Cisco Updated 350-701 Exam Questions and Answers by cian

To prevent rogue NTP servers from inserting themselves as the authoritative time source, the administrator needs to configure NTP authentication and specify the interface for syncing to the NTP server. NTP authentication allows the ASA to verify the identity and integrity of the NTP packets received from the server, using a shared secret key. Specifying the interface for syncing to the NTP server ensures that the ASA uses the correct source address for sending and receiving NTP packets, and avoids potential routing issues. The other options are not required or relevant for this task. Specifying the NTP version is optional and does not affect security. Configuring the NTP stratum is only applicable for NTP servers, not clients. The ASA can only act as an NTP client, not a server. Setting the NTP DNS hostname is not recommended, as it introduces a dependency on DNS resolution and may cause synchronization problems if the DNS server changes the IP address of the NTP server. References :=

Some possible references are:

• Configure NTP Authentication on Secure Network Analytics
• CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.6 - Basic Settings
• Cisco ASA NTP and Clock Configuration with Examples

Configuring the IEEE 802.1X Flexible Authentication feature to support Layer 3 authentication mechanisms involves adding MAC Authentication Bypass (MAB) into the switch configuration. This allows devices that do not support 802.1X to be authenticated using their MAC address. Once MAB identifies the device, it can then be redirected to a Layer 3 device for further authentication, thus providing a mechanism to support devices requiring Layer 3 authentication methods.

Patching helps to mitigate vulnerabilities by applying fixes or updates to software or firmware that have known security flaws. Vulnerabilities can be exploited by cybercriminals to compromise the confidentiality, integrity, or availability of the IT systems and data. Patching endpoints consistently reduces the risk of cyberattacks and data breaches by closing the gaps that attackers can use to gain unauthorized access or cause damage. Patching also improves the performance and functionality of the IT systems by addressing bugs or errors12.

Option B is the correct answer, as it explains the main benefit of patching endpoints consistently. Option A is incorrect, as patching does not necessarily reduce the attack surface of the infrastructure, which is the total number of possible entry points for an attacker. Patching only addresses the existing vulnerabilities in the software or firmware, but does not eliminate the attack surface itself. Option C is incorrect, as patching is not always required per the vendor contract, although some vendors may provide support or incentives for patching. Option D is incorrect, as patching does not allow for creating a honeypot, which is a decoy system that is intentionally left vulnerable to lure and trap attackers. References: Patch Management Overview, Challenges, and Recommendations. Patch Management Explained: Challenges, Best Practices & Steps.