Cisco Updated 350-701 Exam Questions and Answers by cara

The debug crypto isakmp sa command shows the status of the Internet Security Association and Key Management Protocol (ISAKMP) security associations (SAs). The output of this command indicates that the ISAKMP negotiation failed after several retransmissions. The most likely cause of this failure is a mismatch in the authentication key between the two peers. The authentication key is specified by the crypto isakmp key command and must be the same on both routers. If the authentication key is different, the ISAKMP messages cannot be decrypted and verified by the peers, resulting in an error. To fix this problem, the network administrator should verify and correct the authentication key on both routers and clear the existing ISAKMP SAs with the clear crypto isakmp sa command. References: 1, 2, 3, 4

 Cisco Advanced Phishing Protection (AAP) is a solution that adds sophisticated machine learning capabilities to Cisco Email Security to block advanced identity deception attacks for inbound email by assessing its threat posture1. It also uses both global and local telemetry data combined with analytics and modeling to validate the reputation and authenticity of senders2. AAP provides sender authentication and BEC detection capabilities, and uses advanced machine learning techniques, real-time behavior analytics, relationship modeling and telemetry to protect against identity deception–based threats3.

In two ways, the Cisco Advanced Phishing Protection solution protects users:

It prevents use of compromised accounts and social engineering. AAP detects and blocks phishing emails that attempt to impersonate legitimate senders, such as executives, partners, or customers, and trick users into revealing sensitive information or transferring funds. AAP analyzes the sender’s identity, behavior, and relationship with the recipient, and assigns a risk score to the email. If the email is deemed suspicious or malicious, AAP can quarantine it, flag it, or deliver it with a warning4.

It automatically removes malicious emails from users’ inbox. AAP provides retrospective analysis and remediation capabilities, which means that it can identify and remove emails that were initially delivered but later found to be malicious. AAP leverages the Cisco Talos threat intelligence network and the Sensor-based solution to continuously monitor the threat landscape and update the email disposition accordingly. If an email is reclassified as malicious, AAP can automatically delete it from the users’ inbox, or notify the administrator or the user to take action45.

The other options are incorrect because they do not accurately describe the functions of AAP. AAP does not prevent all zero-day attacks coming from the Internet, as it focuses on phishing and identity deception attacks. AAP does not prevent trojan horse malware using sensors, as sensors are used to collect and analyze email data, not to block malware. AAP does not secure all passwords that are shared in video conferences, as it is not related to video conferencing security. Therefore, the correct answer is A and C. References:

Cisco’s Security Innovations to Protect the Endpoint and Email

Cisco Advanced Phishing Protection - Cisco Video Portal

Cisco Advanced Phishing Protection At A Glance - AVANTEC

User Guide for Cisco Advanced Phishing Protection

Cisco Secure Email Threat Defense - Cisco

Integrating the Email Gateway with Cisco Advanced Phishing Protection

 A flow monitor is a component of Flexible NetFlow that is used to store and export flow data. A flow monitor consists of a record, an optional exporter, and a cache. The cache is a section of memory that stores flow entries before they are exported to an external collector. The cache is created by the flow monitor when NetFlow is applied to an interface. The cache collects traffic based on the key and nonkey fields in the configured record. The key fields are used to identify a flow uniquely, while the nonkey fields are used to provide additional information about the flow. The cache can be configured with various parameters, such as the number of entries, the timeout values, and the type of cache. The cache can also be viewed and cleared using show and clear commands. References :=

Some possible references are:

Flexible Netflow Configuration Guide, Cisco IOS Release 15M&T

ASR9000/XR Netflow Architecture and overview

Cisco IOS Flexible NetFlow Command Reference - cache (Flexible NetFlow) through match flow

Cisco Advanced Malware Protection (AMP) for Web Security is a solution that provides protection against web-related threats before, during, and after an attack. One of the functions that AMP for Web Security includes is detailed analytics of the unknown file’s behavior. This means that AMP can continuously monitor and analyze the activity of files that cross the web gateway, even after they have been initially scanned and allowed. This allows AMP to detect and block any malicious behavior that may emerge later, and provide retrospective security alerts and remediation actions12. References: 1: Cisco Advanced Malware Protection for Web Security 2: Cisco Adds Advanced Malware Protection to Web and Email Security Appliances and Cloud Services