Top 21 study guides 350-018 for IT candidates (295 to 315)

350-018 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

https://www.2passeasy.com/dumps/350-018/

Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.

2016 Mar 350-018 Study Guide Questions:

Q295. Which two EIGRP packet types are considered to be unreliable packets? (Choose two.) 

A. update 

B. query 

C. reply 

D. hello 

E. acknowledgement 

Answer: DE 


Q296. When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.) 

A. TKIP uses an advanced encryption scheme based on AES. 

B. TKIP provides authentication and integrity checking using CBC-MAC. 

C. TKIP provides per-packet keying and a rekeying mechanism. 

D. TKIP provides message integrity check. 

E. TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset. 

F. TKIP uses a 48-bit initialization vector. 

Answer: CDF 


Q297. Which three fields are part of the AH header? (Choose three.) 

A. Source Address 

B. Destination Address 

C. Packet ICV 

D. Protocol ID 

E. Application Port 

F. SPI identifying SA 

G. Payload Data Type Identifier 

Answer: CFG 


Q298. Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in the Cisco ISE solution? (Choose three.) 

A. VLAN 

B. voice VLAN 

C. dACL name 

D. voice domain permission 

E. SGT 

Answer: ACD 


Q299. Refer to the exhibit. 


Which statement about this Cisco Catalyst switch 802.1X configuration is true? 

A. If an IP phone behind the switch port has an 802.1X supplicant, MAC address bypass will still be used to authenticate the IP Phone. 

B. If an IP phone behind the switch port has an 802.1X supplicant, 802.1X authentication will be used to authenticate the IP phone. 

C. The authentication host-mode multi-domain command enables the PC connected behind the IP phone to bypass 802.1X authentication. 

D. Using the authentication host-mode multi-domain command will allow up to eight PCs connected behind the IP phone via a hub to be individually authentication using 802.1X. 

Answer: B 


Q300. IPsec SAs can be applied as a security mechanism for which three options? (Choose three.) 

A. Send 

B. Mobile IPv6 

C. site-to-site virtual interfaces 

D. OSPFv3 

E. CAPWAP 

F. LWAPP 

Answer: BCD 


Q301. What feature on the Cisco ASA is used to check for the presence of an up-to-date antivirus vendor on an AnyConnect client? 

A. Dynamic Access Policies with no additional options 

B. Dynamic Access Policies with Host Scan enabled 

C. advanced endpoint assessment 

D. LDAP attribute maps obtained from Antivirus vendor 

Answer: B 


350-018 practice test

Improved 350-018 book:

Q302. Which IPsec protocol provides data integrity but no data encryption? 

A. AH 

B. ESP 

C. SPI 

D. DH 

Answer: A 


Q303. Which two statements are true when comparing ESMTP and SMTP? (Choose two.) 

A. Only SMTP inspection is provided on the Cisco ASA firewall. 

B. A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server. 

C. ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support. 

D. SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case. 

E. ESMTP servers can identify the maximum email size they can receive by using the SIZE command. 

Answer: CE 


Q304. Which two statements about an authoritative server in a DNS system are true? (Choose two.) 

A. It indicates that it is authoritative for a name by setting the AA bit in responses. 

B. It has a direct connection to one of the root name servers. 

C. It has a ratio of exactly one authoritative name server per domain. 

D. It cannot cache or respond to queries from domains outside its authority. 

E. It has a ratio of at least one authoritative name server per domain. 

Answer: AE 


Q305. According to RFC-5426, syslog senders must support sending syslog message datagrams to which port? 

A. TCP port 514 

B. UDP port 514 

C. TCP port 69 

D. UDP port 69 

E. TCP port 161 

F. UDP port 161 

Answer: B 


Q306. Refer to the exhibit. 


Which option describes the behavior of this configuration? 

A. Traffic from the 30.30.0.0/16 network to the 10.10.0.0/32 network will be translated. 

B. Traffic from the 30.30.0.0/32 network to the 10.10.0.0/16 network will not be translated. 

C. Traffic from the 10.10.0.0/16 network to the 30.30.30.0/24 network will not be translated. 

D. Traffic from the 10.10.0.0/32 network to the 30.30.30.0/16 network will be translated. 

Answer: C 


Q307. Which two of the following provide protect against man-in-the-middle attacks? (Choose two.) 

A. TCP initial sequence number randomization? 

B. TCP sliding-window checking 

C. Network Address Translation 

D. IPsec VPNs 

E. Secure Sockets Layer 

Answer: DE 


Q308. Management Frame Protection is available in two deployment modes, Infrastructure and Client. Which three statements describe the differences between these modes? (Choose three.) 

A. Infrastructure mode appends a MIC to management frames. 

B. Client mode encrypts management frames. 

C. Infrastructure mode can detect and prevent common DoS attacks. 

D. Client mode can detect and prevent common DoS attacks. 

E. Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients. 

Answer: ABD 


350-018 download

Downloadable 350-018 torrent:

Q309. crypto gdoi group gdoi_group identity number 1234 server local sa receive-only sa ipsec 1 profile gdoi-p match address ipv4 120 

Which statement about the above configuration is true? 

A. The key server instructs the DMVPN spoke to install SAs outbound only. 

B. The key server instructs the GDOI group to install SAs inbound only. 

C. The key server instructs the DMVPN hub to install SAs outbound only. 

D. The key server instructs the GDOI spoke to install SAs inbound only. 

Answer: B 


Q310. Which statement is true about IKEv2 preshared key authentication between two peers? 

A. IKEv2 allows usage of different preshared keys for local and remote authentication. 

B. IKEv2 allows usage of only one preshared key. 

C. IKEv2 allows usage of only one preshared key and only in hub-and-spoke topology. 

D. IKEv2 does not allow usage of preshared key authentication. 

Answer: A 


Q311. Which three IPv6 tunneling methods are point-to-multipoint in nature? (Choose three.) 

A. automatic 6to4 

B. manually configured 

C. IPv6 over IPv4 GRE 

D. ISATAP 

E. automatic IPv4-compatible 

Answer: ADE 


Q312. What transport protocol and port are used by GDOI for its IKE sessions that are established between the group members and the key server? 

A. UDP port 848 

B. TCP port 848 

C. ESP port 51 

D. SSL port 443 

E. UDP port 4500 

Answer: A 


Q313. Which transport type is used by the DHCP protocol? 

A. UDP ports 67 and 69 

B. TCP ports 67 and 68 

C. UDP and TCP port 67 

D. UDP ports 67 and 68 

Answer: A 


Q314. Refer to the exhibit. 


Which option correctly identifies the point on the exhibit where Control Plane Policing (input) is applied to incoming packets? 

A. point 6 

B. point 7 

C. point 4 

D. point 1 

E. points 5 and 6 

Answer: A 


Q315. Which three statements about the keying methods used by MACSec are true? (Choose three.) 

A. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA. 

B. A valid mode for SAP is NULL. 

C. MKA is implemented as an EAPoL packet exchange. 

D. SAP is enabled by default for Cisco TrustSec in manual configuration mode. 

E. SAP is not supported on switch SVIs. 

F. SAP is supported on SPAN destination ports. 

Answer: BCE