Which Cisco ISE feature helps to detect missing patches and helps with remediation?
A. posture assessment
B. profiling policy
C. authentication policy
D. enabling probes
An engineer is configuring Cisco WSA and needs to deploy it in transparent mode. Which configuration component must be used to accomplish this goal?
A. MDA on the router
B. PBR on Cisco WSA
C. WCCP on switch
D. DNS resolution on Cisco WSA
What are two workload security models? (Choose two.)
A. SaaS
B. PaaS
C. off-premises
D. on-premises
E. IaaS
Which two Cisco ISE components enforce security policies on noncompliant endpoints by blocking network access? (Choose two.)
A. Apex licensing
B. TACACS+
C. profiling
D. DHCP and SNMP probes
E. posture agents
What is the most commonly used protocol for network telemetry?
A. NetFlow
B. SNMP
C. TFTP
D. SMTP
What are two functions of IKEv1 but not IKEv2? (Choose two.)
A. IKEv1 conversations are initiated by the IKE_SA_INIT message.
B. With IKEv1, aggressive mode negotiates faster than main mode.
C. IKEv1 uses EAP for authentication.
D. NAT-T is supported in IKEv1 but not in IKEv2.
E. With IKEv1, when using aggressive mode, the initiator and responder identities are passed in cleartext.
What does Cisco ISE use to collect endpoint attributes that are used in profiling?
A. probes
B. posture assessment
C. Cisco AnyConnect Secure Mobility Client
D. Cisco pxGrid
An administrator is testing new configuration on a network device. The network device had a previously established association with the NTP server but is no longer processing time updates. What is the cause of this issue?
A. The server changed its time source to stratum 1.
B. The network device is sending the wrong password to the server.
C. NTP authentication has been configured on the network device.
D. NTP authentication has been configured on the NTP server.
During a recent security audit, a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command. The VPN peer is a SOHO router with a dynamically assigned IP address. Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn.sohoroutercompany.com. In addition to the command crypto isakmp key Cisc123456789 hostname vpn.sohoroutercompany.com, what other two commands are now required on the Cisco IOS router far the VPN to continue to function after the wildcard command is removed? (Choose two.)
A. ip host vpn.sohoroutercompany.com
B. crypto isakmp identity hostname
C. Add the dynamic keyword to the existing crypto map command
D. fqdn vpn.sohoroutercompany.com
E. ip name-server
Which command is used to log all events to a destination collector 209.165.201.10?
A. CiscoASA(config-pmap-c)# flow-export event-type all destination 209.165.201.10
B. CiscoASA(config-cmap)# flow-export event-type flow-update destination 209.165.201.10
C. CiscoASA(config-pmap-c)# flow-export event-type flow-update destination 209.165.201.10
D. CiscoASA(config-cmap)# flow-export event-type all destination 209.165.201.10
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-701 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.