350-701 Leak Questions

Explanation

Explanation

To let FMC manages FTD, first we need to add manager from the FTD and assign a register key of your

choice. The command configure manager add 1.1.1.2 the_registration_key_you_want, where 1.1.1.2 is the IP

address of the FMC, you need to use the same registration key in FMC when adding this FTD as a managed

device.

 Installing the Cisco Umbrella root CA onto the user’s device is the action that accomplishes the goal of inspecting traffic without alerting end-users. This is because the root CA allows the user’s device to trust the certificates issued by the Cisco Umbrella intelligent proxy, which acts as a man-in-the-middle for SSL sites on Umbrella’s grey list. Without the root CA, the user’s browser would raise errors when accessing those sites, as it would detect an untrusted certificate. By installing the root CA, the user’s browser would accept the certificate and allow the traffic to be proxied and inspected by the intelligent proxy. References:

Enable SSL Decryption - Umbrella User Guide

SSL Decryption in the Intelligent Proxy – Cisco Umbrella

Cisco Umbrella Intelligent Proxy and SSL Decryption

Intelligent Proxy and SSL Decryption with Cisco Umbrella

An active/active FlexVPN configuration allows for multiple routers or VRFs to act as hubs for different VPN groups, providing load balancing and redundancy1. This is useful when the VPN deployment has a large number of spokes or different security policies for different groups of spokes. DMVPN, on the other hand, only supports a single hub or a pair of hubs in active/standby mode for each VPN group2. This limits the scalability and flexibility of DMVPN deployments. Therefore, an engineer would opt for an active/active FlexVPN configuration as opposed to DMVPN when multiple routers or VRFs are required. References :=

Cisco FlexVPN: Benefits and Best Practices

Cisco DMVPN Design Guide

 The dot1x system-auth-control command enables 802.1X globally on a Cisco switch. This command allows the switch to act as an authenticator for 802.1X clients connected to the switch ports. The switch will then communicate with a RADIUS server to authenticate the clients and grant or deny access to the network. The other commands are not related to enabling 802.1X globally. The dot1x pae authenticator command enables 802.1X authentication on a specific interface. The authentication port-control aut command enables automatic port-based authentication on an interface. The aaa new-model command enables the AAA framework for authentication, authorization, and accounting. References :=