Cisco 350-018 Questions And Answers, Buy Discount Cisco 350-018 Exam Q&As Latest Version PDF&VCE

Nowdays,Flydumps has published the newest Cisco 350-018 exam dumps with free vce test software and pdf dumps,and the latest Cisco 350-018 question answers ensure you 100% pass and money bcak guarantee.

QUESTION 54
The key lengths for DES and 3DES, respectively, are:
A. 128 bits and 256 bits.
B. 128 bits and 384 bits.
C. 1024 bits and 3072 bits.
D. 64 bits and 192 bits.
E. 56 bits and 168 bits.
F. 128 bytes and 384 bytes.

Correct Answer: E
QUESTION 55
When enrolling a Cisco IOS router to a CA server using the SCEP protocol, which one of the following is NOT a required step?
A. Configure an ip domain-name on the router
B. Generate the RSA key pairs on the router.
C. Define the crypto pki trustpoint on the router.
D. Authenticate the CA server’s certificate.
E. Import the server certificate to the router using TFTP.

Correct Answer: E
QUESTION 56
RFC 2827 ingress filtering is used to help prevent which type of attacks?
A. Syn Flood.
B. Source IP address spoofing
C. Overlapping IP Fragments.
D. Tiny IP Fragments
E. Land.C
F. Network Reconnaissance.

Correct Answer: B
QUESTION 57
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?
A. ASA syn protection
B. ASA ICMP application inspection.
C. CSA quarantine lists.
D. IPS syn attack signatures.
E. Cisco Guard
Correct Answer: C
QUESTION 58
Cisco Clean Access ensures that computers connecting to your network have which of the following?
A. No vulnerable applications or operating systems
B. No viruses or worms
C. Appropriate security applications and patch levels.
D. Current ips signatures.
E. Cisco Security Agent

Correct Answer: C QUESTION 59
The following ip protocols and ports are commonly used in IPSec protocols.
A. IP protocol 50 and 51, UDP port 500 and 4500
B. UDP ports 50, 51, 500, and 4500
C. TCP ports 50, 51, 500, and 4500
D. IP protocols 50, 51, 500, and 4500
E. IP protocols 50 and 51, UDP port 500, and TCP port 4500

Correct Answer: A QUESTION 60
Refer to the Exhibit. Router R1 is stuck in 2-WAY state with neighbors R2 and R3. As a result R1 has an incomplete routing table. To troubleshoot the issue, the show and debug commands in the exhibit are entered on R1. Based on the output of these commands what is the most likely cause of this problem?

A. The hello timers on the segment between these routers do not match.
B. All the routers on the Ethernet segment have been configured with “ip ospf priority 0”
C. R1 can not form an adjacency with R2 or R3 because it does not have a matching authentication key.
D. The Ethernet 0/0 interfaces on these routers are missing the “ip ospf network broadcast” command.
E. The Ethernet 0/0 interfaces on R1 has been configured with the command, “ip ospf network non-broadcast”.

Correct Answer: B
QUESTION 61
Based on the following partial configuration shown, which statement is true?
interface FastEthernet0/1 switchport access vlan 100 switchport mode access dot1x port-control auto dot1x guest-vlan 10
A. vlan 10, the guest vlan is also known as the restricted vlan
B. client without an 802.1x supplicant connecting to port fa0/1 will be assigned to the vlan 10
C. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan
10.
D. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan 100
E. EAP over LAN frames will flow over VLAN 10

Correct Answer: B
QUESTION 62
Referring to the network diagram and the partial router’s configuration shown, which packet will be permitted by ACL 101?

A. Any TCP packets with the initial SYN or ACK bit set destined to a host on the 10.2.1.0/24 subnet.
B. A HTTP packet with the SYN bit set destined to a host on the 10.2.1.0/24 subnet.
C. A TFTP packet with the RST bit set destined to a host on the 10.2.1.0/24 subnet.
D. An ICMP echo-reply packet destined to a host on the 10.2.1.0/24 subnet
E. Any TCP packet with the ACK bit set destined to a host on the 10.2.1.0/24 subnet.
F. Any TCP return traffic destined to a host on the 10.2.1.0/24 subnet that matches a corresponding outgoing TCP connection in the router’s firewall state table.

Correct Answer: E
QUESTION 63
What is the function of the switch(config-if)# switchport port-security mac-address sticky comand?
A. allows the switch to restrict the MAC addresses on the switchport based on the static MAC addresses configured in the startup configuration.
B. allows the administrator to manually configured the secured MAC addresses on the switchport.
C. allows the switch to permanently store the secured MAC addresses in the MAC Address Table (CAM Table)
D. allows the switch to perform sticky learning where the dynamically learned MAC addresses are copied from the MAC Address Table (CAM Table) to the startup configuration.
E. allows the switch to dynamically learn the MAC addresses on the switchport and the MAC addresses will be added to the running configuration.

Correct Answer: E
QUESTION 64
Drop

A.
B.
C.
D.

Correct Answer:
QUESTION 65
Which statement below is true about the command “nat control” on the ASA?
A. It requires traffic originating from the inside interface to match a NAT translation rule to pass through the firewall on the outside interface.
B. It allows traffic originating from the inside interface to pass through the firewall on the outside interface without a NAT translation rule being matched.
C. It requires traffic passing through the firewall on interfaces of the security level to match a NAT translation rule.
D. It allows traffic originating from the outside interface to pass through the firewall on the inside interface without a NAT translation rule being matched.

Correct Answer: A
QUESTION 66
What is the most probable cause of the SSH debug messages?

A. Unsupported cipher
B. bad password
C. wrong user
D. SSH client not supported

Correct Answer: B QUESTION 67
What statement is true concerning PAT?
A. PAT keeps ports but rewrites address.
B. PAT provides access control.
C. PAT rewrites the source address and port.
D. PAT is the preferred method to map servers to external networks.

Correct Answer: C QUESTION 68
When configuring system state conditions with the Cisco Security Agent, what is the resulting action when configuring more than one system state condition?
A. Any matching state condition will result with the state being triggered.
B. Once a state condition is met, the system ceases searching further conditions and will cause the state condition to trigger.
C. All specified state conditions are used as part of the requirements to be met to for the state to trigger.
D. Once the state conditions are met, they become persistent and can only be removed using the Reset feature.

Correct Answer: C QUESTION 69
Which of the following is the correct diagram for an IPsec Authentication Header?
A. C

Correct Answer: A QUESTION 70
In the example shown, Host A has attempted a D-COM attack using metasploit form Host A to Host B. Which answer best describes how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose 3)

A. CS-MARS will collect the syslog and the IPS alerts based on time.
B. The IPS event will suggest that an attack may have occurred because a signature was triggered.
C. IPS and ASA will use the Unified Threat Management protocol to determine that both devices saw the attack.
D. ASA will see the attack in both directions and will be able to determine if an attack was successful.
E. The syslog connection built event will indicate that an attack is likely because a TCP syn and an ack followed the attempted attack.
Correct Answer: ABE
QUESTION 71
Drop A.

B.
C.
D.

Correct Answer:
QUESTION 72
When implementing internet standards you are required to follow RFC’s processes and procedures based on what RFC?
A. RFC 1769 and mere publications.
B. Real standards of RFC 1918
C. RFC 1669 real standards and mere publications.
D. Real standards and mere publications RFC 1769
E. None of the above.

Correct Answer: E
QUESTION 73
Which two of followings are correct regarding the Cisco Trust Agent (CTA)? (Choose two.)
A. Available on Windows operating systems only.
B. Provides the capability at the endpoint to apply QoS markings to application network traffic as specified by Cisco Trust Agent policy rules.
C. Can communicate the Cisco Security Agent (CSA) version, OS and patch version, as well as the presence, version, and other posture information of third-party applications that are part of the NAC initiative to the Authentication Server.
D. Includes both a Layer 3 communication component using EAP over UDP, as well as an 802.1x supplicant, allowing layer 2 EAP over LAN communications.
E. Resides between the applications and the Operating System Kernel to prevent day zero attacks.

Correct Answer: CD
QUESTION 74
ASDM on the ASA platform is executed as:
A. An active-x application or a java script application.
B. A java script application and a PHP application
C. A fully compiled NET framework applicaton.
D. A fully operational Visual Basic applicaton.
E. A java applet running in the context of your browser or a stand alone application using the java run-time environment.

Correct Answer: E
QUESTION 75
With the Cisco’s IOS Authentication Proxy feature, users can initiate network access via which three protocols? (Choose three)
A. IPSec
B. HTTP/HTTPS
C. L2TP
D. FTP
E. TELNET
F. SSH

Correct Answer: BDE

This volume is part of the Exam Certification Guide Series from Cisco 350-018.Cisco 350-018 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 350-018 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Cisco 350-018 exam day nears.