[Free] Download New Latest (January 2016) Cisco 350-018 Real Exam 71-80

Ensurepass

QUESTION 61

Refer to the exhibit. Which statement best describes the problem?

 

clip_image002

 

A.

Context vpn1 is not inservice.

B.

There is no gateway that is configured under context vpn1.

C.

The config has not been properly updated for context vpn1.

D.

The gateway that is configured under context vpn1 is not inservice.

 

Correct Answer: A

 

 

QUESTION 62

Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)

 

A.

The firewall is not a routed hop.

B.

The firewall can connect to the same Layer 3 network on its inside and outside interfaces.

C.

Static routes are supported.

D.

PAT and NAT are not supported.

E.

Only one global address per device is supported for management.

F.

SSL VPN is supported for management.

 

Correct Answer: ABC

 

 

QUESTION 63

Which three statements about Cisco IOS RRI are correct? (Choose three.)

 

A.

RRI is not supported with ipsec-profiles.

B.

Routes are created from ACL entries when they are applied to a static crypto map.

C.

Routes are created from source proxy IDs by the receiver with dynamic crypto maps.

D.

VRF-based routes are supported.

E.

RRI must be configured with DMVPN.

 

Correct Answer: BCD

 

 

QUESTION 64

Which of the following describes the DHCP “starvation” attack?

 

A.

Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.

B.

Saturate the network with DHCP requests to prevent other network services from working.

C.

Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names.

D.

Send DHCP response packets for the purpose of overloading CAM tables.

 

Correct Answer: A

 

 

QUESTION 65

Which Cisco technology protects against Spanning Tree Protocol manipulation?

 

A.

spanning-tree protection

B.

root guard and BPDU guard

C.

Unicast Reverse Path Forwarding

D.

MAC spoof guard

E.

port security

 

Correct Answer: B

 

 

 

 

QUESTION 66

Refer to the exhibit. Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)

 

clip_image004

 

A.

The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.

B.

Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.

C.

Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.

D.

Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.

E.

Interface FastEthernet 5/1 is the community port.

F.

Interface FastEthernet 5/4 is the isolated port.

 

Correct Answer: BC

 

 

 

 

 

 

QUESTION 67

Which three configuration components are required to implement QoS policies on Cisco routers
using MQC? (Choose three.)

 

A.

class-map

B.

global-policy

C.

policy-map

D.

service-policy

E.

inspect-map

 

Correct Answer: ACD

 

 

QUESTION 68

Which type of PVLAN ports can communicate among themselves and with the promiscuous port?

 

A.

isolated

B.

community

C.

primary

D.

secondary

E.

protected

 

Correct Answer: B

 

 

QUESTION 69

Which statement is true about the Cisco NEAT 802.1X feature?

 

A.

The multidomain authentication feature is not supported on the authenticator switch interface.

B.

It allows a Cisco Catalyst switch to act as a supplicant to another Cisco Catalyst authenticator switch.

C.

The supplicant switch uses CDP to send MAC address information of the connected host to the authenticator switch.

D.

It supports redundant links between the supplicant switch and the authenticator switch.

 

Correct Answer: B

 

 

QUESTION 70

Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?

 

A.

PKI

B.

TACACS+

C.

multi-auth host mode

D.

port security

E.

802.1x

 

Correct Answer: E

 

 

 

 

QUESTION 71

With the Cisco FlexVPN solution, which four VPN deployments are supported? (Choose four.)

 

A.

site-to-site IPsec tunnels?

B.

dynamic spoke-to-spoke IPSec tunnels? (partial mesh)

C.

remote access from software or hardware IPsec clients?

D.

distributed full mesh IPsec tunnels?

E.

IPsec group encryption using GDOI?

F.

hub-and-spoke IPsec tunnels?

 

Correct Answer: ABCF

 

 

QUESTION 72

Which four techniques can you use for IP management plane security? (Choose four.)

 

A.

Management Plane Protection

B.

uRPF

C.

strong passwords

D.

RBAC

E.

SNMP security measures

F.

MD5 authentication

 

Correct Answer: ACDE

 

 

QUESTION 73

Which three statements about remotely triggered black hole filtering are true? (Choose three.)

 

A.

It filters undesirable traffic.

B.

It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks.

C.

It provides a rapid-response technique that can be used in handling security-related events and incidents.

D.

It requires uRPF.

 

Correct Answer: ACD

 

 

QUESTION 74

Which three statements about Cisco Flexible NetFlow are true? (Choose three.)

 

A.

The packet information used to create flows is not configurable by the user.

B.

It supports IPv4 and IPv6 packet fields.

C.

It tracks all fields of an IPv4 header as well as sections of the data payload.

D.

It uses two types of flow cache, normal and permanent.

E.

It can be a useful tool in monitoring the network for attacks.

 

Correct Answer: BCE

 

 

 

 

 

QUESTION 75

During a computer security forensic investigation, a laptop computer is retrieved that requires content analysis and information retrieval. Which file system is on it, assuming it has the default installation of Microsoft Windows Vista operating system?

 

A.

HSFS

B.

WinFS

C.

NTFS

D.

FAT

E.

FAT32

 

Correct Answer: C

 

 

QUESTION 76

Which three statements about the IANA are true? (Choose three.)

 

A.

IANA is a department that is operated by the IETF.

B.

IANA oversees global IP address allocation.

C.

IANA managed the root zone in the DNS.

D.

IANA is administered by the ICANN.

E.

IANA defines URI schemes for use on the Internet.

 

Correct Answer: BCD

 

 

QUESTION 77

What does the Common Criteria (CC) standard define?

 

A.

The current list of Common Vulnerabilities and Exposures (CVEs)

B.

The U.S standards for encryption export regulations

C.

Tools to support the development of pivotal, forward-looking information system technologies

D.

The international standards for evaluating trust in information systems and products

E.

The international standards for privacy laws

F.

The standards for establishing a security incident response system

 

Correct Answer: D

 

 

QUESTION 78

Which three types of information could be used during the incident response investigation phase? (Choose three.)

 

A.

netflow data

B.

SNMP alerts

C.

encryption policy

D.

syslog output

E.

IT compliance reports

 

Correct Answer: ABD

 

 

 

QUESTION 79

Which of the following best describes Chain of Evidence in the context of security forensics?

 

A.

Evidence is locked down, but not necessarily authenticated.

B.

Evidence is controlled and accounted for to maintain its authenticity and integrity.

C.

The general whereabouts of evidence is known.

D.

Someone knows where the evidence is and can say who had it if it is not logged.

 

Correct Answer: B

 

 

QUESTION 80

Which option is a benefit of implementing RFC 2827?

 

A.

prevents DoS from legitimate, non-hostile end systems

B.

prevents disruption of special services such as Mobile IP

C.

defeats DoS attacks which employ IP source address spoofing

D.

restricts directed broadcasts at the ingress router

E.

allows DHCP or BOOTP packets to reach the relay agents as appropriate

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …