Question No. 1

What is the primary benefit of deploying an ESA in hybrid mode?

AYou can fine-tune its settings to provide the optimum balance between security and performance for your environment

BIt provides the lowest total cost of ownership by reducing the need for physical appliances

CIt provides maximum protection and control of outbound messages

DIt provides email security while supporting the transition to the cloud

Show Answer

Correct Answer: D

Cisco Hybrid Email Security is a unique service offering that facilitates the deployment of your email security

infrastructure both on premises and in the cloud. You can change the number of on-premises versus cloud

users at any time throughout the term of your contract, assuming the total number of users does not change.

This allows for deployment flexibility as your organization's needs change.

Question No. 2

Refer to the exhibit.

Which command was used to display this output?

Ashow dot1x all

Bshow dot1x

Cshow dot1x all summary

Dshow dot1x interface gi1/0/12

Show Answer

Correct Answer: A

Question No. 3

Refer to the exhibit.

An engineer configured wired 802.1x on the network and is unable to get a laptop to authenticate. Which port configuration is missing?

Aauthentication open

Bdotlx reauthentication

Ccisp enable

Ddot1x pae authenticator

Show Answer

Correct Answer: D

Question No. 4

A Cisco FTD engineer is creating a new IKEv2 policy called s2s00123456789 for their organization to allow for additional protocols to terminate network devices with. They currently only have one policy established and need the new policy to be a backup in case some devices cannot support the stronger algorithms listed in the primary policy. What should be done in order to support this?

AChange the integrity algorithms to SHA* to support all SHA algorithms in the primary policy

BMake the priority for the new policy 5 and the primary policy 1

CChange the encryption to AES* to support all AES algorithms in the primary policy

DMake the priority for the primary policy 10 and the new policy 1

Show Answer

Correct Answer: B

All IKE policies on the device are sent to the remote peer regardless of what is in the selected policy section. The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first. Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470- site-to-site-vpn-configuration-on-ftd-ma.html

The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first.

All IKE policies on the device are sent to the remote peer regardless of what is in the selected policy section. The first IKE Policy matched by the remote peer will be selected for the VPN connection. Choose which policy is sent first using the priority field. Priority 1 will be sent first. Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470- site-to-site-vpn-configuration-on-ftd-ma.html

Question No. 5

Which CLI command is used to enable URL filtering support for shortened URLs on the Cisco ESA?

Awebadvancedconfig

Bwebsecurity advancedconfig

Coutbreakconfig

Dwebsecurity config

Show Answer

Correct Answer: B

Free Cisco 350-701 Exam Actual Questions

The questions for 350-701 were last updated On Jan 16, 2025