Cisco 350-018 Practice Exam, 100% Success Rate Cisco 350-018 Dumps With High Quality

Free Sharing Flydumps Cisco 350-018 exam questions and answers are constantly being revised and updated for relevance and accuracy.Many candidates has passed the Cisco 350-018 exam easily by training the new version.100% pass rate.

QUESTION 1
If you want to use RADIUS authenticatfon, must you configure AAA?
A. RADIUS
B. No, AAA is not required to use RADIUS, just use the “ip auth radius” commands
C. Yes, you must configure AAA to use TACACS+, Kerberos, or RADIUS.
D. No, AAA is for authentication, authorization, and accounting. It is not required to configure
Correct Answer: C
QUESTION 2
SWA has a priority of 8192 while SWB has a priority of 32768. Which switch will be root _why?
A. SWA, it has the lowest priority.
B. SWB, it has the highest priority.
C. Neither, it will be determined by the lowest MAC address.
D. Neither, it will be determined by the lowest cost to the root switch.
Correct Answer: A
QUESTION 3
What does a PIX do with tcp sequence number to minimize the risk of tcp sequence number attacks? (Select all that apply)
A. Randomize them.
B. Make sure they are within an acceptable range.
C. Doesn’t use them.
D. Uses the same numbers over and over again “First Test, First Pass” – www.lead2pass.com 105 Cisco 350-018 Exam
Correct Answer: AB
QUESTION 4
Traffic is flowing from the inside to the outside. You are using an output access-list (outbound access-list) along with NAT. What IP addresses should be referenced in the access-list?
A. Outside (global) addresses
B. Inside (local) addresses
C. Encrypted addresses
D. Private addresses
Correct Answer: A

QUESTION 5
Which of the following are valid av-pairs on a RADIUS server?
A. rte-fltr-out#0=”router igrp 60″
B. user = georgia { login = cleartext lab service = ppp protocol = ip { addr-pool=bbb } }
C. cisco-avpair = “ip:addr-pool=bbb”
D. route#1 = “3.0.0.0 255.0.0.0 1.2.3.4”
Correct Answer: C
QUESTION 6
What is RADIUS? (Select all that apply)
A. Remote Authentication Dial-In User Services
B. “A distributed client/server system that secures networks against unauthorized access”
C. A secret-key network authentication protocol.
D. A modular security application that provides centralized validation of users attempting to gain access to a router or network access server
Correct Answer: AB
QUESTION 7
In RFC 2138 (RADIUS), vendor specific attributes (VSA) are specified. Specifically, this is called VSA 26 (attribute 26). These allow vendors to support their own extended options. Cisco’s vendor ID is 9. Which of the following commands tell the Cisco IOS to use and understand VSA’s? (Select all that apply)
A. radius-server vsa send
B. radius-server vsa send authentication
C. radius-server vsa send accounting “First Test, First Pass” – www.lead2pass.com 106 Cisco 350-018 Exam
D. ip radius-server vsa send
Correct Answer: ABC
QUESTION 8
In your company’s network, a Cisco adaptive security appliance is running in multiple context mode. Multiple contexts are associated with the ingress interface. As a network technician of your company, can you tell me which three actions will be taken by the security appliance to classify packets into a context? (Choose three.)
A. looking at the destination interface IP address for traffic destined to an interface
B. looking at the source interface IP address for traffic sourced from an interface
C. looking at static commands where the global interface matches the ingress interface of the packet
D. looking at IP addresses identified by a global pool for the ingress interface by use of the global command
Correct Answer: ACD
QUESTION 9
Your RADIUS server is at IP address 172.22.53.201 and the authentication key is “Cisco”. AAA has not yet been configured on your router. What is the minimum number of commands you can type to tell your router about your RADIUS server? (Select all that apply)
A. aaa new-model radius-server host 172.22.53.201 auth-port 1545 acct-port 1546 key Cisco
B. radius-server host 172.22.53.201 key cisco
C. aaa new-model
D. radius-server host 172.22.53.201 auth-port 1545 acct-port 1546 key cisco
Correct Answer: BC
QUESTION 10
When a Cisco Secure Intrustion Detection System Sensor communicates with a Cisco Secure Instrustion Detection System Director, what statement is FALSE?
A. If the preferred route is down, up to 255 alternate listed routes can be attempted
B. When the sensor to director is detected as “down”, packets lost during this time are buffered and retransmitted. The packets are dropped only when the buffer is full.
C. The communication occurs via the postofficed system
D. When no keepalives are detected, eventd on the sensor e-mails the administrator.
Correct Answer: D
QUESTION 11
The main reason the NFS protocol is not recommended for use across a firewall or a security domain is that.
A. it is UDP based. As a result, its state is difficult to track.
B. This protocol uses a range of ports, and firewalls have difficulty opening the proper entry points to allow traffic.
C. File permissions are easily modified in the requests, and the security of the protocol is not stringent. “First Test, First Pass” – www.lead2pass.com 107 Cisco 350-018 Exam
D. Industry technicians do not understand NFS well, but is actually appropriate to run across various security domains.
Correct Answer: C
QUESTION 12
Why it is important to delete IPSec Security Associations (SAs) frequently and then re-key and reestablish the SA’s?
A. To reduce the chance that another IPSec machine on the network will generate the same random SPIf which will cause confusion as to which machine is the endpoint of a tunnel.
B. To reduce the risk of a brute force attack where your key can be compromised if it stays the same for too long period of a time.
C. Each time a SA is regenerated, the integrity of the link is checked. This is the only way to establish if the tunnel is still active.
D. To reduce the potential problems of counters exceeding their allocated size, which will cause them to wrap back to zero and display invalid results.
Correct Answer: B
QUESTION 13
What command sequence should be used to turn on RADIUS in a router?
A. aaa new-model aaa authen login default radius radius-server host #.#.#.# radius-server key <key>
B. aaa new-model aaa authen login default radius radius-server host #.#.#.#
C. radius-server host #.#.#.# radius-srever key <key> aaa authen login default radius aaa new-model
D. radius-server host #.#.#.# radius-server use-extended login radius
Correct Answer: A
QUESTION 14
Routers running OSPF and sharing a common segment become neighbors on that segment. What statement regarding OSPF neighbors is FALSE?
A. The Primary and Secondary addresses on an interface allow the router to belong to different areas at the same time.
B. All routes must agree on the stub area flag in the ISPF Hello Packets.
C. Neighbors will fail to form an adjaceny if thei Hello and Dead intervals differ, .
D. Two routers will not become neighbors if the Area-ID and Authentication password do not mathc.
Correct Answer: A
QUESTION 15
If the read community is known and there is SNMP connectivity to a device (without an access-list limiting this):
A. The System Description (sysDescr), which includes the full name and version identification of the system’s hardware type, software operating-system, and networking software, can be ascertained through and SNMP query.
B. The entire configuration of the router can be read but not modified.
C. The passwords on the router can be modified.
D. The passwords on the router can be read, not modified. This enables the attacker to access the router as a base of operations for other attacks.
Correct Answer: A
QUESTION 16
Simply put, an IPS signature is any distinctive characteristic that identifies something. Using this definition, all IPS products use signatures of some kind, regardless of what the product descriptions claim. In which format are IPS signatures stored?
A. Post Office
B. RDEP
C. IDCONF
D. SDEE
Correct Answer: C
QUESTION 17
Which of the following aptly describes the Unix file /etc/shadow?
A. The Unix file/etc/shadow is referenced by login when the /etc/passwd file contains an asterisk in the third field.
B. The Unix file/etc/shadow is referenced by NIS when the /etc/passwd file contains a line with the first character of ‘+’.
C. The Unix file/etc/shadow is a place to store encrypted passwords without referencing the /etc/passwd file.
D. The Unix file/etc/shadow is a read-protected file referenced by login when the /etc/passwd file contains a special character in the second field.
Correct Answer: D

QUESTION 18
What statement about AH and ESP is FALSE?
A. ESP encapsulates the IP header, while AH does not.
B. ESP uses protocol 50.
C. AH uses protocol 51.
D. AH does not lent itself to a NAT environment becayse of IP header encapsulation.
Correct Answer: A
QUESTION 19
A switch has been configured to support MuitiLayer Switching (MLS). In addition, Access Control Lists on the MLS-Route Processor have been configured to block all FTP traffic destined to the Internet. What flow mask will be used to create each shortcut?
A. Application flow mask
B. Full flow mask
C. Destination-Source flow mask
D. Destination flow mask
Correct Answer: B
QUESTION 20
What is the term used to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?
A. Fraggle Attack
B. Man in the Middle Attack
C. Trojan Horse Attack
D. Smurf Attack
Correct Answer: D
QUESTION 21
When configuring IPSec with IKE, if the transform set includes an ESP cipher algorithm, specify the cipher keys. In a Cisco IOS IPsec transform set, which two of the following items are valid for ESP cipher algorithms?(Choose two)
A. esp-null, esp-seal
B. esp-aes 256, esp-aes null
C. esp-null, esp-aes 512
D. esp-aes 192, esp-des, esp-3des
Correct Answer: AD
QUESTION 22
If the result of an attack left an ARP table in the state below, what address would you suspect of launching the attack?
Internet 171.16.1.100 – 000c.5a35.3c77 ARPA FastEthernet0/0 Internet 171.16.1.111 0 00bc.d1f5.f769 ARPA FastEthernet0/0 Internet 171.16.1.112 0 00bc.d1f5.f769 ARPA FastEthernet0/0 Internet 171.16.1.113 3 00bc.d1f5.f769 ARPA FastEthernet0/0 Internet 171.16.1.114 0 00bc.d1f5.f769 ARPA FastEthernet0/0
A. 171.16.1.100
B. 171.16.1.111
C. 171.16.1.112 “First Test, First Pass” – www.lead2pass.com 110 Cisco 350-018 Exam
D. 171.16.1.113
Correct Answer: D
QUESTION 23
What would be a reason to decrease the security association lifetime on a router?
A. To ease the workload on the router CPU and RAM
B. To give a potential hacker less time to decipher the keying
C. To improve Perfect Forward Secrecy (PFS)
D. If the lifetime of the peer router on the other end of the tunnel is shooter, the lifetime on the local router must be decreased so that the SA lifetime of both routers is the same.
Correct Answer: B
QUESTION 24
The no ip directed-broadcast command is useful in preventing SMURF style attacks for the following reason:
A. It prevents your network device from being a target
B. It prevents your network device from launching an attack.
C. It prevents your network device from being a reflector in an attack
D. It prevents your network device from being traced as the source of an attack.
Correct Answer: C
QUESTION 25
IDS tuning requires a step-by-step methodology in order to successfully tuje ISD signatures effectively. Put the following tuning steps for a new sensor into their proper order.
(A)
Identify critical assets that require monitoring and protection.

(B)
Update sensors with new signatures.

(C)
Let sensors operate for a period of time generating alarms using the default configuration.

(D)
Apply initial configuration.

(E)
Selectively implement response actions.

(F)
Connect sensors to network.

(G)
Analyze alarms and tune out false positives.

A.
A, F, D, C, G, E, B

B.
A, C, F, D, G, E, B

C.
A, B, C, D, E, G, F

D.
F, E, G, A, B, C, D
Correct Answer: A

QUESTION 26
The newly appointed trainee technician wants to know what the purpose of Lock _Key is. What will
“First Test, First Pass” – www.lead2pass.com 111 Cisco 350-018 Exam
your reply be?
A. Lock _Key secures the console port of the router so that even users with physical access to the router cannot gain access without entering the proper sequence.
B. Lock _Key permits Telnet to the router and have temporary access lists applied after issuance of the access-enable command.
C. Lock _Key require additional authentication for traffic traveling through the PIX for TTAP compliance.
D. Lock _Key is to prevent users from getting into enable mode.
Correct Answer: B
QUESTION 27
The company network administrator has forgotten the enable password of the router. There are no users logged into the router, but all passwords on the router are encrypted.
What can the administrator do to recover the enable secret password?
A. The administrator can reboot the router, press the BREAK key during boot up, and boot the router into ROM Monitor mode to erase the configuration, and re-install the entire configuration as it was saved on a TFTP server.
B. The administrator can call the Cisco Technical Assistance Center (TAC) for a specific code that will erase the existing password.
C. The administrator can reboot the router, press the BREAK key during boot up, boot the router into ROM Monitor mode to either erase or replace the existing password, and reboot the router as usual.
D. The administrator should erase the configuration, boot the router into ROM Monitor mode, press the BREAK key, and overwrite the previous enable password with a new one.
Correct Answer: A
QUESTION 28
The newly appointed trainee technician wants to know what the definition of exploit signatures is in the context of Intrustion detection. What will your reply be?
A. Exploit Signatures are policies that prevent hackers from your network.
B. Exploit Signatures are security weak points in your network that are open to exploitation by intruders.
C. Exploit Signatures are identifiable patterns of attacks detected on your network.
D. Exploit Signatures are digital graffiti from malicious users.
Correct Answer: C
QUESTION 29
Which of the following services would you advice the new trainee technician to enable on ISO firewall devices?
A. SNMP with community string public.
B. TCP small services.
C. UDP small services
D. Password-encryption.
Correct Answer: D
QUESTION 30
The newly appointed trainee technician wants to know what PFS (Perfect Forward Security) requires. What will your reply be?
A. AH
B. ESP
C. Another Diffie-Hellman exchange when an SA has expired
D. Triple DES
Correct Answer: C
QUESTION 31
Using Ciscos’ Security Device manager on an IOS router, what functions could you expect the security audit option to do for you?
A. Scan for and report open ports.
B. Report IOS vulnerabilities.
C. List identiflcable configuration problems and suggest recommendations for fixing them.
D. Configure LAN and WAN interfaces with IP addresses and security related commands
Correct Answer: C QUESTION 32

The comapny network is using Cisco Secure Intrustion Detection System and the network traffic pattern appears ordinary. However, numerous false positives for a particular alarm are received. What can you do to avoid the quantity of “noise” in the future?
A. Click the unmanage for the alarm in QUESTION NO: in the HP OpenView/NR GUI interface.
B. Click the acknowledge for the alarm in QUESTION NO: in the HPOV/NR GUI interface.
C. You can use ventd to decrease the alarm level severity
D. You could configure a decreases alarm level severity through nrconfigure.
Correct Answer: D QUESTION 33
What does “counting to infinity” mean in a Distance Vector protocol environment?
A. “counting to infinity” means calculating the time taken for a protocol to converge.
B. “counting to infinity” means checking that the number of route entries do not exeed a set upper limit.
C. “counting to infinity” can occur when Split Horizon is not enabled.
D. “counting to infinity” means setting an upper limit for hop count, to break down routing loops if this limit is reached.

Correct Answer: D QUESTION 34
Which network management software installation is a prerequisite for the Cisco Secure Intrustion
“First Test, First Pass” – www.lead2pass.com 113 Cisco 350-018 Exam Detection System Director software?
A. CiscoWorks 2000 on Unix
B. SunNetManager on Solaris
C. Microsoft Internet Information Server on Windows NT
D. NetSonar on Linux

Correct Answer: D QUESTION 35
The newly appointed trainee technician wants to know if one can change the situation where every time a typing mistake is made at the exec prompt of a router, the message from the router indicates a lookup is being performed. Also, there is a waiting period of several seconds before the next command can be typed. What will your reply be?
A. No, this is a default feature of Cisco IOS software.
B. Yes, by using the no ip domain-lookup command
C. Yes, by using the no ip helper-address command.
D. Yes, by using the no ip multicast helper-map command

Correct Answer: B QUESTION 36
How does Cisco Secure Intrustion Detection System sensor behave when it detects unauthorized activity?
A. Cisco Secure Intrustion System sensor will send an e-mail to the network administrator.
B. Cisco Secure Intrustion System sensor will send an alarm to Cisco Secure Intrustion Detection System Director.
C. Cisco Secure Intrustion System sensor will shut down the interface where the traffic arrived, if device management is configured.
D. Cisco Secure Intrustion System sensor will perform a traceroute to the attacking device.

Correct Answer: B QUESTION 37
Why do scanning tools may report a root Trojan Horse compromise when it is run against an lOScomponent?
A. IOS is based on BSD UNIX and is thus subject to a Root Trojan Horse compromise.
B. The scanning software is detecting the hard-coded backdoor password in IOS.
C. Some IOS versions are crashable with the telnet option vulnerability.
D. The port scanning package mis-parses the IOS error messages.

Correct Answer: D QUESTION 38
The PIX firewall allows users to block Java when using what combination of keywords and implementation?
“First Test, First Pass” – www.lead2pass.com 114 Cisco 350-018 Exam
A. “no cafebabe” in a static
B. “no Java” in a static
C. “no cafebabe” in an outbound list
D. “filter Java” in an outbound list

Correct Answer: D QUESTION 39
What can be used to solve a problem situation where a user’s PC is unable to ping a server located on a different LAN connected to the same router?
A. Ensure routing is enabled.
B. A default gateway from the router to the server must be defined
C. Check to see if both the PC and the server have properly defined default gateways
D. Both the server and the PC must have defined static ARP entries.

Correct Answer: C QUESTION 40
What happens when one experiences a ping of death?
A. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the “type” field in the ICMP header is set to 18 (Address Mask Reply).
B. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset’ 8) + (IP data length) >65535. In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
C. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the source equal to destination address.
D. This is when an the IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).

Correct Answer: B QUESTION 41
What response will a RADIUS server send to a client to indicate the client’s user name or password is invalid?
A. Authentication Denied
B. Access-Reject
C. Access-Deny
D. Access-Fasil

Correct Answer: B
QUESTION 42
Mail Server A is trying to contact Mail Server B behind a firewall. Mail Server A makes the initial connection, but there is a consistent long delay (1 minute) before the queued mail is actually sent.
“First Test, First Pass” – www.lead2pass.com 115 Cisco 350-018 Exam
A reason for this might be:
A. Mail Server A does not have a default route.
B. Mail Server B does not have a default route
C. The firewall is blocking TCP port 113.
D. A third Mail Server is delaying the traffic.
Correct Answer: C
QUESTION 43
What would be the biggest challenge to a hacker writing a man-in-the-middle attack aimed at VPN tunnels using digital certificates for authentication?
A. Programmatically determining the private key so they can proxy the connection between the two VPN endpoints.
B. Determining the ISAKMP credentials when passed to establish the key exchange.
C. Determining the pase two credentials used to establish the tunnel attributes.
D. Decrypting and encrypting 3DES once keys are known.
Correct Answer: A
QUESTION 44
Which best describes a common method used for VLAN hopping?
A. Using VTP to configure a switchport to sniff all VLAN traffic
B. Appending an additional tag to an 802.1Q frame such that the switch forwards to packet to the embedded VLAN ID
C. Flooding the VLAN with traffic containing spoofed MAC addresses in an attempt to cause the CAM table to overflow
D. Spoofing the IP address of the host to that of a host in the target VLAN
Correct Answer: B
QUESTION 45
The newly appointed trainee technician wants to know where Kerberos is mainly used. What will your reply be?
A. Session-layer protocols, for data integrity and checksum verification.
B. Application-layer protocols, like Telnet and FTP.
C. Presentation-layer protocols, as the implicit authentication system for data stream or RPC.
D. Transport and Network-layer protocols, for host to host security in IP, UDP, or TCP.
Correct Answer: B
QUESTION 46
Which of the following statements regarding Certificate Revocation List (CRL) is valid when using PKI?
A. The CRL resides on the CA server and is built by querying the router or PIX to determine which “First Test, First Pass” – www.lead2pass.com 116 Cisco 350-018 Exam clients’ certificate status in the past.
B. The CRL is used to check presented certificates to determine if they are revoked.
C. A router or PIX will not require that the other end of the IPSec tunnel have a certificate if the crl optional command is in place.
D. The router’s CRL includes a list of clients that have presented invalid certificates to the router in the past.
Correct Answer: B
QUESTION 47
What is the rationale behind a Network Administrator wanting to use Certificate Revocation Lists (CRLs) in their IPSec implementations?
A. CRLs allow netwotk administrators the ability to do “on the fly” authentication of revoked certificates.
B. They help to keep a record of valid certificates that have been issued in their network
C. CRLs allow network administrators to deny devices with certain certificates from being authenticated to their network.
D. Wildcard keys are much more efficient and secure. CRLs should only be used as a last resort.
Correct Answer: C
QUESTION 48
What sets the FECN bit in Frame Relay?
A. The Frame Relay network, to inform the DTE receiving the frame that congestion was experienced in the path form source to destination.
B. The Frame Relay network, in frames traveling in the opposite direction from those frames that encountered congestion.
C. The receiving DTE, to inform the Frame Relay network that it is overloaded and that the switch should throttle back.
D. The sending DTE, to inform the Frame Relay network that it is overloaded and that the switch should throttle back
Correct Answer: A

QUESTION 49
Under which of the following circumstances will Network Address Translation (NAT) not work well?
A. With outbound HTTP when AAA authentication is involved.
B. With traffic that carries source and/or destination IP addresses in the application data stream.
C. With ESP Tunnel mode IPSec traffic.
D. When PAT (Port Address Translation) is used on the same firewall.
Correct Answer: B

QUESTION 50
Generally speaking which of the following could be done to mitigate a Day Zero host or server attack?
A. Install software that prevents actions such as buffer overflows and writes to the system directory. “First Test, First Pass” – www.lead2pass.com 117 Cisco 350-018 Exam
B. Deploy Intrustion Detection on all switches that directly connect to hosts or servers.
C. Install Virus scanning software.
D. Ensure that your hosts and servers all have the latest security patches.
Correct Answer: A
QUESTION 51
The newly appointed company trainee technician wants to know how a route running Certificate Enrollment Protocol (CEP) obtains a certificate. What will your reply be?
A. The router administrator should send an e-mail message to ‘[email protected]’. This message should request a certificate and include the FQDN of the device.
B. If using Cisco IDS version 11.3 or 12.0, the router administrator should enter the following configuration: crypto ca identity <registered_ca_name> enrollment ftp:// <cetificate_authority>
C. The router administrator has to copy the certificate from the peer router at the other end of the tunnel and then paste it onto the local router.
D. If using Cisco IOS version 11.3 or 12.0, the router administrator should enter the following configuration: crypto ca identify <registered_ca_name> enrollment http:// <certificate authority>
Correct Answer: D
QUESTION 52
The addresses on the inside of a packet-filtering router are configured from the network 10.0.0.0/8. Which of the following access-list entries on the outside gateway router would prevent spoof attacks to this network?
A. access-list 101 deny ip 10.0.0.0 0.0.0.255 0.0.0.0 255.255.255.255
B. access-list 101 deny ip 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0
C. access-list 101 deny ip any 10.0.0.0 255.255.255
D. access-list 101 deny ip 10.0.0.0 0.255.255.255 any
Correct Answer: D
QUESTION 53
Below are four ‘out” access-lists, configured on an interface.
What list will block an IP packet with source address 144.23.67.94, destination address 197.55.34.254, destination TCP port 23 from leaving the routr?
A. access-list 100 deny ip tcp 144.23.67.0 0.0.0.7 eq telnet 197.55.34.240 0.0.0.15 eq telnet access-list 100 permit ip any any
B. access-list 100 deny tcp 144.23.67.94 0.0.0.7 any eq telnet access-list 100 permit ip 197.55.34.240 0.0.0.15 eq telnet any
C. access-list 100 deny tcp 144.23.67.96 0.0.0.7 eq telnet 197.55.34.240 0.0.0.15 access-list 100 permit ip any any
D. access-list 100 deny ip 144.23.67.94 0.0.0.7 host 144.23.67.94 access-list 100 permit ip any any
Correct Answer: B
QUESTION 54
A router is connected to a serial link with a protocol MTU of 512 bytes. If the router receives an IP packet containing 1024 bytes, it will: (Select two)
A. Always drop the packet.
B. Fragment the packet, also, the router at the other side of the serial link will reassemble the packet.
C. Drop the packet if the DF bit is set.
D. Fragment the packet and sent it, also, the destination will reassemble the packet when it arrives.
Correct Answer: CD QUESTION 55
The primary benefit of RSA encrypted nonces over RSA signatures is:
A. The do not require a certificate authority.
B. The offer repudiation.
C. They are not subject to export control
D. There is better scalability for multiple peers.

Correct Answer: A QUESTION 56
The CEO of a tech company want to know which security programs can effectively protect your network against password sniffer programs? (Choose three.)
A. IPSec, due to it encrypting data.
B. RLOGIN, because it does not send passwords.
C. Kerberos, due to encrypt password abilities.
D. One time passwords, because the passwords always change.

Correct Answer: ACD QUESTION 57
Which of the following is a description of the principle on which a Denial of Service (DoS) attack works?
A. MS-DOS and PC-DOS operating systems using a weak security protocol.
B. Overloaded buffer systems can easily address error conditions and respond appropriately.
C. Host systems are incapable of responding to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).
D. All CLIENT systems have TCP/IP stack compromisable implementation weaknesses and permit them to launch an attack easily.

Correct Answer: C QUESTION 58
When using a sniffer directly connected to an access switch, the sniffer sees an excessive amount
“First Test, First Pass” – www.lead2pass.com 119 Cisco 350-018 Exam of BPDUs with the TCA bit set. Which are the most likely explanations?
A. There are no problems in the network.
B. Ports connecting to workstations do not have spanning tree portfast configured.
C. Bad cabling is being used in the network.
D. The CPU utilization on the root switch is getting up to 99% and thus not sending out any BPDUs.

Correct Answer: B QUESTION 59
Which three methods best describe a secure wireless LAN implementation? (choose three)
A. Deploy WEP using a static 128 bit key.
B. Deploy dynamic key management.
C. Deploy mutual authentication between access point and client.
D. Deploy mutual authentication between authentication server and client.

Correct Answer: ABD QUESTION 60
You are performing device management with a Cisco router. Which of the following is true?
A. The Cisco Secure Intrustion Detection System sensor can apply access-list definition 198 and 199 (default) to the router in response to an attack signature.
B. The Cisco Secure Intrustion Detection System sensor can shut down the router interface in response to an attack signature.
C. The Cisco Secure Intrustion Detection System sensor can emit an audible alarm when the Cisco router is attached.
D. The Cisco Secure Intrustion Detection System sensor can modify the routing table to divert the attacking traffic.

Correct Answer: A QUESTION 61
The network administrator was requested to make a script with the following criteria:

Must be owned by the root and executable by a group of users other than the root.


Must not give other users root privileges other than execution of the script.


Must not allow the users to modify the script.
Which of the following would be the best way to accomplish this task?
A.
Having the root use ‘chmod 4755 <name_of_script>’ to make it readable and executable by non-root users or the use ‘chmod u-s <name_of_script>’.

B.
By having the users logged in under their own ID’s, typing ‘su’ and inputting the root password after they have been given the root password, then executing the script.

C.
Changing permissions to read-write and changing ownership of the script to the group.

D.
By having root use ‘chmod u-s <name_of_script>’.

Correct Answer: A QUESTION 62
Multicast addresses in the range of 224.0.0.0 through 224.0.0.244 are reserved for:
A. Administratively Scoped multicast traffic that is intended to reamin inside of a private network and is never intended to be transmitted into the Internet.
B. Global Internet multicast traffic intended to travel throughout the Internet.
C. Link-local multicast traffic consiting of network control messages that never leave the local subnet.
D. Any valid multicast data stream.

Correct Answer: C QUESTION 63
You are the network administrator of the company. Can you tell me, which is the first step to establish PPP communications over a link?
A. The switch sends NCP frames to negotiate parameters such as data compression and address assignment.
B. The originating node sends configuration request packets to negotiate the LCP layer.
C. One or more Layer 3 protocols are configured.
D. The originating node sends Layer 3 data packet to inform the receiving node’s Layer 3 process. Correct Answer: B
QUESTION 64
Which of the following commands must be present on the router (exact syntax would depend on the version) for the user with priviledge level 15 (as defined in their TACACS+ profile) to be dropped into enabled mode immediately when that user telnets into a Cisco router?
A. The global command: aaa authorization exec [default] [group] tacacs-
B. The line command: logon authorization tacacs+
C. The global command: privilege 15 enable
D. The global command: aaa authentication enable default tacacs+
Correct Answer: D QUESTION 65
Under which circumstances will the Diffie-Hellman key exchange allows two parties to establish a shared secret key? (Choose all that apply.)
A. Over an insecure medium.
B. After the termination of a secure session.
C. Prior to the initiation of a secure session.
D. After a session has been fully secured.

Correct Answer: ABC QUESTION 66
Based on the displayed network diagram and configuration. You are hosting a web server at
“First Test, First Pass” – www.lead2pass.com 121 Cisco 350-018 Exam 10.1.1.90, which is under a denial of service attack. Use NBAR to limit web traffic to that server at 200 kb/
s.
Which configuration is true to complete the NBAR configuration?

A.
policy-map DoS-Attack class DoS police cir 200 bc 200 be 200 conform-action transmit exceed-action drop violate-action drop

!
access-list 188 permit tcp any host 10.1.1.90 eq www
B. policy-map drop class DoS police conform-action transmit exceed-action drop
C. policy-map drop class DoS police cir 200000 bc 37500 be 75000 conform-action transmit exceed-action drop violate-action drop ! access-list 188 permit tcp any host 10.1.1.90 eq www
D. policy-map DoS-Attack class DoS police cir 200000 bc 37500 be 75000 conform-action transmit exceed-action drop violate-action drop ! access-list 188 permit tcp any host 10.1.1.90 eq www

Correct Answer: D
QUESTION 67
When a user initiales a dailup PPP logon to a Cisco router running RADIUS, what attributes are sent to the RADIUS server for authentication? (assume a PAP password)
A. Username (1), user service (7), PAP Password (8)
B. Username (1), user service (7), Filter ID (11), Login port(16), reply message (18), Vendor Specific Attribute (26)
C. Username (1), CHAP password (3)
D. Username (1), PAP Password (2), NAS-ip (4), NAS-port (5), NAS port type (61), user service (7), framed protocol (6)
Correct Answer: D
QUESTION 68
You are the network administrator. Two remote LANs connected via a serial connection are exchanging routing updates via RJP. An alternate path exists with a higher hop count. When the serial link fails, you receive complaints of users regarding the time it takes to transfer to the alternate path. How will you ameliorate this situation?
A. You could change the hop count on an alternate path to be the same cost.
B. You could reduce or disable the holdown timer by making use of the timers basic command.
C. You could increase the bandwidth of the alternate serial connection.
D. You could configure a static route with the appropriate administratice cost via the alternate route.
Correct Answer: B

QUESTION 69
When using MD5 authentication in BGP where is the hash passed in the IP packet?
A. The payload packet of a BGP request and response.
B. In a TCP header flagged with an option 19.
C. A specially defined BGP authentication packet.
D. In a UDP header flagged with an option 16.
Correct Answer: B QUESTION 70

Which of the following statements is NOT accurate regarding frame Relay?
A. Frame Relay does not provide error recovery.
B. Frame Relay provides error detection.
C. Frame Relay is high-speed, shared bandwidth protocol.
D. Frame Relay is based on a “packet-over-circuit” architecture.
Correct Answer: C QUESTION 71
Which of the following represents the correct ways of releasing IBGP from the condition that all
“First Test, First Pass” – www.lead2pass.com 123 Cisco 350-018 Exam IBGP neighbors need to be fully meshed? (Choose all that apply.)
A. Configure route reflectors
B. Configure IBGP neighbors several hops away
C. Configure confederations
D. Configure local preference

Correct Answer: AC QUESTION 72
A security System Administrator is reviewing the network system log files. He notes the following:
-Network log files are at 5 MB at 12:00 noon.


At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?
A.
He should contact the attacker’s ISP as soon as possible and have the connection disconnected.
B.
He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C.
He should log the file size, and archive the information, because the router crashed.

D.
He should run a file system check, because the Syslog server has a self correcting file system problem.

Correct Answer: B QUESTION 73
What reaction can be expected from the host when a router sends an ICMP packet, with the Type 3 (host unreachable) and Code 4 (DF bit set) flags set, back to the originating host?
A. The host should reduce the size of future packets it may send to the router.
B. This scenario is not possible because the packet will be fragmented and sent to the original destination.
C. The sending station will stop sending packets, due to the router not expecting to see the DF bit in the incoming packet.
D. The sending station will clear the DF bit and resend the packet.

Correct Answer: D QUESTION 74
Suppose a client calls and advises you that an FTP data transaction is not allowing him to view the host?? s directory structure. What are the most likely causes of the problem? (Choose all that apply.)
The client’s username/password is wrong.
A. ‘s FTP data port is not connected.
B. The client
C. The host machine has denied him access because the password is wrong.
D. An access list is stopping port 20 from detailing the directory list.

Correct Answer: BD QUESTION 75
Which of the following statements is true regarding SSL?
A. Every packet sent between host and client is authenticated.
B. Encryption is used after a simple handshake is completed.
C. SSL uses port 2246.
D. SSL is not a predefined standard.

Correct Answer: B QUESTION 76
In IPSec, what encapsulation protocol only encrypts the data and not the IP header?
A. ESP
B. AH
C. MD5
D. HASH

Correct Answer: A QUESTION 77
What can be drawn from the following syslog message receive by an administrator from his adaptive security appliance?
%ASA-6-201010 Embryonic connection limit exceeded 200/200 for inbound packet from 209.165.201. 10/1026 to 10. 1. 1. 1.20/80 on interface outside
A. The client at 209.165.201.10 has been infected with a virus.
B. The server at 10.1.1.20 is under a SYN attack.
C. The server at 10.1.1.20 is under a smurf attack.
D. The server at 209.165.201.10 is under a smurf attack.

Correct Answer: B QUESTION 78
Birthday attacks can protest against which of the following?
A. symmetric ciphering
B. asymmetric ciphering
C. hash algorithms
D. digital signatures

Correct Answer: C QUESTION 79
Which of the following is AH??s destination IP port?
A. 23
B. 21 “First Test, First Pass” – www.lead2pass.com 125 Cisco 350-018 Exam
C. 50
D. 51

Correct Answer: D
QUESTION 80
You work as a network engineer, study the exhibit carefully. Your company has just configured Cisco security appliance between R1 and R2 to enhance security and apply advanced protocol inspection. Unluckily, BGP stopped working after inserting the appliance in the network. How to restore BGP connectivity? (Choose three.)

A. Configure BGP on the security appliance as an IBGP peer to R1 and R2 in AS 65500.
B. Configure a static NAT translation to allow inbound TCP connections from R2 to R1.
C. Configure an ACL on the security appliance allowing TCP port 179 between R1 and R2.
D. Configure a static route on R1 and R2 using the appliance inside and outside interfaces as gateways.
Correct Answer: BCD
QUESTION 81
In Cisco PIX Firewall Software version 7.0 and later, which command replaced the fixup protocol commands?
A. secure <protocol>
B. fixup protocol commands did not change in version 7.0
C. inspect <protocol>
D. audit <protocol>
Correct Answer: C
QUESTION 82
Certificate Enrollment Process (CEP) runs over what TCP port number? (Choose the best two answers.)
A. Same as HTTP
B. Port 80
C. Port 50
D. Port 51
Correct Answer: AB
QUESTION 83
On the basis of the partial debug output displayed in the exhibit, which value is contained inside the brackets [4] in line 1?

A. RADIUS VSA number
B. RADIUS attribute type value
C. RADIUS VSA length
D. RADIUS identifier field value
Correct Answer: B
QUESTION 84
What definition best describes Kerberized?
A. A general term that refers to authentication tickets
B. An authorization level label for Kerberos principals
C. Applications and services that have been modified to support the Kerberos credential infrastructure
D. A domain consisting of users, hosts, and network services that are registered to a Kerberos server
Correct Answer: C
QUESTION 85
Which three statements best describe how DNSSEC prevents DNS cache poisoning attacks from succeeding? (Choose three.)
A. DNSSEC utilizes DS records to establish a trusted hierarchy of zones.
B. DNSSEC signs all records with domain-specific keys.
C. DNSSEC introduces KEY records that hold domain-specific public keys
D. DNSSEC deprecates CNAME records and replaces them with DS records. “First Test, First Pass” – www.lead2pass.com 127 Cisco 350-018 Exam
Correct Answer: ABC
QUESTION 86
Which two of the following can you configure an IPS sensor with three sniffing interfaces as? (Choose two.)
A. three promiscuous sensors
B. two inline sensors, one promiscuous sensors
C. one inline sensor, one promiscuous sensor
D. three inline sensors
Correct Answer: AC QUESTION 87
What definition best describes a key distribution center when Kerberos is applied to a network?
A. A general term that refers to authentication tickets
B. An authorization level label for Kerberos principals
C. Applications and services that have been modified to support the Kerberos credential infrastructure
D. A Kerberos server and database program running on a network host.

Correct Answer: D QUESTION 88
Examine the following items, what are the header sizes for point-to-point and multipoint GRE with tunnel key?
A. 8 bytes for both
B. 4 bytes and 8 bytes respectively
C. 24 bytes for both
D. 4 bytes for both

Correct Answer: B QUESTION 89
Which three statements are correct concerning private address space? (Choose three.)
A. Private address space is defined in RFC 1918.
B. These IP addresses are considered private:
10.0.0.0 172.15.0.0 192.168.0.0
C. Private address space is not supposed to be routed over the Internet.
D. Using only private address space and NAT to the Internet is not considered as secure as having a stateful firewall.

Correct Answer: ACD QUESTION 90
“First Test, First Pass” – www.lead2pass.com 128 Cisco 350-018 Exam
Which of the following protocols does TACACS+ support?
A. PPP
B. AppleTalk
C. NetBIOS
D. All the above

Correct Answer: D
QUESTION 91
What is SDEE?
A. a queuing mechanism to store alerts
B. a protocol used by multiple vendors to transmit IDS events across the network
C. a mechanism to securely encode intrusion events in an event store
D. a Cisco proprietary protocol to transfer IDS events across the network
Correct Answer: B
QUESTION 92
Which two statements correctly describe NAT? (Choose two.)
A. NAT is only useful for TCP/UDP and ICMP traffic.
B. NAT provides one-to-one address mapping.
C. NAT provides one-to-many address mapping.
D. NAT can be used for all IP traffic.
Correct Answer: BD
QUESTION 93
What versions of TACACS does Cisco IOS support? (Select the best three answers.)
A. TACACS+
B. TACACS
C. Extended TACACS
D. Extended TACACS+
Correct Answer: ABC
QUESTION 94
Which command can be used to globally disable the requirement that a translation rule must exist before packets can pass through the firewall?
A. access-list
B. no nat-control
C. global <interface> 0
D. nat <interface> 0
Correct Answer: B

QUESTION 95
Which two statements are attributed to stateless filtering? (Choose two.)
A. It can look at sequence numbers to validate packets in flow
B. It must process every packet against the inbound ACL filter
C. The first TCP packet in a flow must be a SYN packet.
D. It can be used in asymmetrical traffic flows.
Correct Answer: BD
QUESTION 96
What algorithm initiates and encrypts a session between two routers?? exchange keys between two encryption devices?
A. Routing algorithm
B. Diffie-Hellman algorithm
C. The switching engine
Correct Answer: B QUESTION 97
You are a network engineer, can you tell me how do TCP SYN attacks take advantage of TCP to prevent new connections from being established to a host under attack?
A. taking advantage of the host transmit backoff algorithm by sending jam signals to the host
B. filling up a host listen queue by failing to ACK partially opened TCP connections
C. incrementing the ISN of each segment by a random number, causing constant TCP retransmissions
D. sending multiple FIN segments, forcing TCP connection release

Correct Answer: B QUESTION 98
Select three RFC 1918 addresses. (Choose three.)
A. 0.0.0.0/8
B. 10.0.0.0/8
C. 172.16.0.0/12
D. 192.168.0.0/16

Correct Answer: BCD QUESTION 99
An administrator notices a router??s CPU utilization has jumped from 2 percent to 100 percent, and that a CCIE engineer was debugging. What IOS command can the network administrator enter to stop all debugging output to the console and vty lines without affecting users on the connected router?
“First Test, First Pass” – www.lead2pass.com 130 Cisco 350-018 Exam
A. no logging console debugging
B. undebug all
C. line vty 0 4 no terminal monitor
D. reload the router

Correct Answer: B QUESTION 100
While implementing WLAN security, which three benefits can be obtained by using the TKIP instead of WEP? (Choose three.)
A. TKIP uses an advanced encryption scheme based on AES.
B. TKIP uses a 48-bit initialization vector
C. TKIP provides per-packet keying and a rekeying mechanism.
D. TKIP provides message integrity check Correct Answer: BCD

Exam F
QUESTION 1
Which three global correlation features can be enabled from Cisco IPS Device Manager (Cisco IDM)? (Choose three.)
A. Network Reputation
B. Data Contribution
C. Reputation Assignment
D. Signature Correlation
E. Global Data Integration
F. Reputation Filtering
G. Global correlation infection
Correct Answer: AFG
QUESTION 2
You are responsible for bringing up an IPsec tunnel between two Cisco IOS routers in Site A and Site B, and, at the same time, allowing them to access to the Internet from their local sites. You applied these configurations to the routers:
“First Test, First Pass” – www.lead2pass.com 159 Cisco 350-018 Exam “First Test, First Pass” – www.lead2pass.com 160 Cisco 350-018 Exam
You issue the show crypto ipsec sa command and see that tunnel is up, but no packets are encrypted or decrypted on either side. To test connectivity, you sourced a ping from the private interface of the each router, destined to the private interface of the far-end router. You ask a VPN expert to help you trouble shoot. The expert has verified that ESP is not being blocked, and the routing is correct. After troubleshooting, the expert makes which of these determinations?
A. The problem is with the encryption ACL. As you were testing with ICMP, you needed to allow ICMP in both encryption ACLs. Router 1: permit ICMP 192.168.1.0.0.0.0.255.192.168.2.0.0.0.0.255 Router 2: permit ICMP
192.168.1.0.0.0.0.255.192.168.2.0.0.0.0.255
B. The problem is with the NAT ACL. VPN traffic should be denied in the NAT ACL so that the ACL, looks likes the following. Router 1: Ip access list ext NAT deny IP 192.168.1.0.0.0.0.255.192.168.2.0.0.0.0.255 permit ip 192.168.1.0 any Router 2: Ip access list ext NAT deny IP 192.168.1.0.0.0.0.255.192.168.2.0.0.0.0.255 permit ip 192.168.1.0 any
C. The problem is that is not possible to do NAT along with VPN on a Cisco IOS router.
D. The problem is the NAT transparency is enabled. Disable NAT Transparency using the following global command on both routers. “First Test, First Pass” – www.lead2pass.com 161 Cisco 350-018 Exam No crypto ipsec nat-transparency udp-encapsulation.
Correct Answer: B QUESTION 3

When you define the BGP neighbor ttl-security command, you must consider which two of these restrictions? (Choose two.)
A. This feature is supported for internal BGP (IBGP) peer groups.
B. This feature is not supported for internal BGP (IBGP) peers.
C. This feature cannot be configured for a peer that is configured with the neighbor next-hop-self command.
D. This feature cannot be configured for a peer that is configured with the neighbor ebgp-multihop command.
E. This feature cannot be configured for a peer that is configured with the neighbor send- community command.
Correct Answer: BD
QUESTION 4
Which five of these are criteria for rule-based rogue classification of access points by the Cisco Wireless LAN Controller? (Select five.)
A. Minimum RSSI
B. Open authentication
C. MAC address range
D. Whether it matches a managed AP SSID
E. Whether it matches a user-configured SSID
F. Whether it operates on an authorized channel
G. Time of day the rouge operates
H. Number of clients it has
Correct Answer: ABDEH
QUESTION 5
Which four routing protocols are supported when using Cisco Configuration Professional? (Choose four.)
A. RIPv1
B. RIPv2
C. IGRP
D. EIGRP
E. OSPF
F. BGP
Correct Answer: ABDE

QUESTION 6
Application layer protocol inspection is available for the Cisco ASA 5500 Series Adaptive Security
“First Test, First Pass” – www.lead2pass.com 162 Cisco 350-018 Exam
Appliance. This feature performs which type of action on traffic traversing the firewall?
A. Classification and policing (for QoS)
B. Deep packet inspection
C. Flexible packet matching
D. Reverse path forwarding
E. Remote triggering of a black hole.
Correct Answer: B QUESTION 7
Refer to the exhibit.

“First Test, First Pass” – www.lead2pass.com 163 Cisco 350-018 Exam
Which command is required to fix the issue identified by Cisco ASDM Packet Tracer in the image?
A. nat (inside) 1 10.0.0.4
B. global (outside) 1 203.0.113.100
C. global (outside) 1 203.0.113.110
D. access-list outside permit tcp host 10.0.0.4 host 198.133.219.25 eq www
E. nat (outside) 10 198.133.219.25

Correct Answer: C
QUESTION 8
EIHRP functionality is very similar to which of these protocols?
A. TCP
B. ARP
C. IP
D. RDP
E. DHCP
Correct Answer: B
QUESTION 9
Which four of these areas can be characterized for network risk assessment testing methodology?(Choose four)
A. Router hostname and IP addressing scheme
B. Router filtering rules
C. Route optimization
D. Database connectivity and RTT
E. Weak authentication mechanisms
F. Improperly configured email servers
G. Potential web server exploits
Correct Answer: BEFG
QUESTION 10
In the context of Cisco Configuration Professional, to ediscover?a router means to establish a session to the router using either secure or nonsecure means, do which of the following, and populate a screen with the information obtained?
A. read the configuration present in the router
B. read the IOS version in the router
C. read the interface(s) information in the router
D. read the CPU information in the router
E. check if the router is UP or Down
Correct Answer: A
QUESTION 11
Refer to the exhibit. From the ASDM NAT Rules table, inside host 10.1.0.4 is translated to which IP address on the outside interface?

A. 203.0.113.254
B. 192.168.3.3
C. 192.168.3.4
D. 203.0.113.113
E. 203.0.113.114
Correct Answer: E
QUESTION 12
When a failover takes place on an adaptive security appliance configured for failover, all active connections are dropped and clients must reestablish their connections, unless the adaptive security appliance is configured in which two of the following ways?(Choose two)
“First Test, First Pass” – www.lead2pass.com 165 Cisco 350-018 Exam
A. active/standby failover
B. active/active failover
C. active/active failover and a state failover link has been configured
D. active/standby failover and a state failover link has been configured
E. to use a serial cable as the failover link
F. LAN-based failover
Correct Answer: CD
QUESTION 13
What is the main purpose of FlexConfig in Cisco Security Manager?
A. to share configuration between multiple devices
B. to configure device commands that are not supported by Cisco Security Manager
C. to duplicate/clone basic configuration of a device
D. to merge multiple policies into a simplified view
E. to configure complex commands for a device
Correct Answer: B
QUESTION 14
Refer to the Exhibit. The exhibit illustrates which type of attack?

A. virus infection
B. worm propagation
C. port scanning
D. denial of service (Dos)
E. distributed Dos (DDos) “First Test, First Pass” – www.lead2pass.com 166 Cisco 350-018 Exam
Correct Answer: E
QUESTION 15
All of these correctly describe SNMPv3 except which one?
A. does not provide any protection against denial of service attacks
B. provides a mechanism for verification that messages have not been altered in transit
C. requires the use of NTP to correctly synchronize timestamps and generate public/private key pairs used for encryption of messages
D. provides a mechanism for verification of the identity of the device that generated the message
E. includes timeliness indicators in each message so the receiving SNMP engine can determine if it was sent recently
Correct Answer: C

QUESTION 16
All of these are available from Cisco IPS Device Manager (Cisco IDM) except which one?
A. Interface Status
B. Global Correlation Reports
C. Sensor Information
D. CPU, Memory, and Load
E. Top Signatures
F. Top Applications
Correct Answer: E QUESTION 17

Which two of these properties does the UDP protocol itself provide? (Choose two)
A. reliable delivery of data
B. data rate negotiation
C. checksum to prevent data errors
D. prevention of data interception
E. efficient data transfer
Correct Answer: CE
QUESTION 18
Which two U.S. government entities are authorized to execute and enforce the penalties for violations of the Sarbanes-Oxley (SOX) act? (Choose two.)
A. Federal Trade Commission (FTC)
B. Federal Reserve Board
C. Securities and Exchange Commission (SEC)
D. Office of Civil Rights (OCR)
E. United States Citizenship and Immigration Services (USCIS) “First Test, First Pass” – www.lead2pass.com 167 Cisco 350-018 Exam
F. Internal Revenue Service (IRS)
Correct Answer: BC
QUESTION 19
NHRP functionality is very similar to which of these protocols?
A. TCP
B. ARP
C. IP
D. RDP
E. DHCP
Correct Answer: B
QUESTION 20
You have recently deployed DMVPN Phase 3 for your WAN. Each of the spokes has a static IP assigned to it by the ISP, except one, which gets a dynamic IP. After a recent power loss during the day, the router rebooted, but was unable to bring the tunnel up to the hub immediately. The log on the spoke shows an NHRP registration reply from the hub indication an error.
%NHRP-3-PAKREPLY: Receive Registration Reply packet with error unique address registered already
(14) interface Tunnel0 ip address 17216.1.1.255.255.255.255.0 no ip redirects ip nhrp authentication cisco ip nhrp map multicast dynamic ip nhrp network-id 10 ip nhrp holdtime 3600 ip nhrp redirect tunnel source FastEthermet0/0 tunnel mode gre multipoint
Below is the configuration of the tunnel interface of Spoke 1 Interface Tunnel 0 ip address 17216.1.2.255.255.255.255.0 no ip redirects ip nhrp authentication cisco ip nhrp map multicast 1.1.1.2 ip nhrp map 172.16.1.1 1.1.1.2 ip nhrp network-id 20 ip nhrp holdtime 3600 ip nhrp nhs 172.16.1.1 ip nhrp shortcut tunnel source FastEthermet0/0 tunnel mode gre multipoint
Which of these actions could solve this problem?
A. Configure tunnel protection, with the appropriate cryptographic configuration on the hub and spokes
B. Configure the no ip nhrp registration unique command on the hub, Hub 1 “First Test, First Pass” -www.lead2pass.com 168 Cisco 350-018 Exam
C. Configure the ip nhrp registration no-unique command on the spoke, Spoke 1
D. Remove the ip nhrp shortcut command from the spoke, Spoke 1
Correct Answer: C
QUESTION 21
The Cisco IPsec VPN Shared Port Adapter (SPA) operates in which mode of IPsec implementation?
A. bump in the wire (BITW)
B. bump in the network (BITN)
C. bump in the stack (BITS)
D. hardware-assisted tunnel mode (HATM)
E. hardware-assisted transport mode (HATM)
Correct Answer: A
QUESTION 22
A Layer 2 switch forwards traffic based on which of these?
A. IP layer addresses
B. ARP layer addresses
C. MAC layer addresses
D. Forwarding information Base (FIB)
E. Hardware-Assisted Forwarding (HAF)
Correct Answer: C
QUESTION 23
A 1200-byte packet arrives on the LAN segment and needs to be fragmented before being forwarded to the egress interface. Which of these identifies the correct IP header fields for the IP fragments after fragmentation (where MF is the More Fragment flag bit, and FO is the Fragment Offset in the IP header)?
A. fragment1: id=1, length=1000, MF=0, FO=980; fragment2: id=2, length=220, MF=0, FO=980
B. fragment1: id=1, length=996, MF=1, FO=0; fragment2: id=1, length=224, MF=0, FO=122
C. fragment1: id=1, length=600, MF=1, FO=0, fragment2: id=2, length=620, MF=0, FO=75
D. fragment1: id=1, length=1000, MF=1, FO=0; fragment2: id=1, length=220, MF=0, FO=980
E. fragment1: id=1, length=600, MF=0, FO=580; fragment2: id=1, length=620, MF=0, FO=0
Correct Answer: B QUESTION 24

All of these correctly describe advantages of GETVPN compared to traditional IPsec except which one?
A. Eliminates the need for tunnels, and therefore scales better
B. Provides always-on full mesh encryption capability
C. Provides native multicast encryption “First Test, First Pass” – www.lead2pass.com 169 Cisco 350-018 Exam
D. Allows all members to dynamically discover each either with no static peer configuration required
E. Can take advantage of the existing routing infrastructure, and does not require overlay routing
Correct Answer: D
QUESTION 25
Hypertext Transfer Protocol Secure (HTTPS) was created to provide which of these?
A. a secure connection over a secure network
B. a secure connection over an insecure network
C. an authenticated connection over a secure network
D. an authenticated connection over an insecure network
E. an authorized connection over an insecure network
Correct Answer: B
QUESTION 26
Which three of these statements about a zone-based policy firewall are correct? (Choose three)
A. An interface can be assigned to only one security zone.
B. Traffic cannot flow between a zone member interface and any interface that is not a zone member.
C. By default, all traffic to and from an interface that belongs to a security zone is dropped unless explicitly allowed in the zone-pair policy.
D. In order to pass traffic between two interfaces that belong to the same security zone, you must configure a pass action using class-default
E. Firewall policies, such as the pass, inspect, and drop actions, can only be applied between two zones.
Correct Answer: ABE
QUESTION 27
The Rivest, Shamir, and Adleman (RSA) algorithm can be used to create digital signatures for authentication. Suppose Alice wants to sign a message using RSA and send it to Bob. Which one of the following statements most accurately describes this operation?
A. Alice creates a hash of her messages, and then encrypts this hash with her public key to create the signature to be sent along with the message to Bob
B. Alice creates a hash of her message, and then encrypts this hash with her private key to create the signature to be sent along with the message to Bob
C. Alice creates a hash based on her message combined with her public key, and then uses this hash to create the signature to be sent along with the message to Bob
D. Alice creates a hash based on her message combined with her private key, and then uses this hash to create the signature to be sent along with the message to Bob
E. Alice encrypts her message with her public key, creates a signature by hashing this encrypted message. Then sends it along with the message to Bob
Correct Answer: B
QUESTION 28
Refer to the exhibit. Client1 has an IPsec VPN tunnel established to a Cisco ASA adaptive security
“First Test, First Pass” – www.lead2pass.com 170 Cisco 350-018 Exam
appliance in Chicago. The remote access VPN client wants to access www.cisco.com, but split tunneling is disabled. Which of these is the appropriate configuration on the Cisco ASA adaptive security appliance if the VPN client’s public IP address is 209.165.201.10 and it is assigned a private address from 192.168.1.0/24?

A. same-security-traffic permit intra-interface Ip local pool ippool 192.168.1.1-192.168.1.254 Global (outside) 1 209.165.200.230 Nat (inside) 1 192.168.1.0 255.255.255.0
B. same-security-traffic permit intra-interface Ip local pool ippool 192.168.1.1-192.168.1.254 Global (outside) 1 209.165.200.230 Nat (outside) 1 192.168.1.0 255.255.255.0
C. same-security-traffic permit intra-interface Ip local pool ippool 192.168.1.1-192.168.1.254 Global (inside) 1 209.165.200.230 Nat (inside) 1 192.168.1.0 255.255.255.0
D. same-security-traffic permit intra-interface Ip local pool ippool 192.168.1.1-192.168.1.254 Global (outside) 1 209.165.200.230 Nat (outside) 1 209.165.201.10 255.255.255.255
E. same-security-traffic permit intra-interface Ip local pool ippool 192.168.1.1-192.168.1.254 Global (outside) 1 209.165.200.230 Nat (inside) 1 209.165.201.10 255.255.255.255
F. same-security-traffic permit intra-interface Ip local pool ippool 192.168.1.1-192.168.1.254 Global (inside) 1 209.165.200.230 Nat (inside) 1 209.165.201.10 255.255.255.255
Correct Answer: B
QUESTION 29
One of the main security issues with the WEP protocol stems from?
A. lack of any integrity checking
B. having a maximum key of 40 bits
C. use of Open System authentication
D. use of RC4
E. lack of standardization of the WEP protocol itself
Correct Answer: D
QUESTION 30
How can you configure Cisco Easy VPN Server on a Cisco IOS router in order to allow you to apply various QoS policies to different VPN groups?
A. Configure the command qos pre-classify under the crypto map that references each VPN group.
B. Configure Cisco Easy VPN using IPsec Dynamic Virtual Tunnel Interface (DVTI) and apply service policies on the VTI that are referenced by the ISAKMP profiles matching the respective VPN groups
C. It is not currently possible to apply QoS to different VPN groups
D. Configure s static VTI that allows configuration of QoS service policies with each VTI referenced by the respective VPN groups
Correct Answer: B
QUESTION 31
Which three of these are considered TCP/IP protocols? (Choose three)
A. ICMP
B. DOCSIS
C. IGMP
D. Ethernet
E. ATM
F. DNS
Correct Answer: ACF
QUESTION 32
All of these are application layer protocols based on the OSI model except which one?
A. SMTP
B. FTP
C. DNS
D. Telnet
E. SNMP
F. OSPF
Correct Answer: F
QUESTION 33
Which of these notification protocols are supported in Cisco Security MARS?
A. SNMP trap only
B. syslog only
C. email (Sendmail) adn SMS only
D. SNMP trap and syslog only
E. syslog email (Sendmail), SMS, and SNMP trap
Correct Answer: E
QUESTION 34
“First Test, First Pass” – www.lead2pass.com 172 Cisco 350-018 Exam
The Network Participation feature of Cisco IPS gathers all of these when it collects real-time data from IPS sensors except which one?
A. signature ID
B. signature name
C. attacker port
D. reputation score
E. signature version
F. victim port
Correct Answer: B
QUESTION 35
Assessing your network for potential security risks (risk assessment) should be an integral element of your network architecture. Which four task items need to be performed for an effective risk assessment and to evaluate network posture? (Choose four.)
A. Notification
B. Discovery
C. Profiling
D. Scanning
E. Base lining
F. Validation
G. Mitigation
Correct Answer: BCDF
QUESTION 36
Which two of these devices can be used as Cisco Easy VPN Remote hardware clients? (Choose two)
A. ASA5510 Adaptive Security Appliance
B. 800 Series Router
C. ASA5505 Adaptive Security Appliance
D. PIX 515E Security Appliance
E. 7200 Series Router
Correct Answer: BC
QUESTION 37
If single sign-on (SSO) is not working for a Layer 2 out-of-band (OOB) virtual gateway implementation, which two of these can you check to troubleshoot the issue? (Choose two.)
A. The clock between the NAC server and the Active Directory server is synchronized.
B. The KTPass.exe command was executed on the domain controller with the /RC4Only option.
C. The adkernel.exe process on the domain controller is accepting requests from the Cisco Clean Access Server.
D. The Active Directory domain definition was defined in upper case on the Cisco Clean Access Manager.
E. The ports are open to the appropriate domain controller in the guest role on Cisco Clean Access Manager. “First Test, First Pass” – www.lead2pass.com 173 Cisco 350-018 Exam
Correct Answer: AD

QUESTION 38
The major difference between VTP version 1 and VTP version 2 is which of these?
A. Extended VLAN range support
B. Gigabit Ethernet Support
C. VTP domain and password support
D. Token Ring support
E. Transparent mode support
Correct Answer: D QUESTION 39

Which two of these statements are true about the Host Scan capabilities of Cisco ASA adaptive security appliances? (Choose two.)
A. Endpoint assessment functionality within Host Scan requires you to purchase an “Endpoint Assessment “license
B. Host Scan functionality occurs after Cisco Secure Desktop goes through the preiogin assessment and before DAP enforces its polices
C. You must use the advanced endpoint Host Scan to collect end-host information such as the end-no suppuration system, registry, files, or actively running processes.
D. The Host Scan database must be updated every 60 days to ensure that the antivirus and antispyware database is accurate.
E. Host Scan is a modular component of Cisco Secure Desktp
Correct Answer: BE
QUESTION 40
Which four of these attacks or wireless tools can the standard IDS signatures on a wireless LAN controller detect? (Choose four)
A. Association flood
B. SYN flood
C. NetStumbler
D. Fragment Overlap attack
E. Deautheorization flood
F. Long HTTP request
G. AirSnort
H. Wellenreiter
Correct Answer: ACEH
QUESTION 41
The Gramm-Leach-Bliley Act (GLBA), was enacted by the United States Congress in 1999. This act is used primarily for which two of these? (Choose two.)
“First Test, First Pass” – www.lead2pass.com 174 Cisco 350-018 Exam
A. Organizations in the financial sector
B. Assurace of the accuracy of financial records
C. Confidentility of personal healthcare information
D. Organizations tha offer loans
E. Organizations in the education sector
Correct Answer: AD

QUESTION 42
Which of these standards replaced 3DES?
A. PKI
B. Blowfish
C. RC4
D. SHA-1
E. AES
F. MD5
Correct Answer: E
QUESTION 43
Which two of these multicast addresses does OSPF use?(Choose two)
A. 224.0.0.5 to send hello packets to discover and maintain neighbor relationships
B. 224.0.0.6 to send hello packets to discover and maintain neighbor relationships
C. 224.0.0.10 to send hello packets to discover and maintain neighbor relationships
D. 224.0.0.5 to send OSPF routing information to designated routers on a network segment
E. 224.0.0.6 to send OSPF routing information to designated routers on a network segment
F. 224.0.0.10 to send OSPF routing information to designated routers on a network segment
Correct Answer: AE
QUESTION 44
What is the highest target value rating that you can assign to an ip address in Cisco IPS?
A. Medium
B. High
C. Mission-Critical
D. Serve
E. Important
Correct Answer: C
QUESTION 45
LEAP authentication is provided by which of these?
A. Hashing of the password before sending
B. User-level certificates “First Test, First Pass” – www.lead2pass.com 175 Cisco 350-018 Exam
C. PAC exchange
D. Modified MS-CHAP
E. TACAS+
Correct Answer: D

QUESTION 46
Which three of these are true statements about TLS? (Choose three.)
A. It is a secure protocol encapsulated within SSL
B. It is a more recent version of SSL
C. It allows for client authentication via certificates
D. If a third-party (man i-the-middle) observes the entire handshake between client and server. The third-party can decrypt the encrypted data the passes between them
E. It can be used to secure SIP
F. It cannot be used for HTTPS
Correct Answer: BCE

QUESTION 47
All of these tools are available from the Cisco IPS manager Express (Cisco IME) GUI except which one?
A. WHOIS
B. Traceroute
C. Telnet
D. DNS lookup
E. ping
Correct Answer: C
QUESTION 48
Which of these is true of the NHRP network ID (specified by the command ip nhrp network-id)?
A. It needs to be the same on all routers within the DMVPN cloud for the tunnels to come up.
B. It is locally significant, and is not sent as part of the NHRP packet.
C. It is not required for the DMVPN to come up, only the tunnel key is required.
D. It is only required on the hub with multiple DMVPN clouds, in order to segregate the clouds on the hub.
Correct Answer: B
QUESTION 49
All of these are layers in the OSI model except which one?
A. presentation layer
B. physical layer
C. application layer
D. service layer “First Test, First Pass” – www.lead2pass.com 176 Cisco 350-018 Exam
E. transport layer
Correct Answer: D
QUESTION 50
On a Cisco Catalyst switch, which three modes can a port be set to for trunking? (Choose three.)
A. dynamic auto
B. off
C. on
D. nonegotiate
E. dynamic desirable
F. negotiate
G. trunk
Correct Answer: AEG

QUESTION 51
What are IKE Phase 1 Exchange (Main Mode) messages 3 and 4 used for?
A. generate SKEYID_e, which is used to encrypt IKE messages
B. generate SKEYID_a, which is used to provide data integrity and authentication to IKE messages
C. exchange authentication information (pre-shared key)
D. exchange information that is required for key generation using Diffie-Hellman (DH)
E. authenticate the digital signature (certifications)
Correct Answer: D
QUESTION 52
With GETVPN, if a key server is configured to use multicast as the rekey transport mechanism, then under which of these conditions will the key server retransmit the rekey message?
A. It never retransmits the rekey message.
B. It only retransmits the rekey message when it does not receive the rekey acknowledgement from at least one group member.
C. It only retransmits the rekey message when it does not receive the rekey acknowledgement from all group members.
D. It only retransmits the rekey message when DPD to the group member fails.
E. It always retransmits the rekey message.
Correct Answer: E
QUESTION 53
Which two of these are things an attacker can do with an encrypted RC4 data stream? (Choose two.)
A. use XOR to match the encrypted stream to itself, in order to retrieve the key
B. filter out the keystream if the attacker gets two streams encrypted with the same RC4 key
C. calculate the checksum of the encrypted stream “First Test, First Pass” – www.lead2pass.com 177 Cisco 350-018 Exam
D. retrieve the private key if the attacker has access to the public key
E. flip a bit of the encrypted text, which will flip a corresponding bit in the cleartext once it is decrypted
Correct Answer: BE
QUESTION 54
When a DHCP server offers an IP address to a client, which field is populated with the client’s IP address?
A. CIADDR
B. YIADDR
C. SIADDR
D. GIADDR
E. CHADDR
Correct Answer: B
QUESTION 55
Which four of these support mutual authentication? (Choose four.)
A. EAP-TTLS
B. PEAP
C. EAP-FAST
D. EAP-MD5
E. EAP-SHA1
F. EAP-TLS
Correct Answer: ABCF

QUESTION 56
Which two of these statements are true about the Cisco Clean Access solution? (Choose two.)
A. When two Cisco Clean Access Managers (Cisco CAMs) are set up in failover, the “service IP address” is the IP address of the primary Cisco CAM.
B. If a single Cisco Clean Access Server (Cisco CAS) operating in in-band device mode dies, the..com 289 traffic cannot pass through the hardware.
C. When a Cisco Clean Access Server (Cisco CAS) is unable to communicate with the Cisco CAM, users who are already connected will not be affected, but new users will not be able to log in.
D. When a Cisco Clean Access Server (Cisco CAS) is unable to communicate with the Cisco CAM, all users (previously authenticated users and new users) will pass traffic due to its default behavior of Fail Open.
E. The clock between the Cisco Clean Access Server (Cisco CAS) and the Cisco Clean Access Manager (Cisco CAM) must be synchronized for Active Directory single sign-on to work.
Correct Answer: BC
QUESTION 57
Which statement in reference to IPv6 multicast is true?
A. PIM dense mode is not part of IPv6 multicast. “First Test, First Pass” – www.lead2pass.com 178 Cisco 350-018 Exam
B. The first 12 bits of an IPv6 multicast address are always FF.
C. IPv6 multicast uses Multicast Listener Discovery (MLD).
D. IPv6 multicast requires Multicast Source Discovery Protocol (MSDP).
Correct Answer: C
QUESTION 58
What is the DNS transaction ID (TXID) used for?
A. tracking anomalous behaviors of name servers
B. tracking queries and responses to queries
C. Message Tracking Query Protocol (MTQP)
D. tracking queries on behalf of another DNS resolver
E. tracking Time To Live (TTL) set in the RR
Correct Answer: B
QUESTION 59
A customer just deployed Cisco IOS firewall, and it has started to experience issues with applications timing out and overall network slowness during peak hours. The network administrator noticed the following syslog messages around the time of the problem:
%FW-4-ALERT_ON: getting aggressive, count (501/500) current 1-min rate: 200
What could the problem be, and how might it be mitigated?
A. The DoS max half-open session threshold has been reached. Increase the threshold with the ip inspect max-incomplete high configuration.
B. The Cisco IOS Firewall session license limit has been exceeded. Obtain a new license with more sessions.
C. The router system resource limit threshold has been reached. Replace the router with one that has more memory and CPU power.
D. The aggregate virus detection threshold has been reached. Identify the affected host and patch accordingly.
E. The per-host new session establishment rate has been reached. Increase the threshold with the ip inspect tcp max-incomplete host configuration.
Correct Answer: A

QUESTION 60
All of these are predefined reports in the Cisco IPS Manager Express (Cisco IME) GUI except which one?
A. Attacks Overtime Report
B. Top Victims Report
C. Top Attacker Report
D. Top Application Report
E. Top Signature Report
Correct Answer: D
QUESTION 61
A false negative represents which of these scenarios?
A. when an intrusion system generates an alarm after processing traffic that it is designed to detect
B. when an intrusion system generates an alarm after processing normal user traffic
C. when an intrusion system fails to generate an alarm after processing traffic that it is designed to detect
D. when an intrusion system fails to generate an alarm after processing normal user traffic
Correct Answer: C
QUESTION 62
During a computer security forensic investigation, a laptop computer is retrieved that requires content analysis and information retrieval. Which file system is on it, assuming it has the default installation of Microsoft Windows Vista operating system?
A. HSFS
B. WinFS
C. NTFS
D. FAT
E. FAT32
Correct Answer: C
QUESTION 63
Which of the following is used in PEAP to provide authentication for the EAP exchange?
A. RC4
B. TLS
C. SSH
D. AES
E. 3DES
Correct Answer: B
QUESTION 64
During a DoS attack, all of the data is lost from a user’s laptop, and the user must now rebuild the system. Which tool can the user use to extract the Outlook PST file from the Microsoft Exchange server database?
A. NTbackup.exe
B. Exmerge.exe
C. Eseutil.exe
D. Ost2pst.exe
Correct Answer: B

QUESTION 65
The BPDU guard feature disables which kind of port when the port receives a BPDU packet?
“First Test, First Pass” – www.lead2pass.com 180 Cisco 350-018 Exam
A. any port
B. nonegotiate port
C. access port
D. PortFast port
E. root port
Correct Answer: D
QUESTION 66
A DNS server that responds to query messages with information stored in Resource Records (RRs) for a domain name space stored on the server is known as which of these?
A. LDAP resolver
B. recursive resolver
C. zone
D. authoritative server
E. local server
Correct Answer: D
QUESTION 67
The Sarbanes-Oxley (SOX) act is a United States federal law that was enacted in July, 2002. SOX was introduced to provide which two of these? (Choose two.)
A. confidentiality and integrity of customer records and information
B. corporate fraud accountability
C. security standards that protect healthcare patient data
D. confidentiality of personal health information
E. assurance of the accuracy of financial records
Correct Answer: BE
QUESTION 68
Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)
A. IKE ID_KEY_ID
B. OU field in a certificate that is presented by a client
C. XAUTH username
D. hash of the OTP that is sent during XAUTH challenge/response
E. IKE ID_IPV4_ADDR
Correct Answer: AB

QUESTION 69
According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)
A. ISMS Policy “First Test, First Pass” – www.lead2pass.com 181 Cisco 350-018 Exam
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Correct Answer: ABCD

QUESTION 70
Which current RFC made RFCs 2409, 2407, and 2408 obsolete?
A. RFC 4306
B. RFC 2401
C. RFC 5996
D. RFC 4301
E. RFC 1825
Correct Answer: C
QUESTION 71
Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)
A. confidentiality and integrity of customer records and credit card information
B. accountability in the event of corporate fraud
C. financial information handled by entities such as banks, and mortgage and insurance brokers
D. assurance of the accuracy of financial records
E. US Federal government information
F. security standards that protect healthcare patient data
Correct Answer: BD
QUESTION 72
Which three statements about the IANA are true? (Choose three.)
A. IANA is a department that is operated by the IETF.
B. IANA oversees global IP address allocation.
C. IANA managed the root zone in the DNS.
D. IANA is administered by the ICANN.
E. IANA defines URI schemes for use on the Internet.
Correct Answer: BCD
QUESTION 73
Since HTTP is one of the most common protocols used in the internet, what should be done at a firewall level to ensure that the protocol is being used correctly?
A. Ensure that HTTP is always authenticated.
B. Ensure that a stateful firewall allows only HTTP traffic destined for valid web server IP address. “First Test, First Pass” – www.lead2pass.com 182 Cisco 350-018 Exam
C. Ensure that your web server is in a different zone than your backend servers such as SQL and DNS.
D. Ensure that your firewall enforces HTTP protocol compliance to ensure that only valid flows are allowed in and out of your network.
E. Ensure that a firewall has SYN flood and DDoS protection applied specifically for valid web servers.
Correct Answer: D

QUESTION 74
What is the main reason for using the “ip ips deny-action ips-interface” IOS command?
A. To support load-balancing configurations in which traffic can arrive via multiple interfaces.
B. To selectively apply drop actions to specific interfaces.
C. This is not a valid IOS command.
D. To enable IOS to drop traffic for signatures configured with the Drop action.
Correct Answer: A
QUESTION 75
Which three control plane subinterfaces are available when implementing Cisco IOS Control Plane Protection? (Choose three.)
A. CPU
B. host
C. fast-cache
D. transit
E. CEF-exception
F. management
Correct Answer: BDE
QUESTION 76
Which type of PVLAN ports can communicate among themselves and with the promiscuous port?
A. isolated
B. community
C. primary
D. secondary
E. protected
Correct Answer: B
QUESTION 77
An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?
A. NAT overload
B. NAT extendable
C. NAT TCP load balancing “First Test, First Pass” – www.lead2pass.com 183 Cisco 350-018 Exam
D. NAT service-type DNS
E. NAT port-to-application mapping
Correct Answer: B
QUESTION 78
Which three configuration components are required to implement QoS policies on Cisco routers using MQC? (Choose three.)
A. class-map
B. global-policy
C. policy-map
D. service-policy
E. inspect-map
Correct Answer: ACD

QUESTION 79
Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)
A. Microsoft Windows registry keys
B. the existence of specific processes in memory
C. the UUID of an Apple iPad or iPhone
D. if a service is started on a Windows host
E. the HTTP User-Agent string of a device
F. if an Apple iPad or iPhone has been “jail-broken”
G. if an antivirus application is installed on an Apple MacBook
Correct Answer: ABDG

Cisco 350-018 Exam Certification Guide is part of a recommended study program from Cisco 350-018 that includes simulation and hands-on training from authorized Cisco 350-018 Learning Partners and self-study products from Cisco 350-018.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 350-018 Learning Partners worldwide

Cisco 350-018 Real Questions Answers, The Most Effective Cisco 350-018 Exam Guide With Accurate Answers

Now,Flydumps has publised the new version of Cisco 350-018 exam dumps with new added exam questions.Also the latest Cisco 350-018 PDF and VCE dumps with VCE test engine for free download,and the new Cisco 350-018 practice tests ensure your exam 100% pass.Visit www.Flydumps.com to get more exam dumps!

QUESTION 61
A router has this configuration on one of its interfaces:

interface FastEthernet0/0
ip address 192.168.1.33 255.255.255.224
end

“Pass Any Exam. Any Time.” – www.actualtests.com 24
How would the router treat a packet with a destination address of 192.168.1.63?

A. directly connected unicast
B. remote subnet unicast
C. directed broadcast
D. directed multicast
E. limited broadcast
Correct Answer: C
QUESTION 62
Prior to installing the Cisco IOS IPS version 5.0 signature package on a router for the first time, what must be done?
A. All signatures must be unretired.
B. All signatures must be enabled.
C. Cisco IOS IPS must be applied to an interface.
D. The Cisco IPS Public Crypto Key must be installed on the router.
E. The PostOffice parameters must be configured.
Correct Answer: D
QUESTION 63
Which four types of violations can be investigated using a security forensic process? (Choose four.)
A. Compliance ActualTests.com
B. Intrusion
C. Asset
D. Access
E. Risk
F. Policy
Correct Answer: ABDF
QUESTION 64
A Cisco ASA adaptive security appliance configured in multiple context mode supports which three of these features? (Choose three.)
“Pass Any Exam. Any Time.” – www.actualtests.com 25
A. VPN
B. NAT
C. IPv6 traffic filtering
D. multicast
E. failover
Correct Answer: BCE
QUESTION 65
The Control Plane Policing (CoPP) feature allows users to configure a quality of service (OoS) filter that manages the traffic flow of control plane packets. The filter protects the control plane of Cisco IOS devices against reconnaissance and denial of service (DoS) attacks. The Control Plane Policing feature requires the Modular Quality of Service (OoS) Command-Line interface (CLI) (MQC) to configure packet classification and policing. Which two MQC actions are supported in policy maps?
A. police and transit
B. police and drop
C. cef-exception and drop
D. default and drop
E. police and transmit
Correct Answer: B
QUESTION 66
Which of these authentication combinations would provide the highest level of security for an ActualTests.com IPsec remote-access VPN client?
A. pre-shared key and xauth (RADIUS server)
B. certificate and xauth (local server)
C. certificate and xauth (RSA SecurID token)
D. pre-shared key and xauth (RSA SecurID token)
E. pre-shared key and xauth (local server)
F. certificate and xauth (RADIUS server)
Correct Answer: F
QUESTION 67
“Pass Any Exam. Any Time.” – www.actualtests.com 26
A customer has Cisco IOS Firewall deployed. Even though the customer has FTP inspection enabled,
inspection does not appear to be working for FTP services running on a non-standard port of 21000.
Which feature can the customer enable to help resolve this?

A. ExtendableStatic NAT Port Translation
B. Cisco IOS Flexible Packet Matching
C. Firewall Application Inspection and Control
D. Firewall Application Layer Gateway
E. Port-to-Application Mapping
Correct Answer: E
QUESTION 68
Which three of these situations warrant engagement of a Security Incident Response team? (Choose three.)
A. loss of data confidentiality/integrity
B. damage to computer/network resources
C. denial of service (DoS)
D. computer or network misuse/abuse
E. pornographic blogs/websites
Correct Answer: ABC
QUESTION 69

ActualTests.com
Refer to the exhibit. The Cisco IOS Software-based switches are configured with VTP and VLANs as shown. The network administrator wants to quickly add the VLANs defined on SW1 to the configuration of SW2. Therefore, the administrator copies the vlan.dat file from the flash memory on SW1 to the flash memory of SW2. After the file is copied to SW2, it is rebooted. What is the VLAN status of SW2 after the reboot?
A. The VLAN information on SW2 will remain the same because it has been configured for transparent VTP mode. “Pass Any Exam. Any Time.” – www.actualtests.com 27
B. SW2 will clear the vlan.dat file and load its VLAN information from the configuration file stored in NVRAM.
C. A VTP mode mismatch will occur, causing the VLANS in the startup configuration to be ignored and all VLANs above 1005 to be erased.
D. The VLANs in the vlan.dat file will be copied to the running configuration and merged with the extended VLANs defined in the startup configuration.
E. All VLANs will be erased and all ports will be moved into the default VLAN 1.
Correct Answer: D
QUESTION 70

Refer to the exhibit. If Router1 receives a packet from LAN 1 with a destination IP address of 192.168.1.10, what happens to the packet?
A. Router1 drops the packet due to ARP failure.
B. Router1 drops the packet due to inverse ARP failure.
C. Router1 drops the packet, because there is no route to the destination.
D. Router1 forwards the packet onto the PPP link, but the packet gets dropped on Router2 because there is no route to the destination.
E. The packet loops between Router1 and Router2 until the TTL expires.

Correct Answer:
QUESTION 71
Which of these IPv6 messages should be filtered at the perimeter of your network if MIPv6 is not used?
A. ICMP Node Information Query (Type 139)
B. Type 2 Routing Header (RH2) (Type 43)
C. ICMPv6 Multicast Listener Report (Type 131)
D. Inverse Neighbor Discovery Solicitation Message (Type 141)
Correct Answer: B
QUESTION 72
Unicast Reverse Path Forwarding (Unicast RPF) is a protection mechanism that can be used against which of these?
A. TCP session hijacking attacks
B. brute-force attacks
C. teardrop attacks
D. password attacks
E. birthday attacks
F. spoofing attacks
Correct Answer: F
QUESTION 73
Which of these command sequences will send an email [email protected] using SMTP?
A. MAILFROM:<[email protected]> RCPT TO:<[email protected]> DATA
B. HELO invalid.com MAIL TO:<[email protected]> MESSAGE END
C. HELO invalid.com MAIL FROM:<[email protected]> ActualTests.com RCPT TO:<[email protected]> BODY
D. MAILFROM:<[email protected]> RCPT TO:<[email protected]> MESSAGE
Correct Answer: A
QUESTION 74
Which of these statements is true about the SSH login banner for SSHv1 and v2 connections?
A. It is not displayed. “Pass Any Exam. Any Time.” – www.actualtests.com 29
B. It is displayed before you log into the device.
C. It is displayed after you log into the device.
D. It can be displayed only after the SSH client sends the username.
E. It is not supported.
Correct Answer: B
QUESTION 75
OSPF uses multicast addresses to send hello packets and routing updates using which of these protocols/ ports?
A. IP protocol 17
B. TCP port 179
C. UDP port 520
D. TCP port 87
E. IP protocol 87
F. IP protocol 89
Correct Answer: F

QUESTION 76
What is the default username and password set for Cisco Security Device Manager (SDM)?
A. sdm/sdm
B. sdm/cisco C. cisco/sdm
D. cisco/cisco ActualTests.com
E. cisco/cisco123
Correct Answer: D
QUESTION 77
All of these are valid Cisco IOS AAA login authentication methods except which one?
A. none
B. kerberos
C. enable
D. local-case “Pass Any Exam. Any Time.” – www.actualtests.com 30
E. group radius
F. group tacacs+
Correct Answer: B
QUESTION 78
Communication between Cisco Security Device Manager (SDM) and a Cisco router is secured using which of these?
A. IPsec
B. SSL
C. AES
D. 3DES
E. Cisco proprietary encryption
Correct Answer: B
QUESTION 79
Which four of these are characteristics of a Cisco Network Intrusion Prevention System (IPS)? (Choose four.)
A. can provide the ability to drop the initial packet of an attack
B. analyzes a copy of the traffic on the network
C. can support TCP normalization
D. can change network traffic en route
E. cannot support TCP normalization
F. usually provides signature-based analysis ActualTests.com
Correct Answer: ACDF
QUESTION 80
Which three of these are among the implicit IPv6 ACL rules in Cisco IOS allowing ICMPv6 neighbor discovery? (Choose three.)
A. permit icmp any any nd-na
B. deny icmp any any nd-na
C. permit icmp any any nd-ns
D. deny icmp any any nd-nn “Pass Any Exam. Any Time.” – www.actualtests.com 31
E. permit ipv6 any any
F. deny ipv6 any any
Correct Answer: ACF
QUESTION 81
Which three of these make use of a certificate as part of the protocol? (Choose three.)
A. EAP-MD5
B. EAP-TLS
C. EAP-TTLS
D. EAP-FAST
E. EAP-PEAP
F. LEAP
Correct Answer: BCD
QUESTION 82
DNS Security Extension (DNSSEC) adds security functionality to the Domain Name System for which three purposes? (Choose three.)
A. origin authentication of DNS data
B. protection against denial of service (DoS) attacks
C. integrated data encryption using ESP
D. inclusion of the authorization flag in the DNS lookup
E. providing of confidentiality of data
F. data integrity ActualTests.com
Correct Answer: ADF
QUESTION 83
You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?
A. ipv6 port-map port telnet 223
B. ipv6 port-map port 23 port 23223
C. ipv6 port-map telnet port 23 233 “Pass Any Exam. Any Time.” – www.actualtests.com 32
D. ipv6 port-map telnet port 223
Correct Answer: D
QUESTION 84
The Extension Mechanisms for DNS (EDNS0) header bit is now required to support larger DNS message sizes for which of these reasons?
A. to allow walking of the Resource Record Signature (RRSIG) for a domain name space
B. to ensure that the authority section is always present
C. to enable lookup for IPv6 AAAA records
D. to enable lookup for DNSSEC resource records
E. to provide a place for TXT resource records larger than 900 bytes
Correct Answer: D
QUESTION 85
The SSL VPN implementation on a Cisco ASA adaptive security appliance supports which three of these features? (Choose three.)
A. sending TCP and UDP traffic through a smart tunnel
B. sending TCP and UDP traffic through port forwarding
C. sending TCP-only traffic through a smart tunnel
D. sending TCP-only traffic through port forwarding
E. establishing a Winsock 2 connection between the client and the server through port forwarding
F. establishing a Winsock 2 connection between the client and the server through smart tunnels ActualTests.com
Correct Answer: CDF
QUESTION 86
Which of these statements is true about EIGRP?
A. It conserves network bandwidth by using periodic, incremental updates to propagate network changes to its neighbors.
B. It can install up to eight equal-cost paths to a given destination in its routing table.
C. It is possible for two EIGRP routers to become neighbors even if the hello and hold timers do not match.
D. EIGRP updates can be sent between two discontiguous autonomous systems via a virtual link. “Pass Any Exam. Any Time.” – www.actualtests.com 33
E. EIGRP packets can be both authenticated and encrypted to ensure that the information exchange is reliable and confidential.
Correct Answer: A
QUESTION 87
Which three of these are performed by both RADIUS and TACACS+ servers? (Choose three.)
A. login authentication
B. EXEC authorization
C. command authorization
D. EXEC accounting
E. command accounting
Correct Answer: ABD
QUESTION 88
CustomerA wants to synchronize the time on all its routers using NTP. CustomerA knows the NTP master is at address 1.1.1.1, and is using MD5 authentication with a password of “cisco123.” Assuming timezone settings are already configured, which four of these commands does the customer need to configure on each router to correctly synchronize the device with the NTP master? (Choose four.)
A. ntp encryption md5
B. ntp server 1.1.1.1 key 1
C. ntp authenticate
D. ntp trusted-key 1 ActualTests.com
E. ntp enable
F. ntp authentication-key 1 md5 cisco123
Correct Answer: BCDF

QUESTION 89
Which two statements about RADIUS are true? (Choose two.)
A. The RADIUS server must use TCP for its connection to the NAS.
B. The RADIUS server must use UDP for its connection to the NAS.
C. The NAS connection to the RADIUS server encrypts the entire packet, but the header is unencrypted.
“Pass Any Exam. Any Time.” – www.actualtests.com 34
D. The NAS connection to the RADIUS server encrypts the password in an Access-Request packet only.
E. The NAS connection to the RADIUS server encrypts the password in the Accounting-Request packet only
Correct Answer: BD
QUESTION 90
Which of these communications mechanisms can be used between Cisco Security Device Manager (SDM) and a Cisco router in addition to HTTP or HTTPS to read and write the router configurations?
A. Telnet/SSH
B. FTP/Telnet/SSH
C. SFTP/Telnet/SSH
D. FTP/SSH
E. SFTP/SSH
Correct Answer: A
QUESTION 91
When configuring a Cisco adaptive security appliance in multiple context mode, which one of these capabilities is supported?
A. multicast
B. dynamic routing protocols
C. VPN configurations ActualTests.com
D. static routes
Correct Answer: D
QUESTION 92
Hypertext Transfer Protocol (HTTP) version 1.1 introduced several improvements over HTTP 1.0, which resulted in improved performance (faster page displays) for end users. Which three of these of these enhancements were added to the HTTP 1.1 protocol over the HTTP 1.0 protocol? (Choose three.)
A. GET requests “Pass Any Exam. Any Time.” – www.actualtests.com 35
B. persistent connections
C. selective acknowledgements
D. chunked encoding
E. HTTP pipelining
Correct Answer: BDE

QUESTION 93
The BPDU guard feature disables which kind of port when the port receives a BPDU packet?
A. any port
B. nonegotiate port
C. access port
D. PortFast port
E. root port
Correct Answer: D
QUESTION 94
A DNS server that responds to query messages with information stored in Resource Records (RRs) for a
domain name space stored on the server is known as which of these?
A. LDAP resolver
B. recursive resolver
C. zone
D. authoritative server
E. local server ActualTests.com
Correct Answer: D
QUESTION 95
The Sarbanes-Oxley (SOX) act is a United States federal law that was enacted in July, 2002. SOX was introduced to provide which two of these? (Choose two.)
A. confidentiality and integrity of customer records and information
B. corporate fraud accountability
C. security standards that protect healthcare patient data
D. confidentiality of personal health information “Pass Any Exam. Any Time.” – www.actualtests.com 36
E. assurance of the accuracy of financial records
Correct Answer: BE
QUESTION 96
Which of these standards replaced 3DES?
A. PKI
B. Blowfish
C. RC4
D. SHA-1
E. AES
F. MD5
Correct Answer: E
QUESTION 97
The communication between Cisco Configuration Professional and a Cisco router is secured using which of these?
A. IPsec
B. ESP
C. SSL
D. GDOI
E. Cisco proprietary encryption
Correct Answer: C

QUESTION 98
What does this log message indicate?
4w6d: %PM-4-ERR_DISABLE: Psecure-Violation Error Detected on Gi3/2, Putting Gi3/2 in Err- Disable State
A. The port has been disabled because the traffic rate limit has been exceeded.
B. The port has been temporarily disabled because the broadcast packet limit has been exceeded.
C. The port has been disabled because the MAC address limit has been exceeded.
D. The port has been disabled due to a DHCP OFFER packet. “Pass Any Exam. Any Time.” – www.actualtests.com 37
E. The port has been disabled due to detection of a gratuitous ARP packet.
F. The port has been disabled due to an invalid MAC address.
Correct Answer: F
QUESTION 99
LEAP authentication is provided by which of these?
A. hashing of the password before sending
B. user-level certificates
C. PAC exchange
D. modified MS-CHAP
E. TACACS+
Correct Answer: D
QUESTION 100
Which IPv6 Interior Gateway Protocol (IGP) relies entirely on IPsec to secure communications between neighbors?
A. EIGRPv6
B. OSPFv3
C. RIPv6
D. IS-IS
Correct Answer: B
QUESTION 101
Identity NAT translates which of these?
A. the source IP address to the interface IP address
B. the local IP address to a global IP address
C. an IP address to itself
D. the destination IP address to an RFC 1918 address
E. the local IP address to a DNS-resolved IP address
F. the global IP address to a local IP address
Correct Answer: C
QUESTION 102
Cisco Secure ACS server will forward the events for all of these log files to Cisco Security MARS except which one?
A. Failed Attempts
B. TACACS+ Accounting
C. RADIUS Accounting
D. Passed Authentications
Correct Answer: B
QUESTION 103
CustomerA has set up a central syslog server to receive all syslog messages from its routers. The IP address of this central server is 1.1.1.1, and the customer wants all messages of level “error” and above to be sent there. In addition, it wants all messages of level “warning” and above to be stored locally on the router. Assuming logging is already enabled, which three commands on the router would accomplish these goals? (Choose three.)
A. logging host 1.1.1.1 level errors
B. logging buffered warnings
C. logging device 1.1.1.1
D. logging buffer enable
E. logging host 1.1.1.1
F. logging facility local-buffer
G. logging trap errors ActualTests.com
Correct Answer: BEG
QUESTION 104
What is the function of the switch(config-if)# switchport port-security mac-address sticky command?
A. allows the switch to restrict the MAC addresses on the switch port based on the static MAC addresses configured in the startup configuration
B. allows the administrator to manually configure the secured MAC addresses on the switch port
C. allows the switch to permanently store the secured MAC addresses in the MAC address table (CAM table) “Pass Any Exam. Any Time.” – www.actualtests.com 39
D. allows the switch to perform sticky learning, in which the dynamically learned MAC addresses are copied from the MAC address table (CAM table) to the startup configuration
E. allows the switch to dynamically learn the MAC addresses on the switch port and the MAC addresses will be added to the running configuration
Correct Answer: E
QUESTION 105
What is the default TCP port used to remotely manage a Cisco Secure ACS v4.x software application server?
A. 2000
B. 2001
C. 2002
D. 2005
E. 2020
Correct Answer: C

CCNA Cisco 350-018 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 350-018.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 350-018 to the text and laying out a complete study plan for review.CCNA Cisco 350-018 also includes a wealth of hands-on practice exercises and a copy of the CCNA Cisco 350-018 network simulation software that allows you to practice your CCNA Cisco 350-018 hands-on skills in a virtual lab environment.The CCNA Cisco 350-018 supporting website keeps you fully informed of any exam changes

Cisco 350-018 Questions And Answers, Buy Discount Cisco 350-018 Exam Q&As Latest Version PDF&VCE

Nowdays,Flydumps has published the newest Cisco 350-018 exam dumps with free vce test software and pdf dumps,and the latest Cisco 350-018 question answers ensure you 100% pass and money bcak guarantee.

QUESTION 54
The key lengths for DES and 3DES, respectively, are:
A. 128 bits and 256 bits.
B. 128 bits and 384 bits.
C. 1024 bits and 3072 bits.
D. 64 bits and 192 bits.
E. 56 bits and 168 bits.
F. 128 bytes and 384 bytes.

Correct Answer: E
QUESTION 55
When enrolling a Cisco IOS router to a CA server using the SCEP protocol, which one of the following is NOT a required step?
A. Configure an ip domain-name on the router
B. Generate the RSA key pairs on the router.
C. Define the crypto pki trustpoint on the router.
D. Authenticate the CA server’s certificate.
E. Import the server certificate to the router using TFTP.

Correct Answer: E
QUESTION 56
RFC 2827 ingress filtering is used to help prevent which type of attacks?
A. Syn Flood.
B. Source IP address spoofing
C. Overlapping IP Fragments.
D. Tiny IP Fragments
E. Land.C
F. Network Reconnaissance.

Correct Answer: B
QUESTION 57
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?
A. ASA syn protection
B. ASA ICMP application inspection.
C. CSA quarantine lists.
D. IPS syn attack signatures.
E. Cisco Guard
Correct Answer: C
QUESTION 58
Cisco Clean Access ensures that computers connecting to your network have which of the following?
A. No vulnerable applications or operating systems
B. No viruses or worms
C. Appropriate security applications and patch levels.
D. Current ips signatures.
E. Cisco Security Agent

Correct Answer: C QUESTION 59
The following ip protocols and ports are commonly used in IPSec protocols.
A. IP protocol 50 and 51, UDP port 500 and 4500
B. UDP ports 50, 51, 500, and 4500
C. TCP ports 50, 51, 500, and 4500
D. IP protocols 50, 51, 500, and 4500
E. IP protocols 50 and 51, UDP port 500, and TCP port 4500

Correct Answer: A QUESTION 60
Refer to the Exhibit. Router R1 is stuck in 2-WAY state with neighbors R2 and R3. As a result R1 has an incomplete routing table. To troubleshoot the issue, the show and debug commands in the exhibit are entered on R1. Based on the output of these commands what is the most likely cause of this problem?

A. The hello timers on the segment between these routers do not match.
B. All the routers on the Ethernet segment have been configured with “ip ospf priority 0”
C. R1 can not form an adjacency with R2 or R3 because it does not have a matching authentication key.
D. The Ethernet 0/0 interfaces on these routers are missing the “ip ospf network broadcast” command.
E. The Ethernet 0/0 interfaces on R1 has been configured with the command, “ip ospf network non-broadcast”.

Correct Answer: B
QUESTION 61
Based on the following partial configuration shown, which statement is true?
interface FastEthernet0/1 switchport access vlan 100 switchport mode access dot1x port-control auto dot1x guest-vlan 10
A. vlan 10, the guest vlan is also known as the restricted vlan
B. client without an 802.1x supplicant connecting to port fa0/1 will be assigned to the vlan 10
C. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan
10.
D. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan 100
E. EAP over LAN frames will flow over VLAN 10

Correct Answer: B
QUESTION 62
Referring to the network diagram and the partial router’s configuration shown, which packet will be permitted by ACL 101?

A. Any TCP packets with the initial SYN or ACK bit set destined to a host on the 10.2.1.0/24 subnet.
B. A HTTP packet with the SYN bit set destined to a host on the 10.2.1.0/24 subnet.
C. A TFTP packet with the RST bit set destined to a host on the 10.2.1.0/24 subnet.
D. An ICMP echo-reply packet destined to a host on the 10.2.1.0/24 subnet
E. Any TCP packet with the ACK bit set destined to a host on the 10.2.1.0/24 subnet.
F. Any TCP return traffic destined to a host on the 10.2.1.0/24 subnet that matches a corresponding outgoing TCP connection in the router’s firewall state table.

Correct Answer: E
QUESTION 63
What is the function of the switch(config-if)# switchport port-security mac-address sticky comand?
A. allows the switch to restrict the MAC addresses on the switchport based on the static MAC addresses configured in the startup configuration.
B. allows the administrator to manually configured the secured MAC addresses on the switchport.
C. allows the switch to permanently store the secured MAC addresses in the MAC Address Table (CAM Table)
D. allows the switch to perform sticky learning where the dynamically learned MAC addresses are copied from the MAC Address Table (CAM Table) to the startup configuration.
E. allows the switch to dynamically learn the MAC addresses on the switchport and the MAC addresses will be added to the running configuration.

Correct Answer: E
QUESTION 64
Drop

A.
B.
C.
D.

Correct Answer:
QUESTION 65
Which statement below is true about the command “nat control” on the ASA?
A. It requires traffic originating from the inside interface to match a NAT translation rule to pass through the firewall on the outside interface.
B. It allows traffic originating from the inside interface to pass through the firewall on the outside interface without a NAT translation rule being matched.
C. It requires traffic passing through the firewall on interfaces of the security level to match a NAT translation rule.
D. It allows traffic originating from the outside interface to pass through the firewall on the inside interface without a NAT translation rule being matched.

Correct Answer: A
QUESTION 66
What is the most probable cause of the SSH debug messages?

A. Unsupported cipher
B. bad password
C. wrong user
D. SSH client not supported

Correct Answer: B QUESTION 67
What statement is true concerning PAT?
A. PAT keeps ports but rewrites address.
B. PAT provides access control.
C. PAT rewrites the source address and port.
D. PAT is the preferred method to map servers to external networks.

Correct Answer: C QUESTION 68
When configuring system state conditions with the Cisco Security Agent, what is the resulting action when configuring more than one system state condition?
A. Any matching state condition will result with the state being triggered.
B. Once a state condition is met, the system ceases searching further conditions and will cause the state condition to trigger.
C. All specified state conditions are used as part of the requirements to be met to for the state to trigger.
D. Once the state conditions are met, they become persistent and can only be removed using the Reset feature.

Correct Answer: C QUESTION 69
Which of the following is the correct diagram for an IPsec Authentication Header?
A. C

Correct Answer: A QUESTION 70
In the example shown, Host A has attempted a D-COM attack using metasploit form Host A to Host B. Which answer best describes how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose 3)

A. CS-MARS will collect the syslog and the IPS alerts based on time.
B. The IPS event will suggest that an attack may have occurred because a signature was triggered.
C. IPS and ASA will use the Unified Threat Management protocol to determine that both devices saw the attack.
D. ASA will see the attack in both directions and will be able to determine if an attack was successful.
E. The syslog connection built event will indicate that an attack is likely because a TCP syn and an ack followed the attempted attack.
Correct Answer: ABE
QUESTION 71
Drop A.

B.
C.
D.

Correct Answer:
QUESTION 72
When implementing internet standards you are required to follow RFC’s processes and procedures based on what RFC?
A. RFC 1769 and mere publications.
B. Real standards of RFC 1918
C. RFC 1669 real standards and mere publications.
D. Real standards and mere publications RFC 1769
E. None of the above.

Correct Answer: E
QUESTION 73
Which two of followings are correct regarding the Cisco Trust Agent (CTA)? (Choose two.)
A. Available on Windows operating systems only.
B. Provides the capability at the endpoint to apply QoS markings to application network traffic as specified by Cisco Trust Agent policy rules.
C. Can communicate the Cisco Security Agent (CSA) version, OS and patch version, as well as the presence, version, and other posture information of third-party applications that are part of the NAC initiative to the Authentication Server.
D. Includes both a Layer 3 communication component using EAP over UDP, as well as an 802.1x supplicant, allowing layer 2 EAP over LAN communications.
E. Resides between the applications and the Operating System Kernel to prevent day zero attacks.

Correct Answer: CD
QUESTION 74
ASDM on the ASA platform is executed as:
A. An active-x application or a java script application.
B. A java script application and a PHP application
C. A fully compiled NET framework applicaton.
D. A fully operational Visual Basic applicaton.
E. A java applet running in the context of your browser or a stand alone application using the java run-time environment.

Correct Answer: E
QUESTION 75
With the Cisco’s IOS Authentication Proxy feature, users can initiate network access via which three protocols? (Choose three)
A. IPSec
B. HTTP/HTTPS
C. L2TP
D. FTP
E. TELNET
F. SSH

Correct Answer: BDE

This volume is part of the Exam Certification Guide Series from Cisco 350-018.Cisco 350-018 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 350-018 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Cisco 350-018 exam day nears.

The Updated Latest Cisco 350-018 Download with All New Questions And Answers – 100% Free VCE Files

Exam A
QUESTION 1
SSL stands for Secure Sockets Layer, though IETF has renamed it TLS (Transport Layer Security). TLS is documented in RFC 2246 and identifies itself in the protocol version field as SSL 3.1. When initiating a new SSL/TLS session, the client receives the server SSL certificate and validates it. What does the client use the certificate for after validating it?
A. The server creates a separate session key and sends it to the client. The client has to decrypt the session key using the server public key from the certificate.
B. The client creates a separate session key and encrypts it with the server public key from the certificate before sending it to the server.
C. Nothing, the client and server switch to symmetric encryption using IKE to exchange keys.
D. The client generates a random string, encrypts it with the server public key from the certificate, and sends it to the server. Both the client and server derive the session key from the random data sent by the client.
Correct Answer: D
QUESTION 2
After entering debug ip packet, no messages appear on your Telnet session. What is the likely cause?
A. OSPF routing is required.
B. The console port does not support debug output.
C. The terminal monitor command is required.
D. IP packets are not supported with the debug command.
Correct Answer: C
QUESTION 3
Comparing symmetric ciphers to asymmetric ciphers, which statement is not correct?
A. Symmetric ciphers are less computationally intensive. “First Test, First Pass” – www.lead2pass.com 131 Cisco 350-018 Exam
B. Asymmetric ciphers are in general more difficult to break.
C. Asymmetric ciphers require a shared secret called the private key.
D. Symmetric ciphers are faster.
Correct Answer: C
QUESTION 4
Which two statements indicate how Cisco IPS Sensor Software Version 5.0 differs from Version 4.0? (Choose two.)
A. The sensor pushes events to the monitoring system.
B. The sensor supports intrusion prevention functionality
C. The monitoring system pulls events from the sensor.
D. The sensor software calculates a risk rating for alerts to reduce false positives.
Correct Answer: BD
QUESTION 5
On the basis of the Cisco ASA Software Version 7.x configuration. Which scenario best describes the reason you would deploy this configuration on your Cisco ASA adaptive security appliance?

A. to ensure that any HTTP session that has a URL with the string “X-Counter” or “X-Session” is reset and logged
B. to ensure that HTTP traffic follows RFC compliance “First Test, First Pass” – www.lead2pass.com 132 Cisco 350-018 Exam
C. to ensure that any HTTP session that has a URL with the string “X-Counter” or “X-Session” is blocked and logged
D. to ensure that connections from any custom web applications that use “X-Counter” or “X- Session” are reset and logged
Correct Answer: D
QUESTION 6
When managing a Cisco IOS device by use of Cisco SDM, which configuration statement is necessary to be able to use Cisco SDM?
A. ip http server
B. ip http secure-server sdm location X.X.X.X
C. ip http secure-server
D. ip http server sdm location X.X.X.X
Correct Answer: A

QUESTION 7
SNMP is restricted on Cisco routers by what IOS command?
A. snmp-server enable
B. snmp-server community string
C. snmp-server ip-address
D. snmp-server no access permitted
Correct Answer: B
QUESTION 8
Which two statements best describe the reason that TACACS+ is more desirable from a security standpoint than RADIUS? (Choose two.)
A. It encrypts the password field with a unique key between server and requester.
B. It uses TCP as its transport
C. It uses UDP as its transport.
D. Encrypting the whole data payload is optional.
Correct Answer: BD
QUESTION 9
Which three statements are correct concerning AES? (Choose three.)
A. AES is faster to compute than 3DES.
B. AES is not subject to known-plaintext attacks, while DES is subject to them.
C. AES is a block cipher, while 3DES and DES are stream ciphers.
D. AES can be used with longer keys than 3DES. “First Test, First Pass” – www.lead2pass.com 133 Cisco 350-018 Exam
Correct Answer: ABD
QUESTION 10
The AS5300 series router can support which of the following incoming connections?
A. Voice
B. Dialup users via PSTN
C. ISDN
D. All the above
Correct Answer: D

Take Your Cisco 350-018 All New Questions And Answers Download Guarantee You 100% Pass

Exam A
QUESTION 1
Which two of these Cisco Catalyst security features offer the best ways to prevent ARP cache poisoning? (Choose two.)
A. Dynamic ARP Inspection
B. port security
C. MAC address notification
D. DHCP snooping
E. PortFast
F. 802.1x authentication
Correct Answer: AD
QUESTION 2
Which one of the following is not a valid RADIUS packet type?
A. access-reject
B. access-response
C. access-challenge
D. access-reply
E. access-accept
Correct Answer: B
QUESTION 3
Which two of these statements about SMTP and ESMTP are the most correct? (Choose two.) ActualTests.com
A. Open mail relays are often used for spamming.
B. ESMTP does not provide more security features than SMTP.
C. SMTP provides authenticated e-mail sending.
D. Worms often spread via SMTP.
Correct Answer: AD
QUESTION 4

Refer to the exhibit. Which three of the following statements are correct? (Choose three.)
A. The exhibit shows an example of a NAC Framework network.
B. The exhibit shows an example of a NAC Appliance network.
C. The network utilizes in-band admission control.
D. The network utilizes out-of-band admission control.
E. Cisco NAC Appliance Agent is used to verify end-user PC compliance with the security policy
F. Cisco Trust Agent is used to verify end-user PC compliance with the security policy.
Correct Answer: BCE
QUESTION 5

Referring to the partial debug output shown in the exhibit, which of these values is contained inside the brackets [4] in line 1?
“Pass Any Exam. Any Time.” – www.actualtests.com 3
A. RADIUS identifier field value
B. RADIUSattribute type value
C. RADIUS VSA number
D. RADIUS VSA length
E. vendor ID

Correct Answer: B
QUESTION 6
What is the net effect of using ICMP type 4 messages to attack RFC 1122-compliant hosts?
A. Hosts will perform a soft TCP reset and restart the connection.
B. Hosts will perform a hard TCP reset and tear down the connection.
C. Hosts will reduce the rate at which they inject traffic into the network.
D. Hosts will redirect packets to the IP address indicated in the ICMP type 4message.
E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message.
Correct Answer: C
QUESTION 7

ActualTests.com
Refer to the exhibit. Switch SW2 has just been added to Fa0/23 on SW1. After a few seconds, interface Fa0/23 on SW1 is placed in the error-disabled state. SW2 is removed from port 0/23 and inserted into SWI port Fa0/22 with the same result. What is the most likely cause of this problem?
“Pass Any Exam. Any Time.” – www.actualtests.com 4
A. The spanning-tree PortFast feature has been configured on SW1.
B. BPDU filtering has been enabled either globally or on the interfaces of SW1.
C. The BPDU guard feature has been enabled on the Fast Ethernet interfaces of SW1.
D. The Fast Ethernet interfaces of SW1 are unable to autonegotiate speed and duplex with SW2.
E. PAgP is unable to correctly negotiate VLAN trunk characteristics on the link between SWI and SW2.

Correct Answer: C
QUESTION 8
ASDM on the Cisco ASA adaptive security appliance platform is executed as which of the following?
A. an ActiveX application or a JavaScript application
B. a JavaScript application and a PHP application
C. a fully compiled .Net Framework application
D. a fully operational Visual Basic application
E. a Java applet or a standalone application using the Java Runtime Environment
Correct Answer: D
QUESTION 9
After the client opens the command channel (port 21) to the FTP server and requests passive mode, what will be the next step?
A. The FTP server sends back an ACK to the client.
B. The FTP server allocates a port to use for the data channel and transmits that port number to ActualTests.com the client.
C. The FTP server opens the data channel to the client using the port number indicated by the client.
D. The FTP client opens the data channel to the FTP server on port 20.
E. The FTP client opens the data channel to the FTP server on port 21.
Correct Answer: B
QUESTION 10
In ISO 27001 ISMS, which three of these certification process phases are required to collect information for ISO 27001? (Choose three.)
“Pass Any Exam. Any Time.” – www.actualtests.com 5
A. discover
B. certification audit
C. post-audit
D. observation
E. pre-audit
F. major compliance
Correct Answer: BCE

Cisco 350-018 Exam Certification With All New Questions And Answers Flydumps Download Guarantee You 100% Pass

Exam A
QUESTION 1
In an L2TP voluntary tunneling scenario, the VPDN tunel is terminated between:
A. The client and the NAS.
B. The NAS and the LNS.
C. The NAS and the LAC.
D. The client and the LNS.
Correct Answer: D
QUESTION 2
Which IOS QoS mechanism is used strictly to rate limit traffic destined to the router itself?
A. Class-Based Policing
B. Control Plane Policing
C. Dual-Rate Policier
D. Single-Rate Policier.
Correct Answer: B
QUESTION 3
What are two key characteristics of VTP? (Choose 2)
A. VTP messages are sent out all switch-switch connections.
B. VTP L2 messages are communicated to neighbors using CDP.
C. VTP manages addition, deletion, and renaming of VLANs 1 to 4094.
D. VTP pruning restricts flooded traffic, increasing available bandwidth.
E. VTP V2 can only be used in a domain consisting of V2 capable switches.
F. VTP V2 performs consistency checks on all sources of VLAN information.
Correct Answer: DE
QUESTION 4
A network administrator is using a LAN analyzer to troubleshoot OSPF router exchange messages sent to ALL OSPF ROUTERS. To what MAC address are these messages sent?
A. 00-00-1C-EF-00-00
B. 01-00-5E-00-00-05
C. 01-00-5E-EF-00-00
D. EF-FF-FF-00-00-05
E. EF-00-00-FF-FF-FF
F. FF-FF-FF-FF-FF-FF
Correct Answer: B
QUESTION 5
Drop A.

B.
C.
D.
Correct Answer: QUESTION 6
What is Chain of Evidence in the context of security forensics?
A. The concept that evidence is controlled in locked down, but not necessarily authenticated.
B. The concept that evidence is controlled and accounted for as to not disrupt its authenticity and integrity.
C. The concept that the general whereabouts of evidence is known.
D. The concept that if a person has possession of evidence someone knows where the evidence is and can say who had it if it is not logged

Correct Answer: B QUESTION 7
In most buffer overflow attacks, which of the following behavior should be expected?
A. A vulnerability used to overflow the buffer and an exploit used to run malicious software off of the stack.
B. An exploit used to overflow the buffer and a vulnerability used to run malicious software off of the stack.
C. A single crafted packet to overflow the buffer and run malicious software.
D. Shell code to exploit the buffer.

Correct Answer: A QUESTION 8
Which of the following is the most effective technique to prevent source IP Address spoofing?
A. policy based routing (PBR)
B. unicast reverse path forwarding (uRPF)
C. lock and key ACL
D. RFC 1918 filtering
E. IP source routing

Correct Answer: B
QUESTION 9
Whenever a failover takes place on the ASA (configured for failover), all active connections are dropped and clients must re-establish their connections unless:(Choose 2)
A. The ASA is configured for Active-Standby failover.
B. The ASA is configured for Active-Active failover.
C. The ASA is configured for Active-Active failover and a state failover link has been configured.
D. The ASA is configured for Active-Standby failover and a state failover link has been configured.
E. The ASA is configured to use a serial cable as failover link.
F. The ASA is configured for LAN-Based failover.
Correct Answer: CD
QUESTION 10
CSA protects your host by:
A. Preventing browsers from opening network sockets in listening state.
B. Preventing buffer overflows.
C. Preventing users from entering unencrypted passwords.
D. Preventing browsers from acting as client to web servers.
Correct Answer: A