350-701 Free Practice Test

- (Exam Topic 1)
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

1. A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
2. B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
3. C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
4. D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Correct Answer: C
Configure a Crypto ISAKMP Key
In order to configure a preshared
configuration mode:
authentication key, enter thcerypto isakmp key
command in global
crypto isakmp key cisco123 address 172.16.1.1
https://community.cisco.com/t5/vpn/isakmp-with-0-0-0-0-dmvpn/td-p/4312380
It is a bad practice but it is valid. 172.16.0.0/16 the full range will be accepted as possible PEER https://www.examtopics.com/discussions/cisco/view/46191-exam-350-701-topic-1-question-71-discussion/#:~:t Testing without a netmask shows that command interpretation has a preference for /16 and /24.
CSR-1(config)#crypto isakmp key cisco123 address 172.16.0.0
CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.0.0 [255.255.0.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.0.0 CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.0 CSR-1(config)#do show crypto isakmp key | i cisco
default 172.16.1.0 [255.255.255.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.1.0 CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.128
CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.1.128 cisco123 CSR-1(config)#

- (Exam Topic 3)
Which API method and required attribute are used to add a device into Cisco DNA Center with the native API?

1. A. GET and serialNumber
2. B. userSudiSerlalNos and deviceInfo
3. C. POST and name
4. D. lastSyncTime and pid

Correct Answer: A

- (Exam Topic 1)
Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

1. A. 3DES
2. B. RSA
3. C. DES
4. D. AES

Correct Answer: B

Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory, energy and bandwidth savings and is thus better suited forsmall devices.

- (Exam Topic 3)
What is a benefit of using Cisco CWS compared to an on-premises Cisco WSA?

1. A. Cisco CWS eliminates the need to backhaul traffic through headquarters for remote workers whereas Cisco WSA does not
2. B. Cisco CWS minimizes the load on the internal network and security infrastructure as compared to Cisco WSA.
3. C. URL categories are updated more frequently on Cisco CWS than they are on Cisco WSA
4. D. Content scanning for SAAS cloud applications is available through Cisco CWS and not available through Cisco WSA

Correct Answer: A

- (Exam Topic 2)
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be prevented from quickly identifying all valid recipients. What must be done on the Cisco ESA to accomplish this goal?

1. A. Configure incoming content filters
2. B. Use Bounce Verification
3. C. Configure Directory Harvest Attack Prevention
4. D. Bypass LDAP access queries in the recipient access table

Correct Answer: C
A Directory Harvest Attack (DHA) is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using differentpermutations of common username. Its easy for attackers to get hold of a valid email address if yourorganization uses standard format for official e-mail alias (for example: jsmith@example.com). We canconfigure DHA Prevention to prevent malicious actors from quickly identifying valid recipients.Note: Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email programs use to look up contact information from a server, such as ClickMail Central Directory. For example, here’s an LDAP search translated into plain English: “Search for all people located in Chicago who’s name contains “Fred” that have an email address. Please return their full name, email, title, and description.