QUESTION 21
DNSSEC was designed to overcome which security limitation of DNS?
|
A. |
DNS man-in-the-middle attacks |
|
B. |
DNS flood attacks |
|
C. |
DNS fragmentation attacks |
|
D. |
DNS hash attacks |
|
E. |
DNS replay attacks |
|
F. |
DNS violation attacks |
Correct Answer: A
QUESTION 22
Which three statements are true about MACsec? (Choose three.)
|
A. |
It supports GCM modes of AES and 3DES. |
|
B. |
It is defined under IEEE 802.1AE. |
|
C. |
It provides hop-by-hop encryption at Layer 2. |
|
D. |
MACsec expects a strict order of frames to prevent anti-replay. |
|
E. |
MKA is used for session and encryption key management. |
|
F. |
It uses EAP PACs to distribute encryption keys. |
Correct Answer: BCE
QUESTION 23
Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment?
|
A. |
SSL Handshake Protocol |
|
B. |
SSL Alert Protocol |
|
C. |
SSL Record Protocol |
|
D. |
SSL Change CipherSpec Protocol |
Correct Answer: C
QUESTION 24
IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)
|
A. |
Send |
|
B. |
Mobile IPv6 |
|
C. |
site-to-site virtual interfaces |
|
D. |
OSPFv3 |
|
E. |
CAPWAP |
|
F. |
LWAPP |
Correct Answer: BCD
QUESTION 25
Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)
|
A. |
PEAP |
|
B. |
EAP-TLS |
|
C. |
EAP-FAST |
|
D. |
EAP-TTLS |
|
E. |
EAPOL |
|
F. |
EAP-RADIUS |
|
G. |
EAP-MD5 |
Correct Answer: ABCD
QUESTION 26
Which three statements are true about the SSH protocol? (Choose three.)
|
A. |
SSH protocol runs over TCP port 23. |
|
B. |
SSH protocol provides for secure remote login and other secure network services over an insecure network. |
|
C. |
Telnet is more secure than SSH for remote terminal access. |
|
D. |
SSH protocol runs over UDP port 22. |
|
E. |
SSH transport protocol provides for authentication, key exchange, confidentiality, and integrity. |
|
F. |
SSH authentication protocol supports public key, password, host based, or none as authentication methods. |
Correct Answer: BEF
QUESTION 27
Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
|
A. |
Only SMTP inspection is provided on the Cisco ASA firewall. |
|
B. |
A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server. |
|
C. |
ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support. |
|
D. |
SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case. |
|
E. |
ESMTP servers can identify the maximum email size they can receive by using the SIZE command. |
Correct Answer: CE
< /p>
QUESTION 28
How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?
|
A. |
It is included in the CIADDR field. |
|
B. |
It is included as DHCP Option 50 in the OPTIONS field. |
|
C. |
It is included in the YIADDR field. |
|
D. |
It is the source IP address of the UDP/53 wrapper packet. |
|
E. |
The client cannot request its last IP address; it is assigned automatically by the server. |
Correct Answer: B
QUESTION 29
Which two statements about an authoritative server in a DNS system are true? (Choose two.)
|
A. |
It indicates that it is authoritative for a name by setting the AA bit in responses. |
|
B. |
It has a direct connection to one of the root name servers. |
|
C. |
It has a ratio of exactly one authoritative name server per domain. |
|
D. |
It cannot cache or respond to queries from domains outside its authority. |
|
E. |
It has a ratio of at least one authoritative name server per domain. |
Correct Answer: AE
QUESTION 30
Refer to the exhibit. Which three statements are true? (Choose three.)
|
A. |
Because of a “root delay” of 0ms, this router is probably receiving its time directly from a Stratum 0 or 1 GPS reference clock. |
|
B. |
This router has correctly synchronized its clock to its NTP master. |
|
C. |
The NTP server is running authentication and should be trusted as a valid time source. |
|
D. |
Specific local time zones have not been configured on this router. |
|
E. |
This router will not act as an NTP server for requests from other devices. |
Correct Answer: BCE
Free VCE & PDF File for Cisco 350-018 Real Exam
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …