web analytics

PassLeader 350-018 Exam Dumps Collection with VCE and PDF (Question 61 – Question 90)

New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)

P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ

QUESTION 61
What feature on the Cisco ASA is used to check for the presence of an up-to-date antivirus vendor on an AnyConnect client?

A.    Dynamic Access Policies with no additional options
B.    Dynamic Access Policies with Host Scan enabled
C.    advanced endpoint assessment
D.    LDAP attribute maps obtained from Antivirus vendor

Answer: B

QUESTION 62
What type of attack consists of injecting traffic that is marked with the DSCP value of EF into the network?

A.    brute-force attack
B.    QoS marking attack
C.    DHCP starvation attack
D.    SYN flood attack

Answer: B

QUESTION 63
Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?

A.    The global access list is matched first before the interface access lists.
B.    Both the interface and global access lists can be applied in the input or output direction.
C.    When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing “global” as the interface will apply the access list entry globally.
D.    NAT control is enabled by default.
E.    The static CLI command is used to configure static NAT translation rules.

Answer: C

QUESTION 64
Which three multicast features are supported on the Cisco ASA? (Choose three.)

A.    PIM sparse mode
B.    IGMP forwarding
C.    Auto-RP
D.    NAT of multicast traffic
E.    PMI dense mode

Answer: ABD

QUESTION 65
Which three configuration tasks are required for VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco ASA? (Choose three.)

A.    The redirect-fqdn command must be entered under the vpn load-balancing sub-configuration.
B.    Each ASA in the VPN cluster must be able to resolve the IP of all DNS hostnames that are used in the cluster.
C.    The identification and CA certificates for the master FQDN hostname must be imported into each VPN cluster-member device.
D.    The remote-access IP pools must be configured the same on each VPN cluster-member interface.

Answer: ABC

QUESTION 66
Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.)

A.    TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types.
B.    IPv6 object nesting is supported.
C.    Network objects support IPv4 and IPv6 addresses.
D.    Objects are not supported in transparent mode.
E.    Objects are supported in single- and multiple-context firewall modes.

Answer: ACE

QUESTION 67
Which command is used to replicate HTTP connections from the Active to the Standby Cisco ASA appliance in failover?

A.    monitor-interface http
B.    failover link fover replicate http
C.    failover replication http
D.    interface fover replicate http standby
E.    No command is needed, as this is the default behavior

Answer: C

QUESTION 68
Refer to the exhibit.
policy-map type inspect ipv6 IPv6-map
match header routing-type range 0 255
drop
class-map outside-class
match any
policy-map outside-policy
class outside-class
inspect ipv6 IPv6-map
service-policy outside-policy interface outside
Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?

A.    policy-map type inspect ipv6 IPv6-map
match ipv6 header
count > 3
B.    policy-map outside-policy
class outside-class
inspect ipv6 header count gt 3
C.    class-map outside-class
match ipv6 header count greater 3
D.    policy-map type inspect ipv6 IPv6-map
match header count gt 3
drop

Answer: D

QUESTION 69
Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?

A.    class-map type inspect
B.    parameter-map type inspect
C.    service-policy type inspect
D.    policy-map type inspect tcp
E.    inspect-map type tcp

Answer: B

QUESTION 70
Which three NAT types support bidirectional traffic initiation? (Choose three.)

A.    static NAT
B.    NAT exemption
C.    policy NAT with nat/global
D.    static PAT
E.    identity NAT

Answer: ABD

QUESTION 71
Which IPS module can be installed on the Cisco ASA 5520 appliance?

A.    IPS-AIM
B.    AIP-SSM
C.    AIP-SSC
D.    NME-IPS-K9
E.    IDSM-2

Answer: B

QUESTION 72
Which two options best describe the authorization process as it relates to network access? (Choose two.)

A.    the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store
B.    the process of providing network access to the end user
C.    applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user
D.    the process of validating the provided credentials

Answer: BC

QUESTION 73
If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)

A.    Configure the Call Station ID Type to be: “IP Address”.
B.    Configure the Call Station ID Type to be: “System MAC Address”.
C.    Configure the Call Station ID Type to be: “MAC and IP Address”.
D.    Enable DHCP Proxy.
E.    Disable DHCP Proxy.

Answer: BE

QUESTION 74
Refer to the exhibit. To configure the Cisco ASA, what should you enter in the Name field, under the Group Authentication option for the IPSec VPN client?
passleader-350-018-dumps-741

A.    group policy name
B.    crypto map name
C.    isakmp policy name
D.    crypto ipsec transform-set name
E.    tunnel group name

Answer: E

QUESTION 75
Refer to the exhibit. On R1, encrypt counters are incrementing. On R2, packets are decrypted, but the encrypt counter is not being incremented. What is the most likely cause of this issue?
passleader-350-018-dumps-751

A.    a routing problem on R1
B.    a routing problem on R2
C.    incomplete IPsec SA establishment
D.    crypto engine failure on R2
E.    IPsec rekeying is occurring

Answer: B

QUESTION 76
Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)

A.    Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription
B.    Cisco ISR G2 Router with SECK9 and ScanSafe subscription
C.    Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers
D.    Cisco Web Security Appliance with ScanSafe subscription

Answer: BC

QUESTION 77
Which four statements about SeND for IPv6 are correct? (Choose four.)

A.    It protects against rogue RAs.
B.    NDP exchanges are protected by IPsec SAs and provide for anti-replay.
C.    It defines secure extensions for NDP.
D.    It authorizes routers to advertise certain prefixes.
E.    It provides a method for secure default router election on hosts.
F.    Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange.
G.    It is facilitated by the Certification Path Request and Certification Path Response ND messages.

Answer: ACDE

QUESTION 78
What is the recommended network MACSec policy mode for high security deployments?

A.    should-secure
B.    must-not-secure
C.    must-secure
D.    monitor-only
E.    high-impact

Answer: A

QUESTION 79
Which three statements about NetFlow version 9 are correct? (Choose three.)

A.    It is backward-compatible with versions 8 and 5.
B.    Version 9 is dependent on the underlying transport; only UDP is supported.
C.    A version 9 export packet consists of a packet header and flow sets.
D.    Generating and maintaining valid template flow sets requires additional processing.
E.    NetFlow version 9 does not access the NetFlow cache entry directly.

Answer: CDE

QUESTION 80
Which three statements about VXLANs are true? (Choose three.)

A.    It requires that IP protocol 8472 be opened to allow traffic through a firewall.
B.    Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
C.    A VXLAN gateway maps VXLAN IDs to VLAN IDs.
D.    IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
E.    A VXLAN ID is a 32-bit value.

Answer: BCD

QUESTION 81
Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)

A.    IKE ID_KEY_ID
B.    OU field in a certificate that is presented by a client
C.    XAUTH username
D.    hash of the OTP that is sent during XAUTH challenge/response
E.    IKE ID_IPV4_ADDR

Answer: AB

QUESTION 82
Which multicast routing mechanism is optimal to support many-to-many multicast applications?

A.    PIM-SM
B.    MOSPF
C.    DVMRP
D.    BIDIR-PIM
E.    MSDP

Answer: D

QUESTION 83
Which three statements regarding VLANs are true? (Choose three.)

A.    To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID and VLAN type must all be specifically configured by the administrator.
B.    A VLAN is a broadcast domain.
C.    Each VLAN must have an SVI configured on the Cisco Catalyst switch for it to be operational.
D.    The native VLAN is used for untagged traffic on an 802.1Q trunk.
E.    VLANs can be connected across wide-area networks.

Answer: BDE

QUESTION 84
Which technology, configured on the Cisco ASA, allows Active Directory authentication credentials to be applied automatically to web forms that require authentication for clientless SSL connections?

A.    one-time passwords
B.    certificate authentication
C.    user credentials obtained during authentication
D.    Kerberos authentication

Answer: C

QUESTION 85
In what subnet does address 192.168.23.197/27 reside?

A.    192.168.23.0
B.    192.168.23.128
C.    192.168.23.160
D.    192.168.23.192
E.    192.168.23.196

Answer: D

QUESTION 86
Given the IPv4 address 10.10.100.16, which two addresses are valid IPv4-compatible IPv6 addresses? (Choose two.)

A.    :::A:A:64:10
B.    ::10:10:100:16
C.    0:0:0:0:0:10:10:100:16
D.    0:0:10:10:100:16:0:0:0

Answer: BC

QUESTION 87
Refer to the exhibit. Which three fields of the IP header labeled can be used in a spoofing attack? (Choose one.)
passleader-350-018-dumps-871

A.    6, 7, 11
B.    6, 11, 12
C.    3, 11, 12
D.    4, 7, 11

Answer: A

QUESTION 88
What is the size of a point-to-point GRE header, and what is the protocol number at the IP layer?

A.    8 bytes, and protocol number 74
B.    4 bytes, and protocol number 47
C.    2 bytes, and protocol number 71
D.    24 bytes, and protocol number 1
E.    8 bytes, and protocol number 47

Answer: B

QUESTION 89
When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.)

A.    TKIP uses an advanced encryption scheme based on AES.
B.    TKIP provides authentication and integrity checking using CBC-MAC.
C.    TKIP provides per-packet keying and a rekeying mechanism.
D.    TKIP provides message integrity check.
E.    TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset.
F.    TKIP uses a 48-bit initialization vector.

Answer: CDF

QUESTION 90
Which two statements about SHA are correct? (Choose two.)

A.    Five 32-bit variables are applied to the message to produce the 160-bit hash.
B.    The message is split into 64-bit blocks for processing.
C.    The message is split into 512-bit blocks for processing.
D.    SHA-2 and MD5 both consist of four rounds of processing.

Answer: AC


New 350-018 exam questions from PassLeader 350-018 dumps! Welcome to download the newest PassLeader 350-018 VCE and PDF dumps: http://www.passleader.com/350-018.html (894 Q&As)

P.S. Free 350-018 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfjE1cHRyNEtmX3JfdU9CUFlRZnVxNjZUbWxsSnBpNXM0QjZYZjBXZVgyOTQ