Cisco Updated 350-701 Exam Questions and Answers by kenzo

An active/active FlexVPN configuration allows for multiple routers or VRFs to act as hubs for different VPN groups, providing load balancing and redundancy1. This is useful when the VPN deployment has a large number of spokes or different security policies for different groups of spokes. DMVPN, on the other hand, only supports a single hub or a pair of hubs in active/standby mode for each VPN group2. This limits the scalability and flexibility of DMVPN deployments. Therefore, an engineer would opt for an active/active FlexVPN configuration as opposed to DMVPN when multiple routers or VRFs are required. References :=

Cisco FlexVPN: Benefits and Best Practices

Cisco DMVPN Design Guide

Explanation

Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security

Broker (CASB) and cloud cybersecurity platform.

A NetFlow version 9 template record is a record that contains information about the fields that will be present in the data records that follow the template. A template record consists of a template ID, a field count, and a list of field types and lengths. A template record is sent periodically by the NetFlow exporter to the NetFlow collector, so that the collector can parse and interpret the data records correctly. A template record can also be requested by the collector using an options template record. The purpose of a template record is to define the format of data records, which contain the actual information about the IP flows1234.

A. It specifies the data format of NetFlow processes. - This is incorrect, because a template record does not specify the data format of NetFlow processes, but rather the data format of data records. NetFlow processes are the functions that perform flow creation, aggregation, export, and analysis on the NetFlow device or the collector. B. It provides a standardized set of information about an IP flow. - This is incorrect, because a template record does not provide any information about an IP flow, but rather the information about the fields that will be present in the data records. The data records are the ones that provide the information about an IP flow, such as source and destination IP addresses, ports, protocols, bytes, packets, timestamps, and so on. C. It defines the format of data records. - This is correct, because a template record defines the format of data records by specifying the field types and lengths that will be present in the data records. A template record allows the NetFlow collector to parse and interpret the data records correctly, and also enables the NetFlow exporter to use different formats for different types of flows. D. It serves as a unique identification number to distinguish individual data records. - This is incorrect, because a template record does not serve as a unique identification number, but rather as a description of the fields. A template record has a template ID, which is a 16-bit value that identifies the template record uniquely within an export packet, but this ID is not used to distinguish individual data records. The data records are distinguished by their position within the export packet and their association with a template record.

References := 1: NetFlow Version 9 Flow-Record Format [IP Application Services] - Cisco … 2: NetFlow V9 formats - IBM 3: Netflow :: Version 9 - Caligare 4: NetFlow Versions > NetFlow for Cybersecurity | Cisco Press

Explanation

Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash,

destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.

A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered,

and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented

Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before

transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.