address with this key

- (Exam Topic 2)
What is a feature of Cisco NetFlow Secure Event Logging for Cisco ASAs?

1. A. Multiple NetFlow collectors are supported
2. B. Advanced NetFlow v9 templates and legacy v5 formatting are supported
3. C. Secure NetFlow connections are optimized for Cisco Prime Infrastructure
4. D. Flow-create events are delayed

Correct Answer: B
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/ monitor-nsel.pdf

- (Exam Topic 3)
Which Cisco ISE service checks the compliance of endpoints before allowing the endpoints to connect to
the network?

1. A. posture
2. B. profiler
3. C. Cisco TrustSec
4. D. Threat Centric NAC

Correct Answer: A

- (Exam Topic 3)
An engineer is configuring IPsec VPN and needs an authentication protocol that is reliable and supports ACK and sequence. Which protocol accomplishes this goal?

1. A. AES-192
2. B. IKEv1
3. C. AES-256
4. D. ESP

Correct Answer: D

- (Exam Topic 1)
Which ASA deployment mode can provide separation of management on a shared appliance?

1. A. DMZ multiple zone mode
2. B. transparent firewall mode
3. C. multiple context mode
4. D. routed mode

Correct Answer: C