Pass Azure, MCSE, MCSA, MCSD, A+, Network+, Security+, CCIE, CCNA, CCNP Exams with Free Practice Questions and Answers

350-018 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 271-280

August 8, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 271 – (Topic 4)

Which two statements about the OSPF authentication configuration are true? (Choose two.)

  1. OSPF authentication is required in area 0.

  2. There are three types of OSPF authentication options available.

  3. In MD5 authentication, the password is encrypted when it is sent.

  4. Null authentication includes the password in clear-text.

  5. Type-3 authentication is a clear-text password authentication.

  6. In MD5 authentication, the password never goes across the network.

Answer: B,F

Question No: 272 – (Topic 4)

Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.)

  1. It prevents rogue APs from being wired into the network.

  2. It provides encryption capability of data traffic between APs and controllers.

  3. It prevents rogue clients from accessing the wired network.

  4. It ensures that 802.1x requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place.

Answer: A,D

Question No: 273 – (Topic 4)

Which ICMP message type code indicates fragment reassembly time exceeded?

  1. Type 4, Code 0

  2. Type 11, Code 0

  3. Type 11, Code 1

  4. Type 12, Code 2

Answer: C

Question No: 274 – (Topic 4)

Which transport method is used by the IEEE 802.1X protocol?

  1. EAPOL frames

  2. 802.3 frames

  3. UDP RADIUS datagrams

  4. PPPoE frames

Answer: A

Question No: 275 – (Topic 4)

Which statement is true about EAP-FAST?

  1. It supports Windows single sign-on.

  2. It is a proprietary protocol.

  3. It requires a certificate only on the server side.

  4. It does not support an LDAP database.

Answer: A

Question No: 276 – (Topic 4)

Which two statements about dynamic ARP inspection are true? (Choose two.)

  1. Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports.

  2. Dynamic ARP inspection is only supported on access and trunk ports.

  3. Dynamic ARP inspection checks invalid ARP packets against the trusted database.

  4. The trusted database to check for an invalid ARP packet is manually configured.

  5. Dynamic ARP inspection does not perform ingress security checking.

  6. DHCP snooping must be enabled.

Answer: C,F

Question No: 277 – (Topic 4)

Which three statements about Dynamic ARP Inspection on Cisco Switches are true? (Choose three.)

  1. Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports.

  2. Dynamic ARP inspection is only supported on access ports.

  3. Dynamic ARP inspection checks ARP packets against the trusted database.

  4. The trusted database can be manually configured using the CLI.

  5. Dynamic ARP inspection does not perform ingress security checking.

  6. DHCP snooping is used to dynamically build the trusted database.

Answer: C,D,F

Question No: 278 – (Topic 4)

Which record statement is part of the NetFlow monitor configuration that is used to collect MPLS traffic with an IPv6 payload?

  1. record mpls IPv6-fields labels 3

  2. record mpls IPv4-fields labels 3

  3. record mpls labels 3

  4. record mpls ipv6-fields labels

Answer: A

Question No: 279 – (Topic 4)

Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?

  1. class-map type inspect

  2. parameter-map type inspect

  3. service-policy type inspect

  4. policy-map type inspect tcp

  5. inspect-map type tcp

Answer: B

Question No: 280 – (Topic 4)

Which three configuration tasks are required for VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco ASA?? (Choose three.)

  1. The redirect-fqdn command must be entered under the vpn load-balancing sub- configuration.

  2. Each ASA in the VPN cluster must be able to resolve the IP of all DNS hostnames that are used in the cluster?.

  3. The identification and CA certificates for the master FQDN hostname must be imported into each VPN cluster-member device?.

  4. The remote-access IP pools must be configured the same on each VPN cluster-member interface.

Answer: A,B,C

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

braindumps examcollection pass4sure passguide testinsides testking
Comments Off