Flydumps Cisco 350-018 exam questions and answers in PDF are prepared by our expert, Moreover,they are based on the recommended syllabus covering all the Cisco 350-018 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Cisco 350-018 exam content is regularly updated and has been checked for accuracy by our team of Cisco expert professionals.
QUESTION 56
Which three statements are true about the Cisco ASA object configuration below? (Choose three.)
object network vpnclients range 10.1.100.4 10.1.100.10
object network vpnclients nat (outside,outside) dynamic interface
A. The NAT configuration in the object specifies a PAT rule.
B. This configuration requires the command same-security-traffic inter-interface for traffic that matches this NAT rule to pass through the Cisco ASA appliance.
C. The NAT rule of this object will be placed in Section 1 (Auto-NAT) of the Cisco ASA NAT table.
D. This configuration is most likely used to provide Internet access to connected VPN clients.
E. Addresses in the range will be assigned during config-mode.
Correct Answer: ACD
QUESTION 57
Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in the Cisco ISE solution? (Choose three.)
A. VLAN
B. voice VLAN
C. dACL name
D. voice domain permission
E. SGT
Correct Answer: ACD
QUESTION 58
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)
A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.
Correct Answer: CD
QUESTION 59
Which three new capabilities were added to HTTP v1.1 over HTTP v1.0? (Choose three.)
A. chunked transfer encoding
B. HTTP pipelining
C. POST method
D. HTTP cookies
E. keepalive mechanism
Correct Answer: ABE
QUESTION 60
Which option is the correct definition for MAB?
A. MAB is a process where the switch will send an authentication request on behalf of the endpoint that is attempting to access the network, using the mac-address of the device as the credentials. The authentication server evaluates that MAC address against a list of devices permitted to access the network without a stronger authentication.
B. MAB is a process where the switch will check a local list of MAC addresses to identify systems that are permitted network access without using 802.1X.
C. MAB is a process where the supplicant on the endpoint is configured to send the MAC address of the endpoint as its credentials.
D. MAB is the process of checking the mac-address-table on the local switch for the sticky address. If the mac-address of the device attempting to access the network matches the configured sticky address, it will be permitted to bypass 1X authentication.
Correct Answer: A
QUESTION 61
Which three statements are true about the Cisco NAC Appliance solution? (Choose three.)
A. In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server.
B. In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco router using the “NAC discovery-host” global configuration command.
C. In a VRF-style OOB deployment of the Cisco NAC Appliance, the discovery host may be the IP address that is on the trusted side of the Cisco NAC Appliance Server.
D. In a Layer 3 IB deployment of the Cisco NAC Appliance, the discovery host may be configured as the IP address of the Cisco NAC Appliance Manager.
Correct Answer: ACD
QUESTION 62
SNMP is restricted on Cisco routers by what IOS command?
A. snmp-server enable
B. snmp-server community string
C. snmp-server ip-address
D. snmp-server no access permitted
Correct Answer: B
QUESTION 63
Which four Cisco IOS features are used to implement First Hop Security in IPv6? (Choose four.)
A. IPv6 First-Hop Security Binding Table
B. IPv6 Device Tracking
C. IPv6 RA Guard
D. SeND
E. IPv6 Selective Packet Discard
F. IPv6 Source Guard
Correct Answer: ABCD
QUESTION 64
Refer to the exhibit, which shows a partial output of the show command. Which statement best describes the problem?
A. Context vpn1 is not inservice.
B. There is no gateway that is configured under context vpn1.
C. The config has not been properly updated for context vpn1.
D. The gateway that is configured under context vpn1 is not inservice.
Correct Answer: A
QUESTION 65
Which of these is a core function of the risk assessment process?
A. performing regular network upgrades
B. performing network optimization
C. performing network posture validation
D. establishing network baselines
E. prioritizing network roll-outs
Correct Answer: C
QUESTION 66
Review the exhibit. Which three statements about the Cisco IPS sensor are true? (Choose three.)
A. A
B. B
C. C
D. D
E. E
Correct Answer: ACE
QUESTION 67
Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)
A. confidentiality and integrity of customer records and credit card information
B. accountability in the event of corporate fraud
C. financial information handled by entities such as banks, and mortgage and insurance brokers
D. assurance of the accuracy of financial records
E. US Federal government information
F. security standards that protect healthcare patient data
Correct Answer: BD QUESTION 68
An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?
A. NAT overload
B. NAT extendable
C. NAT TCP load balancing
D. NAT service-type DNS
E. NAT port-to-application mapping
Correct Answer: B
QUESTION 69
Refer to the exhibit. Which three command sets are required to complete this IPv6 IPsec site-to-site VTI? (Choose three.)
A. interface Tunnel0 tunnel mode ipsec ipv6
B. crypto isakmp-profile match identity address ipv6 any
C. interface Tunnel0 ipv6 enable
D. ipv6 unicast-routing
E. interface Tunnel0 ipv6 enable-ipsec
Correct Answer: ACD
QUESTION 70
Whenever a failover takes place on the ASA running in failover mode, all active connections are dropped and clients must re-establish their connections unless: (Choose two.)
A. the ASA is configured for Active-Active failover
B. the ASA is configured for LAN-Based failover
C. the ASA is configured to use a serial cable as the failover link
D. the ASA is configured for Active-Standby failover and a state failover link has been configured
E. the ASA is configured for Active-Active failover and a state failover link has been configured
F. the ASA is configured for Active-Standby failover
Correct Answer: DE
QUESTION 71
Which current RFC made RFCs 2409, 2407, and 2408 obsolete?
A. RFC 4306
B. RFC 2401
C. RFC 5996
D. RFC 4301
E. RFC 1825
Correct Answer: C
QUESTION 72
Which QoS marking is only locally significant on a Cisco router?
A. MPLS EXP
B. DSCP
C. QoS group
D. IP precedence
E. traffic class
F. flow label
Correct Answer: C
QUESTION 73
Refer to the exhibit. Which option correctly identifies the point on the exhibit where Control Plane Policing (input) is applied to incoming packets?
A. point 6
B. point 7
C. point 4
D. point 1
E. points 5 and 6
Correct Answer: A
QUESTION 74
A Cisco ASA adaptive security appliance configured in multiple context mode supports which three of these features? (Choose three.)
A. VPN
B. NAT
C. IPv6 traffic filtering
D. multicast
E. failover
Correct Answer: BCE QUESTION 75
Which three control plane subinterfaces are available when implementing Cisco IOS Control Plane Protection? (Choose three.)
A. CPU
B. host
C. fast-cache
D. transit
E. CEF-exception
F. management
Correct Answer: BDE
QUESTION 76
Management Frame Protection is available in two deployment modes, Infrastructure and Client. Which three statements describe the differences between these modes? (Choose three.)
A. Infrastructure mode appends a MIC to management frames.
B. Client mode encrypts management frames.
C. Infrastructure mode can detect and prevent common DoS attacks.
D. Client mode can detect and prevent common DoS attacks.
E. Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients.
Correct Answer: ABD
QUESTION 77
Which three object tracking options are supported by Cisco IOS policy-based routing? (Choose three.)
A. absence of an entry in the routing table
B. existence of a CDP neighbor relationship
C. existence of an entry in the routing table
D. results of an SAA operation
E. state of the line protocol of an interface
Correct Answer: CDE
QUESTION 78
Which four protocols are supported by Cisco IOS Management Plane Protection? (Choose four.)
A. Blocks Extensible Exchange Protocol (BEEP)
B. Hypertext Transfer Protocol Secure (HTTPS)
C. Secure Copy Protocol (SCP)
D. Secure File Transfer Protocol (SFTP)
E. Secure Shell (SSH)
F. Simple Network Management Protocol (SNMP)
Correct Answer: ABEF
QUESTION 79
Which three statements regarding Cisco ASA multicast routing support are correct? (Choose three.)
A. The ASA supports both PIM-SM and bi-directional PIM.
B. When configured for stub multicast routing, the ASA can act as the Rendezvous Point (RP)
C. The ASA can be configured for IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring the multicast traffic to be forwarded only those interfaces associated with hosts requesting the multicast group.
D. Enabling multicast routing globally on the ASA automatically enables PIM and IGMP on all interfaces.
E. ASA supports both stub multicast routing and PIM multicast routing. However, you cannot configure both concurrently on a single security appliance.
F. If the ASA detects IGMP version 1 routers, the ASA will automatically switch to IGMP version 1 operation.
Correct Answer: ADE
QUESTION 80
According ISO27001 ISMS, which of the following are mandatory documents? (Choose four.)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Correct Answer: ABCD
QUESTION 81
If an administrator is unable to connect to a Cisco ASA adaptive security appliance via Cisco ASDM, all of these would be useful for the administrator to check except which one?
A. The HTTP server is enabled.
B. The administrator IP is permitted in the interface ACL.
C. The administrator IP is permitted in the HTTP statement.
D. The ASDM file resides on flash memory.
E. The asdm image command exists in the configuration.
Correct Answer: B
QUESTION 82
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?
A. ASA syn protection
B. ASA ICMP application inspection
C. CSA quarantine lists
D. IPS syn attack signatures
E. Cisco Guard
Correct Answer: C
QUESTION 83
You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?
A. ipv6 port-map port telnet 223
B. ipv6 port-map port 23 port 23223
C. ipv6 port-map telnet port 23 233
D. ipv6 port-map telnet port 223
Correct Answer: D
QUESTION 84
Which statement in reference to IPv6 multicast is true?
A. PIM dense mode is not part of IPv6 multicast.
B. The first 12 bits of an IPv6 multicast address are always FF.
C. IPv6 multicast uses Multicast Listener Discovery (MLD).
D. IPv6 multicast requires Multicast Source Discovery Protocol (MSDP).
Correct Answer: C
QUESTION 85
What does qos pre-classify provides in regard to implementing QoS over GRE/IPSec VPN tunnels?
A. enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption, based on fields in the inner IP header.
B. enables IOS to classify packets based on the ToS field in the inner (original) IP header.
C. enables IOS to classify packets based on the ToS field in the outer tunnel IP header.
D. enables IOS to copy the ToS field from the inner (original) IP header to the outer tunnel IP header.
E. enables the IOS classification engine to only see a single encrypted and tunneled flow to reduce classification complexity.
Correct Answer: A
QUESTION 86
Which IOS QoS mechanism is used strictly to rate limit traffic destined to the router itself?
A. Single-Rate Policier
B. Control Plane Policing
C. Dual-Rate Policier
D. Class-Based Policing
Correct Answer: B
QUESTION 87
Which of the following statements are true regarding hashing? (Choose two.)
A. SHA-256 is an extension to SHA-1 with a longer output
B. SHA-1 is stronger than MD5 because it can be used with a key to prevent modification
C. MD5 takes more CPU cycles to compute than SHA-1
D. MD5 produces a 160-bit result
E. Changing 1 bit of the input to SHA-1 changes 1 bit of the output
Correct Answer: AE
QUESTION 88
What would be the biggest challenge to a hacker writing a man-in-the-middle attack aimed at VPN tunnels using digital certificates for authentication?
A. Programmatically determining the private key so they can proxy the connection between the two VPN endpoints.
B. Determining the ISAKMP credentials when passed to establish the key exchange.
C. Determining the pase two credentials used to establish the tunnel attributes.
D. Decrypting and encrypting 3DES once keys are known.
Correct Answer: A
QUESTION 89
Multicast addresses in the range of 224.0.0.0 through 224.0.0.244 are reserved for:
A. Administratively Scoped multicast traffic that is intended to remain inside of a private network and is never intended to be transmitted into the Internet.
B. Global Internet multicast traffic intended to travel throughout the Internet.
C. Link-local multicast traffic consisting of network control messages that never leave the local subnet.
D. Any valid multicast data stream.
Correct Answer: C
QUESTION 90
In RFC 2138 (RADIUS), vendor specific attributes (VSA) are specified. Specifically, this is called VSA 26 (attribute 26). These allow vendors to support their own extended options. Cisco’s vendor ID is 9. Which of the following commands tell the Cisco IOS to use and understand VSA’s? (Choose three.)
A. radius-server vsa send
B. radius-server vsa send authentication
C. radius-server vsa send accounting
D. ip radius-server vsa send
Correct Answer: ABC
We provide thoroughly reviewed Cisco 350-018 using the training resources which are the best for Cisco 350-018,and to get certified by Cisco Windows Store apps.It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 350-018 content and to print and share content.