Free Cisco 350-701 Actual Exam Questions - Question 15 Discussion
DRAG DROP [Network Security] Drag and drop the cryptographic algorithms for IPsec from the left onto the cryptographic processes on the right. 
AES is definitely the encryption pick, so that’s a safe drag.
I think AES fits encryption best, so drop it there for sure.
Also worth noting that DES is outdated and less secure, so it’s better suited as a legacy integrity option rather than encryption in modern contexts. That helps narrow the placements.
I agree with placing AES and 3DES under encryption since they’re block ciphers designed to secure data confidentiality. For the integrity side, SHA and MD5 are the hashing algorithms that ensure data hasn’t been tampered with, so they fit perfectly. Another way to look at it: eliminate anything that’s not symmetric key encryption from encryption options — that rules out hash functions immediately, making the match clearer. This question really tests knowing the basic roles of these algorithms in IPsec rather than deeper protocol specifics.
I put AES and 3DES under encryption since those are known for confidentiality, while SHA and MD5 fit better with integrity because they handle hashing. That split seemed pretty straightforward to me.
For the IPsec question, I matched the algorithms based on their main roles: encryption vs. integrity. AES and 3DES go under encryption since they handle confidentiality, while SHA and MD5 fit with integrity as they provide message authentication and hashing. It’s about remembering which are symmetric ciphers and which are hashing functions. That helped me separate the pairs correctly without overthinking the details.
It’s B since stratum 16 means the server itself isn’t synced properly.
B/C? The server showing stratum 16 usually means it’s unreachable or not synced, but they say IP reachability is fine. Could be a missing ACL on UDP port 123 blocking traffic despite reachability.