New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)
P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ
QUESTION 121
Which type of VPN is based on the concept of trusted group members using the GDOI key management protocol?
A. DMVPN
B. SSLVPN
C. GETVPN
D. EzVPN
E. MPLS VPN
F. FlexVPN
Answer: C
QUESTION 122
Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall to allow PMTUD?
A. ICMPv6 Type 1, Code 0, no route to host
B. ICMPv6 Type 1, Code 1, communication with destination administratively prohibited
C. ICMPv6 Type 2, Code 0, packet too big
D. ICMPv6 Type 3, Code 1, fragment reassembly time exceeded
E. ICMPv6 Type 128, Code 0, echo request
F. ICMPv6 Type 129, Code 0, echo reply
Answer: C
QUESTION 123
A firewall rule that filters on the protocol field of an IP packet is acting on which layer of the OSI reference model?
A. network layer
B. application layer
C. transport layer
D. session layer
Answer: A
QUESTION 124
Which layer of the OSI model is referenced when utilizing http inspection on the Cisco ASA to filter Instant Messaging or Peer to Peer networks with the Modular Policy Framework?
A. application layer
B. presentation layer
C. network layer
D. transport layer
Answer: A
QUESTION 125
When a Cisco IOS Router receives a TCP packet with a TTL value less than or equal to 1, what will it do?
A. Route the packet normally
B. Drop the packet and reply with an ICMP Type 3, Code 1 (Destination Unreachable, Host Unreachable)
C. Drop the packet and reply with an ICMP Type 11, Code 0 (Time Exceeded, Hop Count Exceeded)
D. Drop the packet and reply with an ICMP Type 14, Code 0 (Timestamp Reply)
Answer: C
QUESTION 126
In an 802.11 WLAN, which option is the Layer 2 identifier of a basic service set, and also is typically the MAC address of the radio of the access point?
A. BSSID
B. SSID
C. VBSSID
D. MBSSID
Answer: A
QUESTION 127
What term describes an access point which is detected by your wireless network, but is not a trusted or managed access point?
A. rogue
B. unclassified
C. interferer
D. malicious
Answer: A
QUESTION 128
A router has four interfaces addressed as 10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, and 10.1.4.1/24. What is the smallest summary route that can be advertised covering these four subnets?
A. 10.1.2.0/22
B. 10.1.0.0/22
C. 10.1.0.0/21
D. 10.1.0.0/16
Answer: C
QUESTION 129
Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.)
A. static NAT
B. dynamic NAT
C. dynamic NAT with overloading
D. PAT
E. VAT
Answer: CD
QUESTION 130
Which authentication mechanism is available to OSPFv3?
A. simple passwords
B. MD5
C. null
D. IKEv2
E. IPsec AH/ESP
Answer: E
QUESTION 131
The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.
A. policy-map type inspect ipv6 IPv6_PMAP
match header routing-type eq 0
drop log
B. policy-map type inspect icmpv6 ICMPv6_PMAP
match header routing-type eq 0
drop log
C. policy-map type inspect ipv6-header HEADER_PMAP
match header routing-type eq 0
drop log
D. policy-map type inspect http HEADER_PMAP
match routing-header 0
drop log
E. policy-map type inspect ipv6 IPv6_PMAP
match header type 0
drop log
F. policy-map type inspect ipv6-header HEADER_PMAP
match header type 0
drop log
Answer: A
QUESTION 132
Refer to the exhibit. With the client protected by the firewall, an HTTP connection from the client to the server on TCP port 80 will be subject to which action?
A. inspection action by the HTTP_CMAP
B. inspection action by the TCP_CMAP
C. drop action by the default class
D. inspection action by both the HTTP_CMAP and TCP_CMAP
E. pass action by the HTTP_CMAP
F. drop action due to class-map misclassification
Answer: B
QUESTION 133
Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)
A. manually configured
B. automatic 6to4
C. ISATAP
D. GRE
Answer: AD
QUESTION 134
Refer to the exhibit. Which route will be advertised by the Cisco ASA to its OSPF neighbors?
A. 10.39.23.0/24
B. 10.40.29.0/24
C. 10.66.42.215/32
D. 10.40.29.0/24
Answer: A
QUESTION 135
Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)
A. range of IP addresses
B. subnet of IP addresses
C. destination IP NAT translation
D. source IP NAT translation
E. source and destination FQDNs
F. port and protocol ranges
Answer: ABD
QUESTION 136
Regarding VSAs, which statement is true?
A. VSAs may be implemented on any RADIUS server.
B. VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor.
For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.
C. VSAs do not apply to RADIUS; they are a TACACS attribute.
D. Each VSA is defined in an RFC and is considered to be a standard.
Answer: A
QUESTION 137
Refer to the exhibit. Which statement best describes the problem?
A. Context vpn1 is not inservice.
B. There is no gateway that is configured under context vpn1.
C. The config has not been properly updated for context vpn1.
D. The gateway that is configured under context vpn1 is not inservice.
Answer: A
QUESTION 138
Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)
A. Microsoft Windows registry keys
B. the existence of specific processes in memory
C. the UUID of an Apple iPad or iPhone
D. if a service is started on a Windows host
E. the HTTP User-Agent string of a device
F. if an Apple iPad or iPhone has been “jail-broken”
G. if an antivirus application is installed on an Apple MacBook
Answer: ABDG
QUESTION 139
Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)
A. The firewall is not a routed hop.
B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces.
C. Static routes are supported.
D. PAT and NAT are not supported.
E. Only one global address per device is supported for management.
F. SSL VPN is supported for management.
Answer: ABC
QUESTION 140
Which three statements about Cisco IOS RRI are correct? (Choose three.)
A. RRI is not supported with ipsec-profiles.
B. Routes are created from ACL entries when they are applied to a static crypto map.
C. Routes are created from source proxy IDs by the receiver with dynamic crypto maps.
D. VRF-based routes are supported.
E. RRI must be configured with DMVPN.
Answer: BCD
QUESTION 141
Which of the following describes the DHCP “starvation” attack?
A. Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.
B. Saturate the network with DHCP requests to prevent other network services from working.
C. Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names.
D. Send DHCP response packets for the purpose of overloading CAM tables.
Answer: A
QUESTION 142
Which Cisco technology protects against Spanning Tree Protocol manipulation?
A. spanning-tree protection
B. root guard and BPDU guard
C. Unicast Reverse Path Forwarding
D. MAC spoof guard
E. port security
Answer: B
QUESTION 143
Refer to the exhibit. Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)
A. The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.
B. Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.
C. Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.
D. Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.
E. Interface FastEthernet 5/1 is the community port.
F. Interface FastEthernet 5/4 is the isolated port.
Answer: BC
QUESTION 144
Which three configuration components are required to implement QoS policies on Cisco routers using MQC? (Choose three.)
A. class-map
B. global-policy
C. policy-map
D. service-policy
E. inspect-map
Answer: ACD
QUESTION 145
Which type of PVLAN ports can communicate among themselves and with the promiscuous port?
A. isolated
B. community
C. primary
D. secondary
E. protected
Answer: B
QUESTION 146
Which statement is true about the Cisco NEAT 802.1X feature?
A. The multidomain authentication feature is not supported on the authenticator switch interface.
B. It allows a Cisco Catalyst switch to act as a supplicant to another Cisco Catalyst authenticator switch.
C. The supplicant switch uses CDP to send MAC address information of the connected host to the authenticator switch.
D. It supports redundant links between the supplicant switch and the authenticator switch.
Answer: B
QUESTION 147
Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?
A. PKI
B. TACACS+
C. multi-auth host mode
D. port security
E. 802.1x
Answer: E
QUESTION 148
Which option correctly describes the security enhancement added for OSPFv3?
A. The AuType field in OSPFv3 now supports the more secure SHA-1 and SHA-2 algorithms in addition to MD5.
B. The AuType field is removed from the OSPFv3 header since simple password authentication is no longer an option.
C. The Authentication field in OSPFv3 is increased from 64 bits to 128 bits to accommodate more secure authentication algorithms.
D. Both the AuType and Authentication fields are removed from the OSPF header in OSPFv3, since now it relies on the IPv6 Authentication Header (AH) and IPv6 Encapsulating Security Payload (ESP) to provide integrity, authentication, and/or confidentiality.
E. The Authentication field is removed from the OSPF header in OSPFv3, because OSPFv3 must only run inside of an authenticated IPSec tunnel.
Answer: D
QUESTION 149
Which IPv6 tunnel type is a standard that is defined in RFC 4214?
A. ISATAP
B. 6to4
C. GREv6
D. manually configured
Answer: A
QUESTION 150
What IP protocol number is used in the protocol field of an IPv4 header, when IPv4 is used to tunnel IPv6 packets?
A. 6
B. 27
C. 41
D. 47
E. 51
Answer: C
New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)
P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ
