The Updated Latest Cisco 350-018 Download with All New Questions And Answers – 100% Free VCE Files

Exam A
QUESTION 1
SSL stands for Secure Sockets Layer, though IETF has renamed it TLS (Transport Layer Security). TLS is documented in RFC 2246 and identifies itself in the protocol version field as SSL 3.1. When initiating a new SSL/TLS session, the client receives the server SSL certificate and validates it. What does the client use the certificate for after validating it?
A. The server creates a separate session key and sends it to the client. The client has to decrypt the session key using the server public key from the certificate.
B. The client creates a separate session key and encrypts it with the server public key from the certificate before sending it to the server.
C. Nothing, the client and server switch to symmetric encryption using IKE to exchange keys.
D. The client generates a random string, encrypts it with the server public key from the certificate, and sends it to the server. Both the client and server derive the session key from the random data sent by the client.
Correct Answer: D
QUESTION 2
After entering debug ip packet, no messages appear on your Telnet session. What is the likely cause?
A. OSPF routing is required.
B. The console port does not support debug output.
C. The terminal monitor command is required.
D. IP packets are not supported with the debug command.
Correct Answer: C
QUESTION 3
Comparing symmetric ciphers to asymmetric ciphers, which statement is not correct?
A. Symmetric ciphers are less computationally intensive. “First Test, First Pass” – www.lead2pass.com 131 Cisco 350-018 Exam
B. Asymmetric ciphers are in general more difficult to break.
C. Asymmetric ciphers require a shared secret called the private key.
D. Symmetric ciphers are faster.
Correct Answer: C
QUESTION 4
Which two statements indicate how Cisco IPS Sensor Software Version 5.0 differs from Version 4.0? (Choose two.)
A. The sensor pushes events to the monitoring system.
B. The sensor supports intrusion prevention functionality
C. The monitoring system pulls events from the sensor.
D. The sensor software calculates a risk rating for alerts to reduce false positives.
Correct Answer: BD
QUESTION 5
On the basis of the Cisco ASA Software Version 7.x configuration. Which scenario best describes the reason you would deploy this configuration on your Cisco ASA adaptive security appliance?

A. to ensure that any HTTP session that has a URL with the string “X-Counter” or “X-Session” is reset and logged
B. to ensure that HTTP traffic follows RFC compliance “First Test, First Pass” – www.lead2pass.com 132 Cisco 350-018 Exam
C. to ensure that any HTTP session that has a URL with the string “X-Counter” or “X-Session” is blocked and logged
D. to ensure that connections from any custom web applications that use “X-Counter” or “X- Session” are reset and logged
Correct Answer: D
QUESTION 6
When managing a Cisco IOS device by use of Cisco SDM, which configuration statement is necessary to be able to use Cisco SDM?
A. ip http server
B. ip http secure-server sdm location X.X.X.X
C. ip http secure-server
D. ip http server sdm location X.X.X.X
Correct Answer: A

QUESTION 7
SNMP is restricted on Cisco routers by what IOS command?
A. snmp-server enable
B. snmp-server community string
C. snmp-server ip-address
D. snmp-server no access permitted
Correct Answer: B
QUESTION 8
Which two statements best describe the reason that TACACS+ is more desirable from a security standpoint than RADIUS? (Choose two.)
A. It encrypts the password field with a unique key between server and requester.
B. It uses TCP as its transport
C. It uses UDP as its transport.
D. Encrypting the whole data payload is optional.
Correct Answer: BD
QUESTION 9
Which three statements are correct concerning AES? (Choose three.)
A. AES is faster to compute than 3DES.
B. AES is not subject to known-plaintext attacks, while DES is subject to them.
C. AES is a block cipher, while 3DES and DES are stream ciphers.
D. AES can be used with longer keys than 3DES. “First Test, First Pass” – www.lead2pass.com 133 Cisco 350-018 Exam
Correct Answer: ABD
QUESTION 10
The AS5300 series router can support which of the following incoming connections?
A. Voice
B. Dialup users via PSTN
C. ISDN
D. All the above
Correct Answer: D