[Free] Download New Latest (January 2016) Cisco 350-018 Real Exam 361-370

Ensurepass

QUESTION 361

Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)

 

A.

Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.

B.

Infrastructure ACLs are used to block-permit the traffic handled by the route processor.

C.

Infrastructure ACLs are used to block-permit the transit traffic.

D.

Infrastructure ACLs only protect device physical management interface.

 

Correct Answer: BD

 

 

QUESTION 362

Which statement about the SYN flood attack is true?

 

A.

The SYN flood attack is always directed from valid address.

B.

The SYN flood attack target is to deplete server memory so that legitimate request cannot be served.

C.

The SYN flood attack is meant to completely deplete the TCB SYN-Received state backlog.

D.

The SYN flood attack can be launched for both UDP and TCP open ports on the server.

E.

SYN-Received state backlog for TCBs is meant to protect server CPU cycles.

 

Correct Answer: C

 

 

QUESTION 363

The HTTP inspection engine has the ability to inspect traffic based on which three parameters? (Choose three.)

 

A.

Transfer Encoding

B.

Request Method

C.

Header

D.

Application Type

E.

Header Size

F.

Source Address

 

Correct Answer: ABD

 

 

QUESTION 364

For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)

 

A.

BVI is required for the inspection of IP traffic.

B.

The firewall can perform routing on bridged interfaces.

C.

BVI is required if routing is disabled on the firewall.

D.

BVI is required if more than two interfaces are in a bridge group.

E.

BVI is required for the inspection of non-IP traffic.

F.

BVI can manage the device without having an interface that is configured for routing.

 

Correct Answer: DF

 

 

QUESTION 365

Event Store is a component of which IPS application?

 

A.

SensorApp

B.

InterfaceApp

C.

MainApp

D.

NotificationApp

E.

AuthenticationApp

 

Correct Answer: C

 

 

QUESTION 366

Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?

 

A.

AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.

B.

The Cisco Secure ACS Solution Engine does not support accounting AV pairs.

C.

AV pairs are only string values.

D.

AV pairs are of two types: string and integer.

 

Correct Answer: C

 

 

QUESTION 367

Refer to the exhibit. Which option describes the behavior of this configuration?

 

clip_image002

 

A.

Devices that perform IEEE 802.1X should be in the MAC address database for successful authentication.

B.

IEEE 802.1x devices must fail MAB to perform IEEE 802.1X authentication.

C.

If 802.1X fails, the device will be assigned to the default guest VLAN.

D.

The device will perform subsequent IEEE 802.1X authentication if it passed MAB authentication.

E.

If the device fails IEEE 802.1X, it will start MAB again.

 

Correct Answer: B

 

 

QUESTION 368

When is the supplicant considered to be clientless?

 

A.

when the authentication server does not have credentials to authenticate.

B.

when the authenticator is missing the dot1x guest VLAN under the port with which the supplicant is connected.

C.

when the supplicant fails EAP-MD5 challenge with the authentication server.

D.

when the supplicant fails to respond to EAPOL messages from the authenticator.

E.

when the authenticator is missing the reauthentication timeout configuration under the port with which the supplicant is connected.

 

Correct Answer: D

 

 

QUESTION 369

Which Cisco IOS IPS signature action denies an attacker session using the dynamic access list?

 

A.

produce-alert

B.

deny-attacker-inline

C.

deny-connection-inline

D.

reset-tcp-action

E.

deny-session-inline

F.

deny-packet-inline

 

Correct Answer: C

 

 

QUESTION 370

Which IPS appliance signature engine inspects IPv6 Layer 3 traffic?

 

A.

Atomic IP

B.

Meta

C.

Atomic IP Advanced

D.

Fixed

E.

Service

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …