Free Access to Cisco.350-701.v2025-02-21.q424 with Valid Practice Test (Page 43)

Question 206

An administrator is establishing a new site-to-site VPN connection on a Cisco IOS router. The organization needs to ensure that the ISAKMP key on the hub is used only for terminating traffic from the IP address of
172.19.20.24. Which command on the hub will allow the administrator to accomplish this?

A.crypto ca identity 172.19.20.24
B.crypto isakmp key Cisco0123456789 172.19.20.24
C.crypto enrollment peer address 172.19.20.24
D.crypto isakmp identity address 172.19.20.24

Correct Answer: B

The command "crypto isakmp identity address 172.19.20.24" is not valid. We can only use "crypto isakmp identity {address | hostname}. The following example uses preshared keys at two peers and sets both their ISAKMP identities to the IP address.
At the local peer (at 10.0.0.1) the ISAKMP identity is set and the preshared key is specified:
crypto isakmp identity address
crypto isakmp key sharedkeystring address 192.168.1.33
At the remote peer (at 192.168.1.33) the ISAKMP identity is set and the same preshared key is specified:
crypto isakmp identity address
crypto isakmp key sharedkeystring address 10.0.0.1
The command "crypto isakmp identity address 172.19.20.24" is not valid. We can only use "crypto isakmp identity {address | hostname}. The following example uses preshared keys at two peers and sets both their ISAKMP identities to the IP address.
At the local peer (at 10.0.0.1) the ISAKMP identity is set and the preshared key is specified:
crypto isakmp identity address
crypto isakmp key sharedkeystring address 192.168.1.33
At the remote peer (at 192.168.1.33) the ISAKMP identity is set and the same preshared key is specified:
crypto isakmp identity address
crypto isakmp key sharedkeystring address 10.0.0.1
Reference:
The command "crypto enrollment peer address" is not valid either.
The command "crypto ca identity ..." is only used to declare a trusted CA for the router and puts you in the caidentity configuration mode. Also it should be followed by a name, not an IP address. For example: "crypto ca identity CA-Server" -> Answer A is not correct.
Only answer B is the best choice left.
The command "crypto isakmp identity address 172.19.20.24" is not valid. We can only use "crypto isakmp identity {address | hostname}. The following example uses preshared keys at two peers and sets both their ISAKMP identities to the IP address.
At the local peer (at 10.0.0.1) the ISAKMP identity is set and the preshared key is specified:
crypto isakmp identity address
crypto isakmp key sharedkeystring address 192.168.1.33
At the remote peer (at 192.168.1.33) the ISAKMP identity is set and the same preshared key is specified:
crypto isakmp identity address
crypto isakmp key sharedkeystring address 10.0.0.1
The command "crypto enrollment peer address" is not valid either.
The command "crypto ca identity ..." is only used to declare a trusted CA for the router and puts you in the caidentity configuration mode. Also it should be followed by a name, not an IP address. For example: "crypto ca identity CA-Server" -> Answer A is not correct.
The command "crypto enrollment peer address" is not valid either.
The command "crypto ca identity ..." is only used to declare a trusted CA for the router and puts you in the caidentity configuration mode. Also it should be followed by a name, not an IP address. For example: "crypto ca identity CA-Server" -> Answer A is not correct.
Only answer B is the best choice left.

Question 207

Which two key and block sizes are valid for AES? (Choose two.)

A.64-bit block size, 112-bit key length
B.64-bit block size, 168-bit key length
C.128-bit block size, 192-bit key length
D.128-bit block size, 256-bit key length
E.192-bit block size, 256-bit key length

Question 208

Which technology limits communication between nodes on the same network segment to individual applications?

A.serverless infrastructure
B.microsegmentation
C.SaaS deployment
D.machine-to-machine firewalling

Question 209

What does Cisco ISE use to collect endpoint attributes that are used in profiling?

A.probes
B.posture assessment
C.Cisco AnyConnect Secure Mobility Client
D.Cisco pxGrid

Question 210

For Cisco IOS PKI, which two types of Servers are used as a distribution point for CRLs? (Choose two)

A.SDP
B.LDAP
C.subordinate CA
D.SCP
E.HTTP

Question 206

Question 207

Question 208

Question 209

Question 210

Download PDF File