Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Oracle
Palo Alto Networks
All Vendors
  1. Home
  2. Cisco®
  3. 350-701

Cisco® 350-701 Exam (page: 5)
Cisco® Implementing and Operating Security Core Technologies
Updated on: 28-Nov-2025

Viewing Page 5 of 123
350-701 PDF 612 Questions

Elliptic curve cryptography is a stronger more efficient cryptography method meant to replace which current encryption technology?

  1. 3DES
  2. RSA
  3. DES
  4. AES

Answer(s): B

Explanation:

Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory, energy and bandwidth savings and is thus better suited forsmall devices.



What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?

  1. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
  2. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
  3. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
  4. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX

Answer(s): C

Explanation:

Configure a Crypto ISAKMP Key
In order to configure a preshared authentication key, enter the crypto isakmp key command in global configuration mode:
crypto isakmp key cisco123 address 172.16.1.1

https://community.cisco.com/t5/vpn/isakmp-with-0-0-0-0-dmvpn/td-p/4312380 It is a bad practice but it is valid. 172.16.0.0/16 the full range will be accepted as possible PEER https://www.examtopics.com/discussions/cisco/view/46191-exam-350-701-topic-1-question-71- discussion/#:~:text=Command%20reference%20is%20not%20decisive,172.16.1.128%20cisco123%0A CSR%2D1(config)%23
Testing without a netmask shows that command interpretation has a preference for /16 and /24. CSR-1(config)#crypto isakmp key cisco123 address 172.16.0.0 CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.0.0 [255.255.0.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.0.0 CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.0 CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.1.0 [255.255.255.0] cisco123
CSR-1(config)#no crypto isakmp key cisco123 address 172.16.1.0 CSR-1(config)#crypto isakmp key cisco123 address 172.16.1.128 CSR-1(config)#do show crypto isakmp key | i cisco default 172.16.1.128 cisco123 CSR-1(config)#



Which technology must be used to implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity?

  1. DMVPN
  2. FlexVPN
  3. IPsec DVTI
  4. GET VPN

Answer(s): D

Explanation:

Cisco`s Group Encrypted Transport VPN (GETVPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM.
GETVPN provides instantaneous large-scale any-to-any IP connectivity using a group IPsec security paradigm.


Reference:

https://www.cisco.com/c/dam/en/us/products/collateral/security/group-encrypted- transport-vpn/
GETVPN_DIG_version_2_0_External.pdf



Which two conditions are prerequisites for stateful failover for IPsec? (Choose two)

  1. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the
    IPsec configuration is copied automatically
  2. The active and standby devices can run different versions of the Cisco IOS software but must be the same type of device.
  3. The IPsec configuration that is set up on the active device must be duplicated on the standby device
  4. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device;
    the IKE configuration is copied automatically.
  5. The active and standby devices must run the same version of the Cisco IOS software and must be the same type of device

Answer(s): C,E

Explanation:

Stateful failover for IP Security (IPsec) enables a router to continue processing and forwarding IPsec packets after a planned or unplanned outage occurs. Customers employ a backup (secondary) router that automatically takes over the tasks of the active (primary) router if the active router loses connectivity for any reason. This failover process is transparent to users and does not require adjustment or reconfiguration of any remote peer.
Stateful failover for IPsec requires that your network contains two identical routers that are available to be either the primary or secondary device. Both routers should be the same type of device, have the same CPU and memory, and have either no encryption accelerator or identical encryption accelerators.
Prerequisites for Stateful Failover for IPsec
Complete, Duplicate IPsec and IKE Configuration on the Active and Standby Devices This document assumes that you have a complete IKE and IPsec configuration. The IKE and IPsec configuration that is set up on the active device must be duplicated on the standby device.
That is, the crypto configuration must be identical with respect to Internet Security Association and Key
Management Protocol (ISAKMP) policy, ISAKMP keys (preshared), IPsec profiles, IPsec transform sets, all crypto map sets that are used for stateful failover, all access control lists (ACLs) that are used in match address statements on crypto map sets, all AAA configurations used for crypto, client configuration groups, IP local pools used for crypto, and ISAKMP profiles.


Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15- mt/sec-vpnavailability-15-mt-book/sec-state-fail-ipsec.html Although the prerequisites only stated that "Both routers should be the same type of device" but in the
"Restrictions for Stateful Failover for IPsec" section of the link above, it requires "Both the active and standby devices must run the identical version of the Cisco IOS software" so answer E is better than answer B.



Which VPN technology can support a multivendor environment and secure traffic between sites?

  1. SSL VPN
  2. GET VPN
  3. FlexVPN
  4. DMVPN

Answer(s): C

Explanation:

FlexVPN is an IKEv2-based VPN technology that provides several benefits beyond traditional site-to- site VPN implementations. FlexVPN is a standards-based solution that can interoperate with non- Cisco IKEv2
implementations. Therefore FlexVPN can support a multivendor environment. All of the three VPN technologies support traffic between sites (site-to-site or spoke-to-spoke).



Viewing Page 5 of 123



Share your comments for Cisco® 350-701 exam with other users:

Amit 9/7/2023 12:53:00 AM

very detailed explanation !
HONG KONG


FisherGirl 5/16/2022 10:36:00 PM

the interactive nature of the test engine application makes the preparation process less boring.
NETHERLANDS


Chiranthaka 9/20/2023 11:15:00 AM

very useful.
Anonymous


SK 7/15/2023 3:51:00 AM

complete question dump should be made available for practice.
Anonymous


Gamerrr420 5/25/2022 9:38:00 PM

i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.
AUSTRALIA


Kudu hgeur 9/21/2023 5:58:00 PM

nice create dewey stefen
CZECH REPUBLIC


Anorag 9/6/2023 9:24:00 AM

i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.
CANADA


Nathan 1/10/2023 3:54:00 PM

passed my exam today. this is a good start to 2023.
UNITED STATES


1 10/28/2023 7:32:00 AM

great sharing
Anonymous


Anand 1/20/2024 10:36:00 AM

very helpful
UNITED STATES


Kumar 6/23/2023 1:07:00 PM

thanks.. very helpful
FRANCE


User random 11/15/2023 3:01:00 AM

i registered for 1z0-1047-23 but dumps qre available for 1z0-1047-22. help me with this...
UNITED STATES


kk 1/17/2024 3:00:00 PM

very helpful
UNITED STATES


Raj 7/24/2023 10:20:00 AM

please upload oracle 1z0-1110-22 exam pdf
INDIA


Blessious Phiri 8/13/2023 11:58:00 AM

becoming interesting on the logical part of the cdbs and pdbs
Anonymous


LOL what a joke 9/10/2023 9:09:00 AM

some of the answers are incorrect, i would be wary of using this until an admin goes back and reviews all the answers
UNITED STATES


Muhammad Rawish Siddiqui 12/9/2023 7:40:00 AM

question # 267: federated operating model is also correct.
SAUDI ARABIA


Mayar 9/22/2023 4:58:00 AM

its helpful alot.
Anonymous


Sandeep 7/25/2022 11:58:00 PM

the questiosn from this braindumps are same as in the real exam. my passing mark was 84%.
INDIA


Eman Sawalha 6/10/2023 6:09:00 AM

it is an exam that measures your understanding of cloud computing resources provided by aws. these resources are aligned under 6 categories: storage, compute, database, infrastructure, pricing and network. with all of the services and typees of services under each category
GREECE


Mars 11/16/2023 1:53:00 AM

good and very useful
TAIWAN PROVINCE OF CHINA


ronaldo7 10/24/2023 5:34:00 AM

i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!
UNITED STATES


Palash Ghosh 9/11/2023 8:30:00 AM

easy questions
Anonymous


Noor 10/2/2023 7:48:00 AM

could you please upload ad0-127 dumps
INDIA


Kotesh 7/27/2023 2:30:00 AM

good content
Anonymous


Biswa 11/20/2023 9:07:00 AM

understanding about joins
Anonymous


Jimmy Lopez 8/25/2023 10:19:00 AM

please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.
Anonymous


Lily 4/24/2023 10:50:00 PM

questions made studying easy and enjoyable, passed on the first try!
UNITED STATES


John 8/7/2023 12:12:00 AM

has anyone recently attended safe 6.0 exam? did you see any questions from here?
Anonymous


Big Dog 6/24/2023 4:47:00 PM

question 13 should be dhcp option 43, right?
UNITED STATES


B.Khan 4/19/2022 9:43:00 PM

the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.
INDIA


Ganesh 12/24/2023 11:56:00 PM

is this dump good
Anonymous


Albin 10/13/2023 12:37:00 AM

good ................
EUROPEAN UNION


Passed 1/16/2022 9:40:00 AM

passed
GERMANY