Cisco 350-401 exam revealed answer (P. 27)

Question 261

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

A. SSL

B. Cisco TrustSec

C. MACsec

D. IPsec

Question 262

An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for WebPolicy.Which device presents the web authentication for the WLAN?

A. ISE server

B. RADIUS server

C. anchor WLC

D. local WLC

Question 263

Which method does the enable secret password option use to encrypt device passwords?

A. MD5

B. PAP

C. CHAP

D. AES

Question 264

On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

A. VXLAN

B. LISP

C. Cisco TrustSec

D. IS-IS

Question 265

What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?

A. The enable secret password is protected via stronger cryptography mechanisms.

B. The enable password cannot be decrypted.

C. The enable password is encrypted with a stronger encryption method.

D. There is no difference and both passwords are encrypted identically.

Question 266

Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444

B. permit tcp any any range 22 443 deny tcp any any eq 80

C. permit tcp any any eq 80 Most Voted

D. deny tcp any any eq 80 permit tcp any any range 22 443 Most Voted

Question 267

A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+What is the process of password checks when a login attempt is made to the device?

A. A TACACS+ server is checked first. If that check fails, a local database is checked.

B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.

C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.

D. A local database is checked first. If that check fails, a TACACS+ server is checked.

Question 268

Refer to the exhibit.Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

Image 350-401_268Q.jpg related to the Cisco 350-401 Exam

A. the controller management interface

B. the controller virtual interface

C. the interface specified on the WLAN configuration Most Voted

D. any interface configured on the WLC

Question 269

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?

A. Cisco Firepower and FireSIGHT

B. Cisco Stealthwatch system

C. Advanced Malware Protection

D. Cisco Web Security Appliance

Question 270

An engineer must protect their company against ransomware attacks.Which solution allows the engineer to block the execution stage and prevent file encryption?

A. Use Cisco Firepower and block traffic to TOR networks.

B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.

Win IT Exam with Last Dumps 2023

Cisco 350-401 Exam

Page 27/64

Viewing Questions 261 270 out of 638 Questions

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

A. SSL

B. Cisco TrustSec

C. MACsec

D. IPsec

An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for WebPolicy.Which device presents the web authentication for the WLAN?

A. ISE server

B. RADIUS server

C. anchor WLC

D. local WLC

Which method does the enable secret password option use to encrypt device passwords?

A. MD5

B. PAP

C. CHAP

D. AES

On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

A. VXLAN

B. LISP

C. Cisco TrustSec

D. IS-IS

What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?

A. The enable secret password is protected via stronger cryptography mechanisms.

B. The enable password cannot be decrypted.

C. The enable password is encrypted with a stronger encryption method.

D. There is no difference and both passwords are encrypted identically.

Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444

B. permit tcp any any range 22 443 deny tcp any any eq 80

C. permit tcp any any eq 80 Most Voted

D. deny tcp any any eq 80 permit tcp any any range 22 443 Most Voted

A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+What is the process of password checks when a login attempt is made to the device?

A. A TACACS+ server is checked first. If that check fails, a local database is checked.

B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.

C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.

D. A local database is checked first. If that check fails, a TACACS+ server is checked.

Refer to the exhibit.Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

A. the controller management interface

B. the controller virtual interface

C. the interface specified on the WLAN configuration Most Voted

D. any interface configured on the WLC

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?

A. Cisco Firepower and FireSIGHT

B. Cisco Stealthwatch system

C. Advanced Malware Protection

D. Cisco Web Security Appliance

An engineer must protect their company against ransomware attacks.Which solution allows the engineer to block the execution stage and prevent file encryption?

A. Use Cisco Firepower and block traffic to TOR networks.

B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.