Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Cisco
  3. 350-701

Cisco 350-701 (page: 5)

Cisco Implementing and Operating Security Core Technologies

Updated 17-Apr-2026

Page 5 of 123 350-701 PDF — 727 Questions

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

  1. 3DES
  2. RSA
  3. DES
  4. AES

Answer(s): B

Explanation:

Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory, energy and bandwidth savings and is thus better suited forsmall devices.



What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

  1. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
  2. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
  3. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
  4. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Answer(s): C

Explanation:

Configure a Crypto ISAKMP Key
In order to configure a preshared authentication key, enter the crypto isakmp key command in global configuration mode:
crypto isakmp key cisco123 address 172.16.1.1

https://community.cisco.com/t5/vpn/isakmp-with-0-0-0-0-dmvpn/td-p/4312380 It is a bad practice but it is valid. 172.16.0.0/16 the full range will be accepted as possible PEER https://www.examtopics.com/discussions/cisco/view/46191-exam-350-701-topic-1-question-71- discussion/#:~:text=Command%20reference%20is%20not%20decisive,172.16.1.128%20cisco123%0A CSR%2D1(config)%23
Testing without a netmask shows that command interpretation has a preference for /16 and /24. CSR-1(config)#crypto isakmp key cisco123 address 172.16.0.0 CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.0.0 [255.255.0.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.0.0 CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.0 CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.1.0 [255.255.255.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.1.0 CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.128 CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.1.128 cisco123 CSR-1(config)#



Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

  1. DMVPN
  2. FlexVPN
  3. IPsec DVTI
  4. GET VPN

Answer(s): D

Explanation:

Cisco`s Group Encrypted Transport VPN (GETVPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM.
GETVPN provides instantaneous large-scale any-to-any IP connectivity using a group IPsec security paradigm.


Reference:

https://www.cisco.com/c/dam/en/us/products/collateral/security/group-encrypted- transport-vpn/
GETVPN_DIG_version_2_0_External.pdf



Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

  1. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the
    IPsec configuration is copied automatically
  2. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
  3. The IPsec configuration that is set up on the active device must be duplicated on the standby device
  4. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;
    the IKE configuration is copied automatically.
  5. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

Answer(s): C,E

Explanation:

Stateful failover for IP Security (IPsec) enables a router to continue processing and forwarding IPsec packets after a planned or unplanned outage occurs. Customers employ a backup (secondary) router that automatically takes over the tasks of the active (primary) router if the active router loses connectivity for any reason. This failover process is transparent to users and does not require adjustment or reconfiguration of any remote peer.
Stateful failover for IPsec requires that your network contains two identical routers that are available to be either the primary or secondary device. Both routers should be the same type of device, have the same CPU and memory, and have either no encryption accelerator or identical encryption accelerators.
Prerequisites for Stateful Failover for IPsec
Complete, Duplicate IPsec and IKE Configuration on the Active and Standby Devices This document assumes that you have a complete IKE and IPsec configuration. The IKE and IPsec configuration that is set up on the active device must be duplicated on the standby device.
That is, the crypto configuration must be identical with respect to Internet Security Association and Key
Management Protocol (ISAKMP) policy, ISAKMP keys (preshared), IPsec profiles, IPsec transform sets, all crypto map sets that are used for stateful failover, all access control lists (ACLs) that are used in match address statements on crypto map sets, all AAA configurations used for crypto, client configuration groups, IP local pools used for crypto, and ISAKMP profiles.


Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15- mt/sec-vpnavailability-15-mt-book/sec-state-fail-ipsec.html Although the prerequisites only stated that "Both routers should be the same type of device" but in the
"Restrictions for Stateful Failover for IPsec" section of the link above, it requires "Both the active and standby devices must run the identical version of the Cisco IOS software" so answer E is better than answer B.



Which VPN technology can support a multivendor environment and secure traffic between sites?

  1. SSL VPN
  2. GET VPN
  3. FlexVPN
  4. DMVPN

Answer(s): C

Explanation:

FlexVPN is an IKEv2-based VPN technology that provides several benefits beyond traditional site-to- site VPN implementations. FlexVPN is a standards-based solution that can interoperate with non- Cisco IKEv2
implementations. Therefore FlexVPN can support a multivendor environment. All of the three VPN technologies support traffic between sites (site-to-site or spoke-to-spoke).



Page 5 of 123

Share your comments for Cisco 350-701 exam with other users:

Brijesh kr 6/29/2023 4:07:00 AM

awesome contents
INDIA


JM 12/19/2023 1:22:00 PM

answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.
UNITED STATES


Neo 7/26/2023 9:36:00 AM

are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?
SOUTH AFRICA


Bilal 8/22/2023 6:33:00 AM

i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.
Anonymous


John 11/12/2023 8:48:00 PM

why only give explanations on some, and not all questions and their respective answers?
UNITED STATES


Biswa 11/20/2023 8:50:00 AM

refresh db knowledge
Anonymous


Shalini Sharma 10/17/2023 8:29:00 AM

interested for sap certification
JAPAN


ethan 9/24/2023 12:38:00 PM

could you please upload practice questions for scr exam ?
HONG KONG


vijay joshi 8/19/2023 3:15:00 AM

please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps
Anonymous


Ayodele Talabi 8/25/2023 9:25:00 PM

sweating! they are tricky
CANADA


Romero 3/23/2022 4:20:00 PM

i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES


John Kennedy 9/20/2023 3:33:00 AM

good practice and well sites.
Anonymous


Nenad 7/12/2022 11:05:00 PM

passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.
INDIA


Lucky 10/31/2023 2:01:00 PM

does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?
HONG KONG


Prateek 9/18/2023 11:13:00 AM

kindly share the dumps
UNITED STATES


Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous


php 6/16/2023 12:49:00 AM

passed today
Anonymous


Durga 6/23/2023 1:22:00 AM

hi can you please upload questions
Anonymous


JJ 5/28/2023 4:32:00 AM

please upload quetions
THAILAND


Norris 1/3/2023 8:06:00 PM

i passed my exam thanks to this braindumps questions. these questions are valid in us and i highly recommend it!
UNITED STATES


abuti 7/21/2023 6:10:00 PM

are they truely latest
Anonymous


Curtis Nakawaki 7/5/2023 8:46:00 PM

questions appear contemporary.
UNITED STATES


Vv 12/2/2023 6:31:00 AM

good to prepare in this site
UNITED STATES


praveenkumar 11/20/2023 11:57:00 AM

very helpful to crack first attempt
Anonymous


asad Raza 5/15/2023 5:38:00 AM

please upload this exam
CHINA


Reeta 7/17/2023 5:22:00 PM

please upload the c_activate22 dump questions with answer
SWEDEN


Wong 12/20/2023 11:34:00 AM

q10 - the answer should be a. if its c, the criteria will meet if either the prospect is not part of the suppression lists or if the job title contains vice president
MALAYSIA


david 12/12/2023 12:38:00 PM

this was on the exam as of 1211/2023
Anonymous


Tink 7/24/2023 9:23:00 AM

great for prep
GERMANY


Jaro 12/18/2023 3:12:00 PM

i think in question 7 the first answer should be power bi portal (not power bi)
Anonymous


9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous


Tai 8/28/2023 5:28:00 AM

wonderful material
SOUTH AFRICA


VoiceofMidnight 12/29/2023 4:48:00 PM

i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!
UNITED STATES


A K 8/3/2023 11:56:00 AM

correct answer for question 92 is c -aws shield
Anonymous


AI Tutor 👋 I’m here to help!