web analytics

Free PassLeader 350-018 Exam Dumps with VCE and PDF Download (Question 181 – Question 210)

New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)

P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ

QUESTION 181
Whenever a failover takes place on the ASA running in failover mode, all active connections are dropped and clients must re-establish their connections unless?

A.    the ASA is configured for Active-Active failover
B.    the ASA is configured for LAN-Based failover
C.    the ASA is configured to use a serial cable as the failover link
D.    the ASA is configured for Active-Standby failover and a state failover link has been configured
E.    the ASA is configured for Active-Active failover and a state failover link has been configured
F.    the ASA is configured for Active-Standby failover

Answer: DE

QUESTION 182
You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?

A.    ipv6 port-map port telnet 223
B.    ipv6 port-map port telnet 23223
C.    ipv6 port-map telnet port 23233
D.    ipv6 port-map telnet port 223

Answer: D

QUESTION 183
Which statement in reference to IPv6 multicast is true?

A.    PIM dense mode is not part of IPv6 multicast.
B.    The first 12 bits of an IPv6 multicast address are always FF.
C.    IPv6 multicast uses Multicast Listener Discovery (MLD).
D.    IPv6 multicast requires Multicast Source Discovery Protocol (MSDP).

Answer: C

QUESTION 184
What does qos pre-classify provides in regard to implementing QoS over GRE/IPSec VPN tunnels?

A.    enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption, based on fields in the inner IP header.
B.    enables IOS to classify packets based on the ToS field in the inner (original) IP header.
C.    enables IOS to classify packets based on the ToS field in the outer tunnel IP header.
D.    enables IOS to copy the ToS field from the inner (original) IP header to the outer tunel IP header.
E.    enables the IOS classification engine to only see a single encrypted and tunneled flow to reduce classification complexity.

Answer: A

QUESTION 185
Which IOS QoS mechanism is used strictly to rate limit traffic destined to the router itself?

A.    Single-Rate Policier.
B.    Control Plane Policing
C.    Dual-Rate Policier
D.    Class-Based Policing

Answer: B

QUESTION 186
Which of the following statements are true regarding hashing? (Choose Two)

A.    SHA-256 is an extension to SHA-1 with a longer output
B.    SHA-1 is stronger than MD5 because it can be used with a key to prevent modification
C.    MD5 takes more CPU cycles to compute than SHA-1
D.    MD5 produces a 160-bit result
E.    Changing 1 bit of the input to SHA-1 changes 1 bit of the output

Answer: AB

QUESTION 187
After a client discovers a supportable wireless network, what is the correct sequence of operations that the client will take to join it?

A.    association, then authentication
B.    authentication, then association
C.    probe request, then association
D.    authentication, then authorization

Answer: B

QUESTION 188
Which authentication scheme, that is supported on the Cisco ASA, generates a unique key that is used in a single password challenge?

A.    one-time passwords
B.    disposable certificates
C.    password management
D.    Capcha web text

Answer: A

QUESTION 189
Which label is advertised by an LSR to inform neighboring LSRs to perform the penultimate hop popping operation?

A.    0x00
B.    php
C.    swap
D.    push
E.    imp-null

Answer: E

QUESTION 190
When the RSA algorithm is used for signing a message from Alice to Bob, which statement best describes that operation?

A.    Alice signs the message with her private key, and Bob verifies that signature with Alice’s public key.
B.    Alice signs the message with her public key, and Bob verifies that signature with Alice’s private key.
C.    Alice signs the message with Bob’s private key, and Bob verifies that signature with his public key.
D.    Alice signs the message with Bob’s public key, and Bob verifies that signature with his private key.
E.    Alice signs the message with her public key, and Bob verifies that signature with his private key.
F.    Alice signs the message with her private key, and Bob verifies that signature with his public key.

Answer: A

QUESTION 191
Which three statements about triple DES are true? (Choose three.)

A.    For 3DES, ANSI X9.52 describes three options for the selection of the keys in a bundle, where all keys are independent.
B.    A 3DES key bundle is 192 bits long.
C.    A 3DES keyspace is168 bits.
D.    CBC, 64-bit CFB, OFB, and CTR are modes of 3DES.
E.    3DES involves encrypting a 64-bit block of plaintext with the 3 keys of the key bundle.

Answer: BCD

QUESTION 192
Which three options correctly describe the AH protocol? (Choose three.)

A.    The AH protocol encrypts the entire IP and upper layer protocols for security.
B.    The AH protocol provides connectionless integrity and data origin authentication.
C.    The AH protocol provides protection against replay attacks.
D.    The AH protocol supports tunnel mode only.
E.    The AH protocol uses IP protocol 51.
F.    The AH protocol supports IPv4 only.

Answer: BCE

QUESTION 193
Which three features are supported with ESP? (Choose three.)

A.    ESP uses IP protocol 50.
B.    ESP supports Layer 4 and above encryption only.
C.    ESP provides confidentiality, data origin authentication, connectionless integrity, and antireplay service.
D.    ESP supports tunnel or transport modes.
E.    ESP has less overhead and is faster than the AH protocol.
F.    ESP provides confidentiality, data origin authentication, connection-oriented integrity, and antireplay service.

Answer: ACD

QUESTION 194
Which three statements are true about TLS? (Choose three.)

A.    TLS protocol uses a MAC to protect the message integrity.
B.    TLS data encryption is provided by the use of asymmetric cryptography.
C.    The identity of a TLS peer can be authenticated using public key or asymmetric cryptography.
D.    TLS protocol is originally based on the SSL 3.0 protocol specification.
E.    TLS provides support for confidentiality, authentication, and nonrepudiation.

Answer: ACD

QUESTION 195
Which three RADIUS protocol statements are true? (Choose three.)

A.    RADIUS protocol runs over TCP 1645 and 1646.
B.    Network Access Server operates as a server for RADIUS.
C.    RADIUS packet types for authentication include Access-Request, Access-Challenge, Access- Accept, and Access-Reject.
D.    RADIUS protocol runs over UDP 1812 and 1813.
E.    RADIUS packet types for authentication include Access-Request, Access-Challenge, Access- Permit, and Access-Denied.
F.    RADIUS supports PPP, PAP, and CHAP as authentication methods.

Answer: CDF

QUESTION 196
Which three statements about OCSP are correct? (Choose three.)

A.    OCSP is defined in RFC2560.
B.    OCSP uses only http as a transport.
C.    OCSP responders can use RSA and DSA signatures to validate that responses are from trusted entities.
D.    A response indicator may be good, revoked, or unknown.
E.    OCSP is an updated version SCEP.

Answer: ACD

QUESTION 197
Which three statements describe the security weaknesses of WEP? (Choose three.)

A.    Key strength is weak and non-standardized.
B.    The WEP ICV algorithm is not optimal for cryptographic integrity checking.
C.    There is no key distribution mechanism.
D.    Its key rotation mechanism is too predictable.
E.    For integrity, it uses MD5, which has known weaknesses.

Answer: ABC

QUESTION 198
In HTTPS session establishment, what does the server hello message inform the client?

A.    that the server will accept only HTTPS traffic
B.    which versions of SSL/TLS the server will accept
C.    which ciphersuites the client may choose from
D.    which ciphersuite the server has chosen to use
E.    the PreMaster secret to use in generating keys

Answer: D

QUESTION 199
Refer to the exhibit. Which statement regarding the output is true?
passleader-350-018-dumps-1991

A.    Every 1800 seconds the secondary name server will query the SOA record of the primary name server for updates.
B.    If the secondary name server has an SOA record with the serial number of 10973815, it will initiate a zone transfer on the next cycle.
C.    Other DNS servers will cache records from this domain for 864000 seconds (10 days) before requesting them again.
D.    Email queries concerning this domain should be sent to “admin@postmaster.cisco.com”.
E.    Both primary and secondary name servers will clear (refresh) their caches every 7200 seconds to ensure that up-to-date information is always in use.

Answer: B

QUESTION 200
DHCPv6 is used in which IPv6 address autoconfiguration method?

A.    stateful autoconfiguration
B.    stateless autoconfiguration
C.    EUI-64 address generation
D.    cryptographically generated addresses

Answer: A

QUESTION 201
Which two options represent definitions that are found in the syslog protocol (RFC 5426)? (Choose two.)

A.    Syslog message transport is reliable.
B.    Each syslog datagram must contain only one message.
C.    IPv6 syslog receivers must be able to receive datagrams of up to 1180 bytes.
D.    Syslog messages must be prioritized with an IP precedence of 7.
E.    Syslog servers must use NTP for the accurate time stamping of message arrival.

Answer: BC

QUESTION 202
According to RFC-5426, syslog senders must support sending syslog message datagrams to which port?

A.    TCP port 514
B.    UDP port 514
C.    TCP port 69
D.    UDP port 69
E.    TCP port 161
F.    UDP port 161

Answer: B

QUESTION 203
Refer to the exhibit. What service is enabled on the router for a remote attacker to obtain this information?
passleader-350-018-dumps-2031

A.    TCP small services
B.    finger
C.    maintenance operation protocol
D.    chargen
E.    Telnet
F.    CEF

Answer: B

QUESTION 204
In an 802.11 wireless network, what would an attacker have to spoof to initiate a deauthentication attack against connected clients?

A.    the BSSID of the AP where the clients are currently connected
B.    the SSID of the wireless network
C.    the MAC address of the target client machine
D.    the broadcast address of the wireless network

Answer: A

QUESTION 205
What is the commonly known name for the process of generating and gathering initialization vectors, either passively or actively, for the purpose of determining the security key of a wireless network?

A.    WEP cracking
B.    session hijacking
C.    man-in-the-middle attacks
D.    disassociation flood frames

Answer: A

QUESTION 206
According to RFC 4890, which four ICMPv6 types are recommended to be allowed to transit a firewall? (Choose four.)

A.    Type 1 – destination unreachable
B.    Type 2 – packet too big
C.    Type 3 – time exceeded
D.    Type 0 – echo reply
E.    Type 8 – echo request
F.    Type 4 – parameter problem

Answer: ABCF

QUESTION 207
Which action is performed first on the Cisco ASA appliance when it receives an incoming packet on its outside interface?

A.    check if the packet is permitted or denied by the inbound ACL applied to the outside interface
B.    check if the packet is permitted or denied by the global ACL
C.    check if the packet matches an existing connection in the connection table
D.    check if the packet matches an inspection policy
E.    check if the packet matches a NAT rule
F.    check if the packet needs to be passed to the Cisco ASA AIP-SSM for inspections

Answer: C

QUESTION 208
Refer to the exhibit. Which three statements about the Cisco ASDM screen seen in the exhibit are true? (Choose three.)
passleader-350-018-dumps-2081

A.    This access rule is applied to all the ASA interfaces in the inbound direction.
B.    The ASA administrator needs to expand the More Options tag to configure the inbound or outbound direction of the access rule.
C.    The ASA administrator needs to expand the More Options tag to apply the access rule to an interface.
D.    The resulting ASA CLI command from this ASDM configuration is access-list global_access line 1 extended permit ip host 1.1.1.1 host 2.2.2.1.
E.    This access rule is valid only on the ASA appliance that is running software release 8.3 or later.
F.    This is an outbound access rule.

Answer: ADE

QUESTION 209
If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next?

A.    drop the packet
B.    check the outside interface inbound ACL to determine if the packet is permitted or denied
C.    perform NAT operations on the packet if required
D.    check the MPF policy to determine if the packet should be passed to the SSM
E.    perform stateful packet inspection based on the MPF policy

Answer: B

QUESTION 210
Refer to the exhibit. Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.
passleader-350-018-dumps-2101

A.    stateful failover using active-active for multi-context
B.    stateful failover using active-standby for multi-context
C.    stateful failover using active-standby for single-context
D.    stateless failover using interface-level failover for multi-context

Answer: A


New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)

P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ