New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)
P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ
QUESTION 151
Which three statements are true about PIM-SM operations? (Choose three.)
A. PIM-SM supports RP configuration using static RP, Auto-RP, or BSR.
B. PIM-SM uses a shared tree that is rooted at the multicast source.
C. Different RPs can be configured for different multicast groups to increase RP scalability.
D. Candidate RPs and RP mapping agents are configured to enable Auto-RP.
E. PIM-SM uses the implicit join model.
Answer: ACD
QUESTION 152
An IPv6 multicast receiver joins an IPv6 multicast group using which mechanism?
A. IGMPv3 report
B. IGMPv3 join
C. MLD report
D. general query
E. PIM join
Answer: C
QUESTION 153
Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?
A. !
ipv6 access-list test
deny ipv6 FF05::/16 any
deny ipv6 any FF05::/16
! output omitted
permit ipv6 any any
!
B. !
ipv6 access-list test
permit ipv6 any FF05::/16
! output omitted
deny ipv6 any any
!
C. !
ipv6 access-list test
deny ipv6 any any eq dns
deny ipv6 any any eq dhcp
! output omitted
permit ipv6 any any
!
D. !
ipv6 access-list test
deny ipv6 any 2000::/3
! output omitted
permit ipv6 any any
!
E. !
ipv6 access-list test
deny ipv6 any FE80::/10
! output omitted
permit ipv6 any any
!
Answer: A
QUESTION 154
Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.)
A. It prevents rogue APs from being wired into the network.
B. It provides encryption capability of data traffic between APs and controllers.
C. It prevents rogue clients from accessing the wired network.
D. It ensures that 802.1x requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place.
Answer: AD
QUESTION 155
Which option explains the passive scan technique that is used by wireless clients to discover available wireless networks?
A. listening for access point beacons that contain available wireless networks
B. sending a null probe request
C. sending a null association request
D. listening for access point probe response frames that contain available wireless networks
Answer: A
QUESTION 156
Which protocol can be used to encrypt traffic sent over a GRE tunnel?
A. SSL
B. SSH
C. IPsec
D. DH
E. TLS
Answer: C
QUESTION 157
Which three options are security measures that are defined for Mobile IPv6? (Choose three.)
A. IPsec SAs are used for binding updates and acknowledgements.
B. The use of IKEv1 or IKEv2 is mandatory for connections between the home agent and mobile node.
C. Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication.
D. Mobile IPv6 control messages are protected by SHA-2.
E. IPsec SAs are used to protect dynamic home agent address discovery.
F. IPsec SAs can be used to protect mobile prefix solicitations and advertisements.
Answer: ACF
QUESTION 158
Which three statements are true about DES? (Choose three.)
A. A 56-bit key is used to encrypt 56-bit blocks of plaintext.
B. A 56-bit key is used to encrypt 64-bit blocks of plaintext.
C. Each block of plaintext is processed through 16 rounds of identical operations.
D. Each block of plaintext is processed through 64 rounds of identical operations.
E. ECB, CBC, and CBF are modes of DES.
F. Each Block of plaintext is processed through 8 rounds of identical operations.
G. CTR, CBC, and OFB are modes of DES.
Answer: BCE
QUESTION 159
Which three statements are true about the SSH protocol? (Choose three.)
A. SSH protocol runs over TCP port 23.
B. SSH protocol provides for secure remote login and other secure network services over an insecure network.
C. Telnet is more secure than SSH for remote terminal access.
D. SSH protocol runs over UDP port 22.
E. SSH transport protocol provides for authentication, key exchange, confidentiality, and integrity.
F. SSH authentication protocol supports public key, password, host based, or none as authentication methods.
Answer: BEF
QUESTION 160
Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
A. Only SMTP inspection is provided on the Cisco ASA firewall.
B. A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server.
C. ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.
D. SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.
E. ESMTP servers can identify the maximum email size they can receive by using the SIZE command.
Answer: CE
QUESTION 161
How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?
A. It is included in the CIADDR field.
B. It is included as DHCP Option 50 in the OPTIONS field.
C. It is included in the YIADDR field.
D. It is the source IP address of the UDP/53 wrapper packet.
E. The client cannot request its last IP address; it is assigned automatically by the server.
Answer: B
QUESTION 162
Which two statements about an authoritative server in a DNS system are true? (Choose two.)
A. It indicates that it is authoritative for a name by setting the AA bit in responses.
B. It has a direct connection to one of the root name servers.
C. It has a ratio of exactly one authoritative name server per domain.
D. It cannot cache or respond to queries from domains outside its authority.
E. It has a ratio of at least one authoritative name server per domain.
Answer: AE
QUESTION 163
Refer to the exhibit. Which three statements are true? (Choose three.)
A. Because of a “root delay” of 0ms, this router is probably receiving its time directly from a Stratum 0 or 1 GPS reference clock.
B. This router has correctly synchronized its clock to its NTP master.
C. The NTP server is running authentication and should be trusted as a valid time source.
D. Specific local time zones have not been configured on this router.
E. This router will not act as an NTP server for requests from other devices.
Answer: BCE
QUESTION 164
Which three security features were introduced with the SNMPv3 protocol? (Choose three.)
A. Message integrity, which ensures that a packet has not been tampered with in-transit
B. DoS prevention, which ensures that the device cannot be impacted by SNMP buffer overflow
C. Authentication, which ensures that the message is from a valid source
D. Authorization, which allows access to certain data sections for certain authorized users
E. Digital certificates, which ensure nonrepudiation of authentications
F. Encryption of the packet to prevent it from being seen by an unauthorized source
Answer: ACF
QUESTION 165
Which common Microsoft protocol allows Microsoft machine administration and operates over TCP port 3389?
A. remote desktop protocol
B. desktop mirroring
C. desktop shadowing
D. Tarantella remote desktop
Answer: A
QUESTION 166
To prevent a potential attack on a Cisco IOS router with the echo service enabled, what action should you take?
A. Disable the service with the no ip echo command.
B. Disable the service with the no echo command.
C. Disable tcp-small-servers.
D. Disable this service with a global access-list.
Answer: C
QUESTION 167
Which query type is required for an nslookup on an IPv6 addressed host?
A. type=AAAA
B. type=ANY
C. type=PTR
D. type=NAME-IPV6
Answer: A
QUESTION 168
Which three features describe DTLS protocol? (Choose three.)
A. DTLS handshake does not support reordering or manage loss packets.
B. DTLS provides enhanced security, as compared to TLS.
C. DTLS provides block cipher encryption and decryption services.
D. DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery.
E. DTLS is used by application layer protocols that use UDP as a transport mechanism.
F. DTLS does not support replay detection.
Answer: CDE
QUESTION 169
Which statement regarding TFTP is not true?
A. Communication is initiated over UDP port 69.
B. Files are transferred using a secondary data channel.
C. Data is transferred using fixed-size blocks.
D. TFTP authentication information is sent in clear text.
E. TFTP is often utilized by operating system boot loader procedures.
F. The TFTP protocol is implemented by a wide variety of operating systems and network devices.
Answer: D
QUESTION 170
User A at Company A is trying to transfer files to Company B, using FTP. User A can connect to the FTP server at Company B correctly, but User A cannot get a directory listing or upload files. The session hangs. What are two possible causes for this problem? (Choose two.)
A. Active FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B.
B. Passive FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B.
C. At Company A, active FTP is being used with a non-application aware firewall applying NAT to the source address of User A only.
D. The FTP server administrator at Company B has disallowed User A from accessing files on that server.
E. Passive FTP is being used, and the firewall at Company B is not allowing connections through to port 20 on the FTP server.
Answer: AC
QUESTION 171
Which three new capabilities were added to HTTP v1.1 over HTTP v1.0? (Choose three.)
A. chunked transfer encoding
B. HTTP pipelining
C. POST method
D. HTTP cookies
E. keepalive mechanism
Answer: ABE
QUESTION 172
Which three Cisco security product features assist in preventing TCP-based man-in-the-middle attacks? (Choose three.)
A. Cisco ASA TCP initial sequence number randomization
B. Cisco ASA TCP sliding-window conformance validation
C. Cisco IPS TCP stream reassembly
D. Cisco IOS TCP maximum segment size adjustment
Answer: ABC
QUESTION 173
Which would be the best method to deploy on a Cisco ASA to detect and prevent viruses and worms?
A. deep packet inspection
B. content security via the Control Security Services Module
C. Unicast Reverse Path Forwarding
D. IP audit signatures
Answer: B
QUESTION 174
Which four IPv6 messages should be allowed to transit a transparent firewall? (Choose four.)
A. router solicitation with hop limit = 1
B. router advertisement with hop limit = 1
C. neighbor solicitation with hop limit = 255
D. neighbor advertisement with hop limit = 255
E. listener query with link-local source address
F. listener report with link-local source address
Answer: CDEF
QUESTION 175
Refer to the exhibit of an ISAKMP debug. Which message of the exchange is failing?
A. main mode 1
B. main mode 3
C. aggressive mode 1
D. main mode 5
E. aggressive mode 2
Answer: B
QUESTION 176
Which Cisco IPS appliance feature can automatically adjust the risk rating of IPS events based on the reputation of the attacker?
A. botnet traffic filter
B. event action rules
C. anomaly detection
D. reputation filtering
E. global correlation inspection
Answer: E
QUESTION 177
If an administrator is unable to connect to a Cisco ASA adaptive security appliance via Cisco ASDM, all of these would be useful for the administrator to check except which one?
A. The HTTP server is enabled.
B. The administrator IP is permitted in the interface ACL.
C. The administrator IP is permitted in the HTTP statement.
D. The ASDM file resides on flash memory.
E. The asdm image command exists in the configuration.
Answer: B
QUESTION 178
A Cisco ASA adaptive security appliance configured in multiple context mode supports which three of these features? (Choose three.)
A. VPN
B. NAT
C. IPv6 traffic filtering
D. multicast
E. failover
Answer: BCE
QUESTION 179
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?
A. ASA syn protection
B. ASA ICMP application inspection
C. CSA quarantine lists
D. IPS syn attack signatures
E. Cisco Guard
Answer: C
QUESTION 180
Which three statements regarding Cisco ASA multicast routing support are correct? (Choose three.)
A. The ASA supports both PIM-SM and bi-directional PIM.
B. When configured for stub multicast routing, the ASA can act as the Rendezvous Point (RP).
C. The ASA can be configured for IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring the multicast traffic to be forwarded only those interfaces associated with hosts requesting the multicast group.
D. Enabling multicast routing globally on the ASA automatically enables PIM and IGMP on all interfaces.
E. ASA supports both stub multicast routing and PIM multicast routing. However, you cannot configure both concurrently on a single security appliance.
F. If the ASA detects IGMP version 1 routers, the ASA will automatically switch to IGMP version 1 operations.
Answer: ADE
New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)
P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ