350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 351-018 Actual Tests 191-200

By on April 26, 2015
Ensurepass  QUESTION 191 Which three statements about triple DES are true? (Choose three.)   A.      For 3DES, ANSI X9.52 describes three options for the selection of the keys in a bundle, where all keys are independent. B.      A 3DES key bundle is 192 bits long. C.      A 3DES keyspace is168 bits. D.      CBC, 64-bit CFB, OFB, and CTR are modes of 3DES. E.       Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 371-380

By on April 23, 2015
Ensurepass    QUESTION 371 When routing is configured on ASA, which statement is true?   A. If the default route is not present, then the routing table is checked. B. If the routing table has two matching entries, the packet is dropped. C. If routing table has two matching entries with same prefix length, the first entry is used. D. If routing table has two matching entries with different prefix lengths, the entry with the longer prefix length is used.   Correct Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 361-370

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">    QUESTION 361 Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)   A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path. B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor. C. Infrastructure ACLs are used to block-permit the transit Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 351-360

By on
Ensurepass  QUESTION 351 Which statement about SMTP is true?   A. SMTP uses UDP port 25. B. The POP protocol is used by the SMTP client to manage stored mail. C. The IMAP protocol is used by the SMTP client to retrieve and manage stored email. D. The mail delivery agent in the SMTP architecture is responsible for DNS lookup. E. SMTP uses TCP port 20.   Correct Answer: C     QUESTION 352 Which two statements about DHCP are true? (Choose two.)   A. Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 341-350

By on
Ensurepass  QUESTION 341 Which three statements about the RSA algorithm are true? (Choose three.)   A. The RSA algorithm provides encryption but not authentication. B. The RSA algorithm provides authentication but not encryption. C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption. D. The private key is never sent across after it is generated. E. The public key is used to decrypt the message that was encrypted by Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 331-340

By on
Ensurepass    QUESTION 331 Which statement about VLAN is true?   A. VLAN cannot be routed. B. VLANs 1006 through 4094 are not propagated by VTP. C. VLAN1 is a Cisco default VLAN that can be deleted. D. The extended-range VLANs cannot be configured in global configuration mode.   Correct Answer: B     QUESTION 332 Which two statements about OSPF authentication are true? (Choose two.)   A. OSPF authentication is required in area 0. B. There are Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 311-320

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">  QUESTION 311 Which statement about the above configuration is true?   crypto gdoi group gdoi_group identity number 1234 server local sa receive-only sa ipsec 1 profile gdoi-p match address ipv4 120   A. The key server instructs the DMVPN spoke to install SAs outbound only. B. The key server instructs the GDOI group to install SAs inbound only. Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 321-330

By on
Ensurepass  QUESTION 321 Which two statements about VTP passwords are true? (Choose two)   A. The VTP password can only be configured when the switch is in Server mode. B. The VTP password is sent in the summary advertisements.. C. The VTP password is encrypted for confidentiality using 3DES. D. VTP is not required to be configured on all switches in the domain. E. The VTP password is hashed to preserve authenticity using the MD5 algorithm. F. The VTP password can only Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 291-300

By on
Ensurepass  QUESTION 291 Which transport type is used by the DHCP protocol?   A. UDP ports 67 and 69 B. TCP ports 67 and 68 C. UDP and TCP port 67 D. UDP ports 67 and 68   Correct Answer: D     QUESTION 292 Which domain is used for a reverse lookup of IPv4 addresses?   A. in-addr.arpa B. ip4.arpa C. in-addr.net D. ip4.net   Correct Answer: A     QUESTION 293 Which port or ports are used for the FTP data channel in passive mode? Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 301-310

By on
Ensurepass  QUESTION 301 Which four functionalities are built into the ISE? (Choose four.)   A. Profiling Server B. Profiling Collector C. RADIUS AAA for Device Administration D. RADIUS AAA for Network Access E. TACACS+ for Device Administration F. TACACS+ for Network Access G. Guest Lifecycle Management   Correct Answer: ABDG     QUESTION 302 Which statement is correct about the Cisco IOS Control Plane Protection feature?   A. Control Plane Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 271-280

By on
Ensurepass  QUESTION 271 What is the advantage of using the ESP protocol over the AH?   A. data confidentiality B. data integrity verification C. nonrepudiation D. anti-replay protection   Correct Answer: A   QUESTION 272 What applications take advantage of a DTLS protocol?   A. delay-sensitive applications, such as voice or video B. applications that require double encryption C. point-to-multipoint topology applications D. applications that are Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 281-290

By on
Ensurepass  QUESTION 281 What are two reasons for a certificate to appear in a CRL? (Choose two.)   A. CA key compromise B. cessation of operation C. validity expiration D. key length incompatibility E. certification path invalidity   Correct Answer: AB     QUESTION 282 Which transport method is used by the IEEE 802.1X protocol?   A. EAPOL frames B. 802.3 frames C. UDP RADIUS datagrams D. PPPoE frames   Correct Answer: A     Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 251-260

By on
Ensurepass  QUESTION 251 Which two OSPF network types support the concept of a designated router? (Choose two.)   A. broadcast B. NBMA C. point-to-multipoint D. point-to-multipoint nonbroadcast E. loopback   Correct Answer: AB     QUESTION 252 Which IPv6 routing protocol can use IPv6 ESP and AH to provide integrity, authentication, and confidentiality services to protect the routing information exchange between the adjacent routing neighbors?   A. Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 261-270

By on
Ensurepass  QUESTION 261 Which algorithm is used to generate the IKEv2 session key?   A. Diffie-Hellman B. Rivest, Shamir, and Adleman C. Secure Hash Algorithm D. Rivest Cipher 4   Correct Answer: A     QUESTION 262 Which statement is true about IKEv2 and IKEv1?   A. IKEv2 can be configured to use EAP, but IKEv1 cannot. B. IKEv2 can be configured to use AES encryption, but IKEv1 cannot. C. IKEv2 can be configured to interoperate with IKEv1 on Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 241-250

By on
Ensurepass  QUESTION 241 Which two current RFCs discuss special use IP addresses that may be used as a checklist of invalid routing prefixes for IPv4 and IPv6 addresses? (Choose two.)   A. RFC 5156 B. RFC 5735 C. RFC 3330 D. RFC 1918 E. RFC 2827   Correct Answer: AB QUESTION 242 Which four options could be flagged as potential issues by a network security risk assessment? (Choose four.)   A. router hostname and IP addressing scheme B. router filtering Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 231-240

By on
Ensurepass  QUESTION 231 When you are configuring the COOP feature for GETVPN redundancy, which two steps are required to ensure the proper COOP operations between the key servers? (Choose two.)   A. Generate an exportable RSA key pair on the primary key server and export it to the secondary key server. B. Enable dead peer detection between the primary and secondary key servers. C. Configure HSRP between the primary and secondary key servers. D. Enable IPC between the primary Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 211-220

By on
Ensurepass  QUESTION 211 Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly?   A. dynamic-filter inspect tcp/80 B. dynamic-filter whitelist C. inspect botnet D. inspect dns dynamic-filter-snoop   Correct Answer: D         QUESTION 212 Refer to the exhibit. Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.     A. stateful Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 221-230

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">  QUESTION 221 Refer to the exhibit, which shows a partial configuration for the EzVPN server. Which three missing ISAKMP profile options are required to support EzVPN using DVTI? (Choose three.)     A. match identity group B. trustpoint C. virtual-interface D. keyring E. enable udp-encapsulation F. isakmp authorization list G. virtual-template Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 191-200

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">  QUESTION 191 Which three statements about triple DES are true? (Choose three.)   A. For 3DES, ANSI X9.52 describes three options for the selection of the keys in a bundle, where all keys are independent. B. A 3DES key bundle is 192 bits long. C. A 3DES keyspace is168 bits. D. CBC, 64-bit CFB, OFB, and CTR are modes of 3DES. E. 3DES involves encrypting Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 201-210

By on
Ensurepass  QUESTION 201 Which two options represent definitions that are found in the syslog protocol (RFC 5426)? (Choose two.)   A. Syslog message transport is reliable. B. Each syslog datagram must contain only one message. C. IPv6 syslog receivers must be able to receive datagrams of up to 1180 bytes. D. Syslog messages must be prioritized with an IP precedence of 7. E. Syslog servers must use NTP for the accurate time stamping of message arrival.   Correct Answer: Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 171-180

By on
Ensurepass  QUESTION 171 Which four protocols are supported by Cisco IOS Management Plane Protection? (Choose four.)   A. Blocks Extensible Exchange Protocol (BEEP) B. Hypertext Transfer Protocol Secure (HTTPS) C. Secure Copy Protocol (SCP) D. Secure File Transfer Protocol (SFTP) E. Secure Shell (SSH) F. Simple Network Management Protocol (SNMP)   Correct Answer: ABEF   QUESTION 172 Which four Cisco IOS features are used to implement First Hop Security in IPv6? Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 181-190

By on
Ensurepass  QUESTION 181 Which three statements are true about Cryptographically Generated Addresses for IPv6? (Choose three.)   A. They prevent spoofing and stealing of existing IPv6 addresses. B. They are derived by generating a random 128-bit IPv6 address based on the public key of the node. C. They are used for securing neighbor discovery using SeND. D. SHA or MD5 is used during their computation. E. The minimum RSA key length is 512 bits. F. The SHA-1 hash function Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 151-160

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">  QUESTION 151 Refer to the exhibit of an ISAKMP debug. Which message of the exchange is failing?     A. main mode 1 B. main mode 3 C. aggressive mode 1 D. main mode 5 E. aggressive mode 2   Correct Answer: B     QUESTION 152 Which Cisco IPS appliance feature can automatically adjust the risk rating of IPS events based on the Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 161-170

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">  QUESTION 161 Which three statements are true about the Cisco NAC Appliance solution? (Choose three.)   A. In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server. B. In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 131-140

By on
Ensurepass  QUESTION 131 Which multicast routing mechanism is optimal to support many-to-many multicast applications?   A. PIM-SM B. MOSPF C. DVMRP D. BIDIR-PIM E. MSDP   Correct Answer: D       QUESTION 132 Which three statements regarding VLANs are true? (Choose three.)   A. To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID and VLAN type must all be specifically configured by the administrator. B. A VLAN is a broadcast Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 121-130

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">  QUESTION 121 Which two options best describe the authorization process as it relates to network access? (Choose two.)   A. the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store B. the process of providing network access to the end user C. applying enforcement controls, Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 141-150

By on
Ensurepass  QUESTION 141 Which three statements about LDAP are true? (Choose three.)   A. LDAP uses UDP port 389 by default. B. LDAP is defined in terms of ASN.1 and transmitted using BER. C. LDAP is used for accessing X.500 directory services. D. An LDAP directory entry is uniquely identified by its DN. E. A secure connection via TLS is established via the UseTLS operation.   Correct Answer: BCD         QUESTION 142 Which two EAP methods may be Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 101-110

By on
Ensurepass    QUESTION 101 Which three nonproprietary EAP methods do not require the use of a client-side certificate for mutual authentication? (Choose three.)   A. LEAP B. EAP-TLS C. PEAP D. EAP-TTLS E. EAP-FAST   Correct Answer: CDE     QUESTION 102 When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose three.)   A. a message integrity check B. AES-based encryption C. avoidance of weak Initialization vectors Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 111-120

By on
Ensurepass  QUESTION 111 What type of attack consists of injecting traffic that is marked with the DSCP value of EF into the network?   A. brute-force attack B. QoS marking attack C. DHCP starvation attack D. SYN flood attack   Correct Answer: B     QUESTION 112 Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?   A. The global access list is matched first before the interface access lists. B. Both the Read more [...]

Continue Reading

350-018 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 71-80

By on
Ensurepass    QUESTION 71 With the Cisco FlexVPN solution, which four VPN deployments are supported? (Choose four.)   A. site-to-site IPsec tunnels? B. dynamic spoke-to-spoke IPSec tunnels? (partial mesh) C. remote access from software or hardware IPsec clients? D. distributed full mesh IPsec tunnels? E. IPsec group encryption using GDOI? F. hub-and-spoke IPsec tunnels?   Correct Answer: ABCF     QUESTION 72 Which four techniques can you use for IP Read more [...]

Continue Reading