This page was exported from PassLeader New Cisco Exam Dumps - CCNA, CCNP, CCIE, DevNet, CCDE Certification Exam Dumps VCE and PDF and Braindumps and Practice Tests
[
https://www.ciscovceplus.com
]
Export date: Sun Mar 24 5:18:14 2024 / +0000 GMT
New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As) P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ QUESTION 61 A. Dynamic Access Policies with no additional options Answer: B QUESTION 62 A. brute-force attack Answer: B QUESTION 63 A. The global access list is matched first before the interface access lists. Answer: C QUESTION 64 A. PIM sparse mode Answer: ABD QUESTION 65 A. The redirect-fqdn command must be entered under the vpn load-balancing sub-configuration. Answer: ABC QUESTION 66 A. TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types. Answer: ACE QUESTION 67 A. monitor-interface http Answer: C QUESTION 68 A. policy-map type inspect ipv6 IPv6-map Answer: D QUESTION 69 A. class-map type inspect Answer: B QUESTION 70 A. static NAT Answer: ABD QUESTION 71 A. IPS-AIM Answer: B QUESTION 72 A. the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store Answer: BC QUESTION 73 A. Configure the Call Station ID Type to be: "IP Address". Answer: BE QUESTION 74 A. group policy name Answer: E QUESTION 75 A. a routing problem on R1 Answer: B QUESTION 76 A. Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription Answer: BC QUESTION 77 A. It protects against rogue RAs. Answer: ACDE QUESTION 78 A. should-secure Answer: A QUESTION 79 A. It is backward-compatible with versions 8 and 5. Answer: CDE QUESTION 80 A. It requires that IP protocol 8472 be opened to allow traffic through a firewall. Answer: BCD QUESTION 81 A. IKE ID_KEY_ID Answer: AB QUESTION 82 A. PIM-SM Answer: D QUESTION 83 A. To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID and VLAN type must all be specifically configured by the administrator. Answer: BDE QUESTION 84 A. one-time passwords Answer: C QUESTION 85 A. 192.168.23.0 Answer: D QUESTION 86 A. :::A:A:64:10 Answer: BC QUESTION 87 A. 6, 7, 11 Answer: A QUESTION 88 A. 8 bytes, and protocol number 74 Answer: B QUESTION 89 A. TKIP uses an advanced encryption scheme based on AES. Answer: CDF QUESTION 90 A. Five 32-bit variables are applied to the message to produce the 160-bit hash. Answer: AC New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As) P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ
What feature on the Cisco ASA is used to check for the presence of an up-to-date antivirus vendor on an AnyConnect client?
B. Dynamic Access Policies with Host Scan enabled
C. advanced endpoint assessment
D. LDAP attribute maps obtained from Antivirus vendor
What type of attack consists of injecting traffic that is marked with the DSCP value of EF into the network?
B. QoS marking attack
C. DHCP starvation attack
D. SYN flood attack
Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?
B. Both the interface and global access lists can be applied in the input or output direction.
C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface will apply the access list entry globally.
D. NAT control is enabled by default.
E. The static CLI command is used to configure static NAT translation rules.
Which three multicast features are supported on the Cisco ASA? (Choose three.)
B. IGMP forwarding
C. Auto-RP
D. NAT of multicast traffic
E. PMI dense mode
Which three configuration tasks are required for VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco ASA? (Choose three.)
B. Each ASA in the VPN cluster must be able to resolve the IP of all DNS hostnames that are used in the cluster.
C. The identification and CA certificates for the master FQDN hostname must be imported into each VPN cluster-member device.
D. The remote-access IP pools must be configured the same on each VPN cluster-member interface.
Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.)
B. IPv6 object nesting is supported.
C. Network objects support IPv4 and IPv6 addresses.
D. Objects are not supported in transparent mode.
E. Objects are supported in single- and multiple-context firewall modes.
Which command is used to replicate HTTP connections from the Active to the Standby Cisco ASA appliance in failover?
B. failover link fover replicate http
C. failover replication http
D. interface fover replicate http standby
E. No command is needed, as this is the default behavior
Refer to the exhibit.
policy-map type inspect ipv6 IPv6-map
match header routing-type range 0 255
drop
class-map outside-class
match any
policy-map outside-policy
class outside-class
inspect ipv6 IPv6-map
service-policy outside-policy interface outside
Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?
match ipv6 header
count > 3
B. policy-map outside-policy
class outside-class
inspect ipv6 header count gt 3
C. class-map outside-class
match ipv6 header count greater 3
D. policy-map type inspect ipv6 IPv6-map
match header count gt 3
drop
Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?
B. parameter-map type inspect
C. service-policy type inspect
D. policy-map type inspect tcp
E. inspect-map type tcp
Which three NAT types support bidirectional traffic initiation? (Choose three.)
B. NAT exemption
C. policy NAT with nat/global
D. static PAT
E. identity NAT
Which IPS module can be installed on the Cisco ASA 5520 appliance?
B. AIP-SSM
C. AIP-SSC
D. NME-IPS-K9
E. IDSM-2
Which two options best describe the authorization process as it relates to network access? (Choose two.)
B. the process of providing network access to the end user
C. applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user
D. the process of validating the provided credentials
If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)
B. Configure the Call Station ID Type to be: "System MAC Address".
C. Configure the Call Station ID Type to be: "MAC and IP Address".
D. Enable DHCP Proxy.
E. Disable DHCP Proxy.
Refer to the exhibit. To configure the Cisco ASA, what should you enter in the Name field, under the Group Authentication option for the IPSec VPN client?
B. crypto map name
C. isakmp policy name
D. crypto ipsec transform-set name
E. tunnel group name
Refer to the exhibit. On R1, encrypt counters are incrementing. On R2, packets are decrypted, but the encrypt counter is not being incremented. What is the most likely cause of this issue?
B. a routing problem on R2
C. incomplete IPsec SA establishment
D. crypto engine failure on R2
E. IPsec rekeying is occurring
Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)
B. Cisco ISR G2 Router with SECK9 and ScanSafe subscription
C. Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers
D. Cisco Web Security Appliance with ScanSafe subscription
Which four statements about SeND for IPv6 are correct? (Choose four.)
B. NDP exchanges are protected by IPsec SAs and provide for anti-replay.
C. It defines secure extensions for NDP.
D. It authorizes routers to advertise certain prefixes.
E. It provides a method for secure default router election on hosts.
F. Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange.
G. It is facilitated by the Certification Path Request and Certification Path Response ND messages.
What is the recommended network MACSec policy mode for high security deployments?
B. must-not-secure
C. must-secure
D. monitor-only
E. high-impact
Which three statements about NetFlow version 9 are correct? (Choose three.)
B. Version 9 is dependent on the underlying transport; only UDP is supported.
C. A version 9 export packet consists of a packet header and flow sets.
D. Generating and maintaining valid template flow sets requires additional processing.
E. NetFlow version 9 does not access the NetFlow cache entry directly.
Which three statements about VXLANs are true? (Choose three.)
B. Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
C. A VXLAN gateway maps VXLAN IDs to VLAN IDs.
D. IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
E. A VXLAN ID is a 32-bit value.
Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)
B. OU field in a certificate that is presented by a client
C. XAUTH username
D. hash of the OTP that is sent during XAUTH challenge/response
E. IKE ID_IPV4_ADDR
Which multicast routing mechanism is optimal to support many-to-many multicast applications?
B. MOSPF
C. DVMRP
D. BIDIR-PIM
E. MSDP
Which three statements regarding VLANs are true? (Choose three.)
B. A VLAN is a broadcast domain.
C. Each VLAN must have an SVI configured on the Cisco Catalyst switch for it to be operational.
D. The native VLAN is used for untagged traffic on an 802.1Q trunk.
E. VLANs can be connected across wide-area networks.
Which technology, configured on the Cisco ASA, allows Active Directory authentication credentials to be applied automatically to web forms that require authentication for clientless SSL connections?
B. certificate authentication
C. user credentials obtained during authentication
D. Kerberos authentication
In what subnet does address 192.168.23.197/27 reside?
B. 192.168.23.128
C. 192.168.23.160
D. 192.168.23.192
E. 192.168.23.196
Given the IPv4 address 10.10.100.16, which two addresses are valid IPv4-compatible IPv6 addresses? (Choose two.)
B. ::10:10:100:16
C. 0:0:0:0:0:10:10:100:16
D. 0:0:10:10:100:16:0:0:0
Refer to the exhibit. Which three fields of the IP header labeled can be used in a spoofing attack? (Choose one.)
B. 6, 11, 12
C. 3, 11, 12
D. 4, 7, 11
What is the size of a point-to-point GRE header, and what is the protocol number at the IP layer?
B. 4 bytes, and protocol number 47
C. 2 bytes, and protocol number 71
D. 24 bytes, and protocol number 1
E. 8 bytes, and protocol number 47
When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.)
B. TKIP provides authentication and integrity checking using CBC-MAC.
C. TKIP provides per-packet keying and a rekeying mechanism.
D. TKIP provides message integrity check.
E. TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset.
F. TKIP uses a 48-bit initialization vector.
Which two statements about SHA are correct? (Choose two.)
B. The message is split into 64-bit blocks for processing.
C. The message is split into 512-bit blocks for processing.
D. SHA-2 and MD5 both consist of four rounds of processing.
Post date: 2016-11-23 03:40:30
Post date GMT: 2016-11-23 03:40:30
Post modified date: 2016-11-23 03:40:30
Post modified date GMT: 2016-11-23 03:40:30
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com