Cisco 350-018 Real Questions Answers, The Most Effective Cisco 350-018 Exam Guide With Accurate Answers

Now,Flydumps has publised the new version of Cisco 350-018 exam dumps with new added exam questions.Also the latest Cisco 350-018 PDF and VCE dumps with VCE test engine for free download,and the new Cisco 350-018 practice tests ensure your exam 100% pass.Visit to get more exam dumps!

A router has this configuration on one of its interfaces:

interface FastEthernet0/0
ip address

“Pass Any Exam. Any Time.” – 24
How would the router treat a packet with a destination address of

A. directly connected unicast
B. remote subnet unicast
C. directed broadcast
D. directed multicast
E. limited broadcast
Correct Answer: C
Prior to installing the Cisco IOS IPS version 5.0 signature package on a router for the first time, what must be done?
A. All signatures must be unretired.
B. All signatures must be enabled.
C. Cisco IOS IPS must be applied to an interface.
D. The Cisco IPS Public Crypto Key must be installed on the router.
E. The PostOffice parameters must be configured.
Correct Answer: D
Which four types of violations can be investigated using a security forensic process? (Choose four.)
A. Compliance
B. Intrusion
C. Asset
D. Access
E. Risk
F. Policy
Correct Answer: ABDF
A Cisco ASA adaptive security appliance configured in multiple context mode supports which three of these features? (Choose three.)
“Pass Any Exam. Any Time.” – 25
C. IPv6 traffic filtering
D. multicast
E. failover
Correct Answer: BCE
The Control Plane Policing (CoPP) feature allows users to configure a quality of service (OoS) filter that manages the traffic flow of control plane packets. The filter protects the control plane of Cisco IOS devices against reconnaissance and denial of service (DoS) attacks. The Control Plane Policing feature requires the Modular Quality of Service (OoS) Command-Line interface (CLI) (MQC) to configure packet classification and policing. Which two MQC actions are supported in policy maps?
A. police and transit
B. police and drop
C. cef-exception and drop
D. default and drop
E. police and transmit
Correct Answer: B
Which of these authentication combinations would provide the highest level of security for an IPsec remote-access VPN client?
A. pre-shared key and xauth (RADIUS server)
B. certificate and xauth (local server)
C. certificate and xauth (RSA SecurID token)
D. pre-shared key and xauth (RSA SecurID token)
E. pre-shared key and xauth (local server)
F. certificate and xauth (RADIUS server)
Correct Answer: F
“Pass Any Exam. Any Time.” – 26
A customer has Cisco IOS Firewall deployed. Even though the customer has FTP inspection enabled,
inspection does not appear to be working for FTP services running on a non-standard port of 21000.
Which feature can the customer enable to help resolve this?

A. ExtendableStatic NAT Port Translation
B. Cisco IOS Flexible Packet Matching
C. Firewall Application Inspection and Control
D. Firewall Application Layer Gateway
E. Port-to-Application Mapping
Correct Answer: E
Which three of these situations warrant engagement of a Security Incident Response team? (Choose three.)
A. loss of data confidentiality/integrity
B. damage to computer/network resources
C. denial of service (DoS)
D. computer or network misuse/abuse
E. pornographic blogs/websites
Correct Answer: ABC
Refer to the exhibit. The Cisco IOS Software-based switches are configured with VTP and VLANs as shown. The network administrator wants to quickly add the VLANs defined on SW1 to the configuration of SW2. Therefore, the administrator copies the vlan.dat file from the flash memory on SW1 to the flash memory of SW2. After the file is copied to SW2, it is rebooted. What is the VLAN status of SW2 after the reboot?
A. The VLAN information on SW2 will remain the same because it has been configured for transparent VTP mode. “Pass Any Exam. Any Time.” – 27
B. SW2 will clear the vlan.dat file and load its VLAN information from the configuration file stored in NVRAM.
C. A VTP mode mismatch will occur, causing the VLANS in the startup configuration to be ignored and all VLANs above 1005 to be erased.
D. The VLANs in the vlan.dat file will be copied to the running configuration and merged with the extended VLANs defined in the startup configuration.
E. All VLANs will be erased and all ports will be moved into the default VLAN 1.
Correct Answer: D

Refer to the exhibit. If Router1 receives a packet from LAN 1 with a destination IP address of, what happens to the packet?
A. Router1 drops the packet due to ARP failure.
B. Router1 drops the packet due to inverse ARP failure.
C. Router1 drops the packet, because there is no route to the destination.
D. Router1 forwards the packet onto the PPP link, but the packet gets dropped on Router2 because there is no route to the destination.
E. The packet loops between Router1 and Router2 until the TTL expires.

Correct Answer:
Which of these IPv6 messages should be filtered at the perimeter of your network if MIPv6 is not used?
A. ICMP Node Information Query (Type 139)
B. Type 2 Routing Header (RH2) (Type 43)
C. ICMPv6 Multicast Listener Report (Type 131)
D. Inverse Neighbor Discovery Solicitation Message (Type 141)
Correct Answer: B
Unicast Reverse Path Forwarding (Unicast RPF) is a protection mechanism that can be used against which of these?
A. TCP session hijacking attacks
B. brute-force attacks
C. teardrop attacks
D. password attacks
E. birthday attacks
F. spoofing attacks
Correct Answer: F
Which of these command sequences will send an email [email protected] using SMTP?
A. MAILFROM:<[email protected]> RCPT TO:<[email protected]> DATA
B. HELO MAIL TO:<[email protected]> MESSAGE END
C. HELO MAIL FROM:<[email protected]> RCPT TO:<[email protected]> BODY
D. MAILFROM:<[email protected]> RCPT TO:<[email protected]> MESSAGE
Correct Answer: A
Which of these statements is true about the SSH login banner for SSHv1 and v2 connections?
A. It is not displayed. “Pass Any Exam. Any Time.” – 29
B. It is displayed before you log into the device.
C. It is displayed after you log into the device.
D. It can be displayed only after the SSH client sends the username.
E. It is not supported.
Correct Answer: B
OSPF uses multicast addresses to send hello packets and routing updates using which of these protocols/ ports?
A. IP protocol 17
B. TCP port 179
C. UDP port 520
D. TCP port 87
E. IP protocol 87
F. IP protocol 89
Correct Answer: F

What is the default username and password set for Cisco Security Device Manager (SDM)?
A. sdm/sdm
B. sdm/cisco C. cisco/sdm
D. cisco/cisco
E. cisco/cisco123
Correct Answer: D
All of these are valid Cisco IOS AAA login authentication methods except which one?
A. none
B. kerberos
C. enable
D. local-case “Pass Any Exam. Any Time.” – 30
E. group radius
F. group tacacs+
Correct Answer: B
Communication between Cisco Security Device Manager (SDM) and a Cisco router is secured using which of these?
A. IPsec
E. Cisco proprietary encryption
Correct Answer: B
Which four of these are characteristics of a Cisco Network Intrusion Prevention System (IPS)? (Choose four.)
A. can provide the ability to drop the initial packet of an attack
B. analyzes a copy of the traffic on the network
C. can support TCP normalization
D. can change network traffic en route
E. cannot support TCP normalization
F. usually provides signature-based analysis
Correct Answer: ACDF
Which three of these are among the implicit IPv6 ACL rules in Cisco IOS allowing ICMPv6 neighbor discovery? (Choose three.)
A. permit icmp any any nd-na
B. deny icmp any any nd-na
C. permit icmp any any nd-ns
D. deny icmp any any nd-nn “Pass Any Exam. Any Time.” – 31
E. permit ipv6 any any
F. deny ipv6 any any
Correct Answer: ACF
Which three of these make use of a certificate as part of the protocol? (Choose three.)
Correct Answer: BCD
DNS Security Extension (DNSSEC) adds security functionality to the Domain Name System for which three purposes? (Choose three.)
A. origin authentication of DNS data
B. protection against denial of service (DoS) attacks
C. integrated data encryption using ESP
D. inclusion of the authorization flag in the DNS lookup
E. providing of confidentiality of data
F. data integrity
Correct Answer: ADF
You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?
A. ipv6 port-map port telnet 223
B. ipv6 port-map port 23 port 23223
C. ipv6 port-map telnet port 23 233 “Pass Any Exam. Any Time.” – 32
D. ipv6 port-map telnet port 223
Correct Answer: D
The Extension Mechanisms for DNS (EDNS0) header bit is now required to support larger DNS message sizes for which of these reasons?
A. to allow walking of the Resource Record Signature (RRSIG) for a domain name space
B. to ensure that the authority section is always present
C. to enable lookup for IPv6 AAAA records
D. to enable lookup for DNSSEC resource records
E. to provide a place for TXT resource records larger than 900 bytes
Correct Answer: D
The SSL VPN implementation on a Cisco ASA adaptive security appliance supports which three of these features? (Choose three.)
A. sending TCP and UDP traffic through a smart tunnel
B. sending TCP and UDP traffic through port forwarding
C. sending TCP-only traffic through a smart tunnel
D. sending TCP-only traffic through port forwarding
E. establishing a Winsock 2 connection between the client and the server through port forwarding
F. establishing a Winsock 2 connection between the client and the server through smart tunnels
Correct Answer: CDF
Which of these statements is true about EIGRP?
A. It conserves network bandwidth by using periodic, incremental updates to propagate network changes to its neighbors.
B. It can install up to eight equal-cost paths to a given destination in its routing table.
C. It is possible for two EIGRP routers to become neighbors even if the hello and hold timers do not match.
D. EIGRP updates can be sent between two discontiguous autonomous systems via a virtual link. “Pass Any Exam. Any Time.” – 33
E. EIGRP packets can be both authenticated and encrypted to ensure that the information exchange is reliable and confidential.
Correct Answer: A
Which three of these are performed by both RADIUS and TACACS+ servers? (Choose three.)
A. login authentication
B. EXEC authorization
C. command authorization
D. EXEC accounting
E. command accounting
Correct Answer: ABD
CustomerA wants to synchronize the time on all its routers using NTP. CustomerA knows the NTP master is at address, and is using MD5 authentication with a password of “cisco123.” Assuming timezone settings are already configured, which four of these commands does the customer need to configure on each router to correctly synchronize the device with the NTP master? (Choose four.)
A. ntp encryption md5
B. ntp server key 1
C. ntp authenticate
D. ntp trusted-key 1
E. ntp enable
F. ntp authentication-key 1 md5 cisco123
Correct Answer: BCDF

Which two statements about RADIUS are true? (Choose two.)
A. The RADIUS server must use TCP for its connection to the NAS.
B. The RADIUS server must use UDP for its connection to the NAS.
C. The NAS connection to the RADIUS server encrypts the entire packet, but the header is unencrypted.
“Pass Any Exam. Any Time.” – 34
D. The NAS connection to the RADIUS server encrypts the password in an Access-Request packet only.
E. The NAS connection to the RADIUS server encrypts the password in the Accounting-Request packet only
Correct Answer: BD
Which of these communications mechanisms can be used between Cisco Security Device Manager (SDM) and a Cisco router in addition to HTTP or HTTPS to read and write the router configurations?
A. Telnet/SSH
B. FTP/Telnet/SSH
C. SFTP/Telnet/SSH
Correct Answer: A
When configuring a Cisco adaptive security appliance in multiple context mode, which one of these capabilities is supported?
A. multicast
B. dynamic routing protocols
C. VPN configurations
D. static routes
Correct Answer: D
Hypertext Transfer Protocol (HTTP) version 1.1 introduced several improvements over HTTP 1.0, which resulted in improved performance (faster page displays) for end users. Which three of these of these enhancements were added to the HTTP 1.1 protocol over the HTTP 1.0 protocol? (Choose three.)
A. GET requests “Pass Any Exam. Any Time.” – 35
B. persistent connections
C. selective acknowledgements
D. chunked encoding
E. HTTP pipelining
Correct Answer: BDE

The BPDU guard feature disables which kind of port when the port receives a BPDU packet?
A. any port
B. nonegotiate port
C. access port
D. PortFast port
E. root port
Correct Answer: D
A DNS server that responds to query messages with information stored in Resource Records (RRs) for a
domain name space stored on the server is known as which of these?
A. LDAP resolver
B. recursive resolver
C. zone
D. authoritative server
E. local server
Correct Answer: D
The Sarbanes-Oxley (SOX) act is a United States federal law that was enacted in July, 2002. SOX was introduced to provide which two of these? (Choose two.)
A. confidentiality and integrity of customer records and information
B. corporate fraud accountability
C. security standards that protect healthcare patient data
D. confidentiality of personal health information “Pass Any Exam. Any Time.” – 36
E. assurance of the accuracy of financial records
Correct Answer: BE
Which of these standards replaced 3DES?
B. Blowfish
C. RC4
D. SHA-1
F. MD5
Correct Answer: E
The communication between Cisco Configuration Professional and a Cisco router is secured using which of these?
A. IPsec
E. Cisco proprietary encryption
Correct Answer: C

What does this log message indicate?
4w6d: %PM-4-ERR_DISABLE: Psecure-Violation Error Detected on Gi3/2, Putting Gi3/2 in Err- Disable State
A. The port has been disabled because the traffic rate limit has been exceeded.
B. The port has been temporarily disabled because the broadcast packet limit has been exceeded.
C. The port has been disabled because the MAC address limit has been exceeded.
D. The port has been disabled due to a DHCP OFFER packet. “Pass Any Exam. Any Time.” – 37
E. The port has been disabled due to detection of a gratuitous ARP packet.
F. The port has been disabled due to an invalid MAC address.
Correct Answer: F
LEAP authentication is provided by which of these?
A. hashing of the password before sending
B. user-level certificates
C. PAC exchange
D. modified MS-CHAP
Correct Answer: D
Which IPv6 Interior Gateway Protocol (IGP) relies entirely on IPsec to secure communications between neighbors?
C. RIPv6
Correct Answer: B
Identity NAT translates which of these?
A. the source IP address to the interface IP address
B. the local IP address to a global IP address
C. an IP address to itself
D. the destination IP address to an RFC 1918 address
E. the local IP address to a DNS-resolved IP address
F. the global IP address to a local IP address
Correct Answer: C
Cisco Secure ACS server will forward the events for all of these log files to Cisco Security MARS except which one?
A. Failed Attempts
B. TACACS+ Accounting
C. RADIUS Accounting
D. Passed Authentications
Correct Answer: B
CustomerA has set up a central syslog server to receive all syslog messages from its routers. The IP address of this central server is, and the customer wants all messages of level “error” and above to be sent there. In addition, it wants all messages of level “warning” and above to be stored locally on the router. Assuming logging is already enabled, which three commands on the router would accomplish these goals? (Choose three.)
A. logging host level errors
B. logging buffered warnings
C. logging device
D. logging buffer enable
E. logging host
F. logging facility local-buffer
G. logging trap errors
Correct Answer: BEG
What is the function of the switch(config-if)# switchport port-security mac-address sticky command?
A. allows the switch to restrict the MAC addresses on the switch port based on the static MAC addresses configured in the startup configuration
B. allows the administrator to manually configure the secured MAC addresses on the switch port
C. allows the switch to permanently store the secured MAC addresses in the MAC address table (CAM table) “Pass Any Exam. Any Time.” – 39
D. allows the switch to perform sticky learning, in which the dynamically learned MAC addresses are copied from the MAC address table (CAM table) to the startup configuration
E. allows the switch to dynamically learn the MAC addresses on the switch port and the MAC addresses will be added to the running configuration
Correct Answer: E
What is the default TCP port used to remotely manage a Cisco Secure ACS v4.x software application server?
A. 2000
B. 2001
C. 2002
D. 2005
E. 2020
Correct Answer: C

CCNA Cisco 350-018 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 350-018.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 350-018 to the text and laying out a complete study plan for review.CCNA Cisco 350-018 also includes a wealth of hands-on practice exercises and a copy of the CCNA Cisco 350-018 network simulation software that allows you to practice your CCNA Cisco 350-018 hands-on skills in a virtual lab environment.The CCNA Cisco 350-018 supporting website keeps you fully informed of any exam changes