350-701 VOL2 Question

1

• 350-701 Implementing and Operating Cisco Security
  Core Technologies VOL2
• QUESTION NO 1
• Which of the following are the two primary
  offerings for the Cisco Stealthwatch Cloud
  product? (Select two)
• Public Cloud Monitoring
• Private Cloud Monitoring
• Public Network Monitoring
• Private Network Monitoring
• Answer A, D

• QUESTION NO 2
• What are the three default guest account types
  in the Cisco Identity Services Engine (ISE)
  solution? (Select three)
• Contractor
• Temporary Employee
• Daily
• Off-hours
• Weekly
• Answer A, C, E

• QUESTION NO 3
• Which of the following Cisco products gathers
  telemetry data from network elements to create a
  baseline of normal activity so that it can
  automatically detect unusual behavior and alert
  network administrators to take action?
• pxGrid
• Umbrella
• DNA Center
• Stealthwath
• Answer D

QUESTION NO 4
2

• In the Cisco Email Security Appliance (ESA)
  gateway, what SenderBase Reputation Score is used
  for a source that is most like to be a source of
  SPAM?
• 10
• 0
• C. -10
• D. -100
• Answer C

• QUESTION NO 5
• You want to centralize the authentication aspects
  of your network devices and need to determine if
  RADIUS or TACACS is right for your network.
  Which of the following statements are true
  regarding the difference between the two? (Select
  two)
• RADIUS uses TCP while TACACS uses UDP
• RADIUS encrypts only the password in the access
  request message, while TACACS encrypts the
  entire message.
• RADIUS combines the authorization and
  authentication components of AAA, while TACACS
  separates all three.
• TACACS allows for the use of COA to immediately
  disconnect users and force the to re-
• authenticate, while RADIUS has no such
  functionality.
• Answer B, C

QUESTION NO 6 A network administrator is
troubleshooting a site to site VPN tunnel and he
runs a command for which the output is shown
below. The tunnel seems to be up however is not
allowing traffic to go through the tunnel.
Output is shown below CiscoASA-fw1 sho cry
ipsec sa interface outside Crypto map tag VPN,
seq num 1, local addr 11.12.13.X access-list
VPN extended permit ip 10.10.10.0 255.255.255.0
10.10.20.0 255.255.255.0 local ident
(addr/mask/prot/port) (10.10.10.0/255.255.255.0/0
/0) remote ident (addr/mask/prot/port)
(10.10.20.0/255.255.255.0/0/0) current_peer
15.16.17.18 pkts encaps 0, pkts encrypt 0,
pkts digest 0
3
pkts decaps 10863, pkts decrypt 10863, pkts
verify 10863 pkts compressed 0, pkts
decompressed 0 pkts not compressed 0, pkts
comp failed 0, pkts decomp failed 0 pre-frag
successes 0, pre-frag failures 0, fragments
created 0 PMTUs sent 0, PMTUs rcvd 0,
decapsulated frgs needing reassembly 0 TFC
rcvd 0, TFC sent 0 Valid ICMP Errors rcvd 0,
Invalid ICMP Errors rcvd 0 send errors 0,
recv errors 0 local crypto endpt.
11.12.13.X/0, remote crypto endpt. 15.16.17.XX
/0 path mtu 1500, ipsec overhead 58(36), media
mtu 1500 PMTU time remaining (sec) 0, DF policy
copy-df ICMP error validation disabled, TFC
packets disabled current outbound spi
357C436A current inbound spi F47F2B47 inbound
esp sas spi 0xF32F2B47 (4101974855) SA State
active transform esp-3des esp-sha-hmac no
compression in use settings L2L, Tunnel,
IKEv1, slot 0, conn_id 55, crypto-map VPN sa
timing remaining key lifetime (kB/sec)
(3914989/22365) IV size 8 bytes replay detection
support Y Anti replay bitmap 0xFFFFFFFF
0xFFFFFFFF outbound esp sas spi 0x357C436A
(897336170) SA State active transform esp-3des
esp-sha-hmac no compression in use settings
L2L, Tunnel, IKEv1,
4

• slot 0, conn_id 55, crypto-map VPN
• sa timing remaining key lifetime (kB/sec)
  (3915000/22365)
• IV size 8 bytes
• replay detection support Y Anti replay bitmap
• 0x00000000 0x00000001
• What would be the next 2 steps that you would
  prefer from the below 4 options.
• Clear the crypto command
• Check the NAT statement on local firewall where
  the output is captured
• Check the NAT statement on the remote firewall
• Check for the reverse route on hosts in between
  devices for the remote subnets.
• Answer B, D

• QUESTION NO 7
• Which Cisco product offers actionable
  cyberintelligence in the form of app risk ratings
  fueled by the CyberLab as well as Community
  Trust Ratings, the crowdsourced assessment of
  cloud app risk?
• Secure Analytics
• FTD
• Cloudlock
• WSA
• Answer C

• QUESTION NO 8
• As an administrator, you are required to deploy
  Cisco Web Secuity Appliance (WSA) for your
  Organization. What are the various ways that you
  can use to deploy Cisco WSA? (Choose all that
  apply)
• Mobile Application
• Hardware Appliance
• Virtual Machine
• Storage Media
• Amazon Public Cloud
• Answer B, C, E

5
QUESTION NO 9 An administrator is managing a VPN
tunnel from Cisco ASA to the remote site. When
the administrator checks the tunnel status, he
gets this output CiscoASA-fw1 sho cry ipsec sa
interface outside Crypto map tag VPN, seq num
1, local addr 11.12.13.X access-list VPN
extended permit ip 10.10.10.0 255.255.255.0
10.10.20.0 255.255.255.0 local ident
(addr/mask/prot/port) (10.10.10.0/255.255.255.0/0
/0) remote ident (addr/mask/prot/port)
(10.10.20.0/255.255.255.0/0/0) current_peer
15.16.17.18 pkts encaps 0, pkts encrypt 0,
pkts digest 0 pkts decaps 10863, pkts
decrypt 10863, pkts verify 10863 pkts
compressed 0, pkts decompressed 0 pkts not
compressed 0, pkts comp failed 0, pkts decomp
failed 0 pre-frag successes 0, pre-frag
failures 0, fragments created 0 PMTUs sent
0, PMTUs rcvd 0, decapsulated frgs needing
reassembly 0 TFC rcvd 0, TFC sent 0 Valid
ICMP Errors rcvd 0, Invalid ICMP Errors rcvd
0 send errors 0, recv errors 0 local crypto
endpt. 11.12.13.X/0, remote crypto endpt.
15.16.17.XX /0 path mtu 1500, ipsec overhead
58(36), media mtu 1500 PMTU time remaining (sec)
0, DF policy copy-df ICMP error validation
disabled, TFC packets disabled current outbound
spi 357C436A current inbound spi
F47F2B47 inbound esp sas spi 0xF32F2B47
(4101974855)
6

• SA State active
• transform esp-3des esp-sha-hmac no compression
  in use settings L2L, Tunnel, IKEv1,
• slot 0, conn_id 55, crypto-map VPN
• sa timing remaining key lifetime (kB/sec)
  (3914989/22365)
• IV size 8 bytes
• replay detection support Y Anti replay bitmap
• 0xFFFFFFFF 0xFFFFFFFF
• outbound esp sas
• spi 0x357C436A (897336170)
• SA State active
• transform esp-3des esp-sha-hmac no compression
  in use settings L2L, Tunnel, IKEv1,
• slot 0, conn_id 55, crypto-map VPN
• sa timing remaining key lifetime (kB/sec)
  (3915000/22365)
• IV size 8 bytes
• replay detection support Y Anti replay bitmap
• 0x00000000 0x00000001
• On the basis of the output shown above, please
  confirm which statement is true.
• The traffic is not getting encrypted from the
  remote side.
• The traffic is not getting encrypted on the host
  end.

QUESTION NO 10 On the basis of the output shown
below, please select the correct statement.
(Select two) CiscoASA-fw1 sho cry ipsec sa
interface outside Crypto map tag VPN, seq num
1, local addr 11.12.13.X
7
access-list VPN extended permit ip 10.10.10.0
255.255.255.0 10.10.20.0 255.255.255.0 local
ident (addr/mask/prot/port) (10.10.10.0/255.255.2
55.0/0/0) remote ident (addr/mask/prot/port)
(10.10.20.0/255.255.255.0/0/0) current_peer
15.16.17.18 pkts encaps 0, pkts encrypt 0,
pkts digest 0 pkts decaps 10863, pkts
decrypt 10863, pkts verify 10863 pkts
compressed 0, pkts decompressed 0 pkts not
compressed 0, pkts comp failed 0, pkts decomp
failed 0 pre-frag successes 0, pre-frag
failures 0, fragments created 0 PMTUs sent
0, PMTUs rcvd 0, decapsulated frgs needing
reassembly 0 TFC rcvd 0, TFC sent 0 Valid
ICMP Errors rcvd 0, Invalid ICMP Errors rcvd 0
send errors 0, recv errors 0 local crypto
endpt. 11.12.13.X/0, remote crypto endpt.
15.16.17.XX /0 path mtu 1500, ipsec overhead
58(36), media mtu 1500 PMTU time remaining (sec)
0, DF policy copy-df ICMP error validation
disabled, TFC packets disabled current outbound
spi 357C436A current inbound spi
F47F2B47 inbound esp sas spi 0xF32F2B47
(4101974855) SA State active transform esp-3des
esp-sha-hmac no compression in use settings
L2L, Tunnel, IKEv1, slot 0, conn_id 55,
crypto-map VPN sa timing remaining key lifetime
(kB/sec) (3914989/22365) IV size 8 bytes replay
detection support Y
8

• Anti replay bitmap
• 0xFFFFFFFF 0xFFFFFFFF
• outbound esp sas
• spi 0x357C436A (897336170)
• SA State active
• transform esp-3des esp-sha-hmac no compression
  in use settings L2L, Tunnel, IKEv1,
• slot 0, conn_id 55, crypto-map VPN
• sa timing remaining key lifetime (kB/sec)
  (3915000/22365)
• IV size 8 bytes
• replay detection support Y Anti replay bitmap
• 0x00000000 0x00000001
• The remote and the local LAN subnets that are
  talking over the VPN tunnel are 11.12.13.x
  15.16.17.x
• The remote and the local LAN subnets that are
  talking over the VPN tunnel are 10.10.10.0/24
  10.10.20.0/24
• The tunnel is running IPSec version 2
• The tunnel is running IPSec version 1
• Answer B, D

• QUESTION NO 11
• Select the correct statements from the below
  options in respect to the IPSec tunnels.
• IKEv1 has a faster rekey time as compared to
  IKEv2
• IKEv1 has a reduced SA delay as compared to IKEv2
• IKEv2 has less overhead as compare to IKEv1
• IKEv2 is more complex in IP establishment between
  different VPN products as compared to IKEv1.
• Answer C

QUESTION NO 12 As an administrator, you have to
migrate your existing L2L tunnel running IKEv1 to
IKEv2 on the Cisco ASA. What would be the
command that you will use to migrate IKEv1 to
IKEv2.
9

• Individually upgrade all the IKEv1 commands to
  the IKEv2 commands.
• Search for the keywords by running the command
  show run inc ikev1 and replace the IKEv1
  word with IKEv2 and past the same configuration
  back to the ASA.
• Apply command migrate l2l
• IKEv2 is only supported for remote access.
• Answer C

• QUESTION NO 13
• A company uses O365 as their mail platform and
  for past few week, a lot of users are complaining
  about their accounts getting compromised. What
  solution would you recommend to the company to
  avoid user accounts from getting hacked.
• Cisco Secure Endpoint
• Cisco WSA
• Cisco Email Security
• Cisco Duo MFA
• Answer D

• QUESTION NO 14
• A company is concerned about the security of the
  network as lot of users uses their personal
  mobiles to connect to the corporate wifi and this
  not only gives them access to the internet but
  also to the internal hosts and applications. What
  solution would you recommend from the below
  options that will secure the internal network and
  will not hamper. their internet connectivity.
• Block users from connecting to the Wifi
• Blacklist users who try to access internal hosts
• Apply separation of traffic to block guest users
  from accessing internal hosts.
• Ask guest users to connect using wired connection
  on their laptop
• Answer C

• QUESTION NO 15
• Cisco has a security product that continuously
  analyses network activities and creates a
  baseline of normal network behavior and then
  uses this baseline, along with advanced machine
  learning algorithms, to detect anomalies. Which
  product is it?
• Cisco Secure Network Analytics
• Cisco ISE

10

• Cisco FTD
• Cisco Umbrella
• Answer A

• QUESTION NO 16
• Cisco offers a cloud compliance solution that can
  be deployed within 5 minutes without impacting
  the end users. This service covers Microsoft
  O365, Salesforce, Dropbox, ServiceNow etc to
  name a few. Which solution is it?
• Cisco Stealthwatch Cloud
• Cisco ISE on AWS
• Cisco FTD
• Cisco Cloudlock
• Answer D

• QUESTION NO 17
• Cisco Meraki offers different types of VPN
  connectivity. Please select the options that are
  supported on the Meraki MX series higher models.
  (Choose all that are applicable)
• Auto VPN
• Anyconnect VPN
• EasyVPN
• Global Protect VPN
• L2TP
• Answer A, B, E

• QUESTION NO 18
• What are various flow data supported by the Cisco
  Stealthwatch? (Select two)
• Netflow
• IPFIX
• SMTP
• ICMP
• Answer A, B

11

• QUESTION NO 19
• Select the IOS type used by Cisco devices that
  supports SDWAN solution.
• IOS
• IOS-XE
• IOS-XR
• Linux
• Answer B

• QUESTION NO 20
• From the options given below, what are the
  components of the Cisco SDWAN solution? (Select
  two)
• vManage
• vEdge
• vFirewall
• vRouter
• vSwitch
• Answer A, B