Cisco
350-701 · Question #553
350-701 Question #553: Real Exam Question with Answer & Explanation
The correct answer is B. crypto isakmp identity hostname E. ip name-server <DNS Server IP Address>. https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios- xml/ios/ipaddr_dns/configuration/15-mt/dns-15-mt-book/dns-dyn-dns-supp-ios.html.xml
Submitted by wei.xz· Mar 30, 2026
Question
During a recent security audit, a Cisco IOS router with a working IPSEC configuration using IKEv1 was flagged for using a wildcard mask with the crypto isakmp key command. The VPN peer is a SOHO router with a dynamically assigned IP address. Dynamic DNS has been configured on the SOHO router to map the dynamic IP address to the host name of vpn.sohoroutercompany.com. In addition to the command crypto isakmp key Cisc123456789 hostname vpn.sohoroutercompany.com, what other two commands are now required on the Cisco IOS router far the VPN to continue to function after the wildcard command is removed? (Choose two.)
Options
- Aip host vpn.sohoroutercompany.com <VPN Peer IP Address>
- Bcrypto isakmp identity hostname
- CAdd the dynamic keyword to the existing crypto map command
- Dfqdn vpn.sohoroutercompany.com <VPN Peer IP Address>
- Eip name-server <DNS Server IP Address>
Explanation
https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios- xml/ios/ipaddr_dns/configuration/15-mt/dns-15-mt-book/dns-dyn-dns-supp-ios.html.xml
Topics
#IKEv1 configuration#Dynamic VPN peers#VPN hostname identity#Cisco IOS DNS client
Community Discussion
No community discussion yet for this question.