350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 491-500

By on October 5, 2016
EnsurepassQUESTION 491 At the end of the Cisco TrustSec authentication process, which three pieces of information do both authenticator and supplicant know? (Choose three.)   A. Peer device ID B. Peer Cisco TrustSec capability information C. SAP key D. Server device ID E. Service ID F. Server peers information   Correct Answer: ABC     QUESTION 492 You are preparing Control Plane Protection configurations for implementation on the router, which has the EBGP Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 481-490

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">QUESTION 481 Which two items are required for LDAP authenticated bind operations? (Choose two.)   A. Root DN B. Password C. Username D. SSO E. UID   Correct Answer: AB     QUESTION 482 Which of the following two options can you configure to avoid iBGP full mesh? (Choose two.)   A. Route reflectors B. Confederations C. Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 471-480

By on
EnsurepassQUESTION 471 Which two statements apply to the method that ASA uses for tunnel-group lookup for LAN-to-LAN IPSec connections when using PSK-based authentication? (Choose two.)   A. If the configuration does not contain the tunnel-group with the IKE ID or peer IP address DefaultRAGroup, DefaultL2LGroup is used instead. B. DefaultL2LGroup is used only if the PSK check in DefaultRAGroup fails. C. DefaultRAGroup is used only if the PSK check in DefaultL2LGroup fails. D. You Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 451-460

By on
EnsurepassQUESTION 451 Which three addresses are special use as defined in RFC 5735? (Choose three.)   A. 171.10.0.0/24 B. 0.0.0.0/8 C. 203.0.113.0/24 D. 192.80.90.0/24 E. 172.16.0.0/12 F. 198.50.100.0/24   Correct Answer: BCE     QUESTION 452 Which statement about Sarbanes-Oxley (SOX) is true?   A. SOX is an IEFT compliance procedure for computer systems security. B. SOX is a US law. C. SOX is an IEEE compliance procedure for IT management Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 441-450

By on
EnsurepassQUESTION 441 Which three statements about Dynamic ARP Inspection on Cisco Switches are true? (Choose three.)   A. Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports. B. Dynamic ARP inspection is only supported on access ports. C. Dynamic ARP inspection checks ARP packets against the trusted database. D. The trusted database can be manually configured using the CLI. E. Dynamic ARP inspection does not perform ingress security checking. F. Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 461-470

By on
EnsurepassQUESTION 461 On Cisco routers, there are two mutually exclusive types of RSA key pairs: special-usage keys and general-purpose keys. When you generate RSA key pairs, you are prompted to select either special-usage keys or general-purpose keys. Which set of statements is true?   A. If you generate special-usage keys, two pairs of RSA keys are generated. One pair is used with any IKE policy that specifies RSA signatures as the authentication method. The other pair is used with any Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 401-410

By on
EnsurepassQUESTION 401 Which two statements about PCI DSS are true? (Choose two.)   A. PCI DSS is a US government standard that defines ISP security compliance. B. PCI DSS is a proprietary security standard that defines a framework for credit, debit, and ATM cardholder information. C. PCI DSS is a criminal act of cardholder information fraud. D. One of the PCI DSS objectives is to restrict physical access to credit, debit, and ATM cardholder information. E. PCI DSS is an IETF Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 411-420

By on
EnsurepassQUESTION 411 DRAG DROP   Correct Answer:     QUESTION 412 DRAG DROP   Correct Answer:           QUESTION 413 DRAG DROP   Correct Answer:     QUESTION 414 DRAG DROP   Correct Answer:                   QUESTION 415 Which two options describe the main purpose of EIGRP authentication? (Choose two.)   A. To identify authorized peers. B. To allow faster convergence Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 421-430

By on
EnsurepassQUESTION 421 Which statement about layer-2 VLAN is true?   A. VLAN cannot be routed. B. VLANs 1006 through 4094 are not propagated by VTP version 3. C. VLAN1 is a Cisco default VLAN that can be deleted. D. The extended-range VLANs cannot be configured in global configuration mode.   Correct Answer: A     QUESTION 422 Which two statements about the OSPF authentication configuration are true? (Choose two.)   A. OSPF authentication is required in Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 431-440

By on
EnsurepassQUESTION 431 Which option is an example of network reconnaissance attack?   A. botnets B. ping of death C. SYN flooding D. inverse mapping   Correct Answer: D     QUESTION 432 Which statement about Cisco IPS signatures is true?   A. All of the built-in signatures are enabled by default. B. Tuned signatures are built-in signatures whose parameters cannot be adjusted. C. Once the signature is removed from the sensing engine it cannot be restored. Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 381-390

By on
EnsurepassQUESTION 381 Refer to the exhibit. If SW4 is sending superior BPDUs, where should the root guard feature be configured to preserve SW3 as a root bridge?     A. SW4 Gi0/0 interface. B. Sw3 Gi0/0 interface. C. Sw2 Gi0/1 interface. D. SW2 Gi0/1 and SW3 Gi0/1   Correct Answer: C     QUESTION 382 Refer to the exhibit. What is the reason for the failure of the DMVPN session between R1 and R2?     A. tunnel mode mismatch B. IPsec phase-1 Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 391-400

By on
EnsurepassQUESTION 391 Which two statements about SOX are true? (Choose two.)   A. SOX is an IEFT compliance procedure for computer systems security. B. SOX is a US law. C. SOX is an IEEE compliance procedure for IT management to produce audit reports. D. SOX is a private organization that provides best practices for financial institution computer systems. E. Section 404 of SOX is related to IT compliance.   Correct Answer: BE     QUESTION 392 Refer to the exhibit. Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 371-380

By on
EnsurepassQUESTION 371 Which two statements about ASA transparent mode are true? (Choose two.)   A. Transparent mose acts as a Layer-3 firewall. B. The inside and outside interface must be in a different subnet. C. IP traffic will not pass unless it is permitted by an access-list. D. ARP traffic is dropped unless it is permitted. E. A configured route applies only to the traffic that is originated by the ASA. F. In multiple context mode, all contexts need to be in transparent Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 361-370

By on
EnsurepassQUESTION 361 When is the supplicant considered to be clientless?   A. when the authentication server does not have credentials to authenticate. B. when the authenticator is missing the dot1x guest VLAN under the port with which the supplicant is connected. C. when the supplicant fails EAP-MD5 challenge with the authentication server. D. when the supplicant fails to respond to EAPOL messages from the authenticator. E. when the authenticator is missing the reauthentication Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 351-360

By on
EnsurepassQUESTION 351 Which pair of ICMP messages is used in an inverse mapping attack?   A. Echo-Echo Request B. Route Solicitation- Time Exceeded C. Echo-Time Exceeded D. Echo Reply-Host Unreachable E. Echo-Host Unreachable   Correct Answer: D     QUESTION 352 Which statement about a botnet attack is true?   A. The botnet attack is an attack on a firewall to disable it's filtering ability. B. The botnet attack is a network sweeping attack to find Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 341-350

By on
EnsurepassQUESTION 341 Which statement about the AH is true?   A. AH authenticates only the data. B. AH authenticates only the IP header. C. AH authenticates only the TCP-UDP header. D. AH authenticates the entire packet and any mutable fields. E. AH authenticates the entire packet except for any mutable fields.   Correct Answer: E     QUESTION 342 Which three fields are part of the AH header? (Choose three.)   A. Source Address B. Destination Address Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 331-340

By on
EnsurepassQUESTION 331 Which two statements about NHRP are true? (Choose two.)   A. NHRP is used for broadcast multi-access networks. B. NHRP allows NHC to dynamically learn the mapping of VPN IP to NBMA IP. C. NHRP allows NHS to dynamically learn the mapping of VPN IP to BMA IP. D. NHC registers with NHS. E. Traffic between two NHCs always flows through the NHS. F. NHRP provides Layer-2 to Layer-3 address mapping.   Correct Answer: BD     QUESTION 332 Which Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 321-330

By on
EnsurepassQUESTION 321 Refer to the exhibit. Which option describes the behavior of this configuration?     A. Host 10.10.10.1 will get translated as 20.20.20.1 from inside to outside. B. Host 20.20.20.1 will be translated as 10.10.10.1 from outside to inside. C. Host 20.20.20.1 will be translated as 10.10.10.1 from inside to outside. D. Host 10.10.10.1 will be translated as 20.20.20.1 from outside to inside.   Correct Answer: A     QUESTION 322 Which ICMP Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 311-320

By on
EnsurepassQUESTION 311 Refer to the exhibit. According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server?     A. ciaddr B. yiaddr C. siaddr D. giaddr   Correct Answer: D                 QUESTION 312 Which statements apply to the above configuration? (Choose two.)   crypto isakmp profile vpn1 vrf vpn1 keyring vpn1 Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 301-310

By on
EnsurepassQUESTION 301 Which configuration is the correct way to change a GET VPN Key Encryption Key lifetime to 10800 seconds on the key server?   A. crypto isakmp policy 1 lifetime 10800 B. crypto ipsec security-association lifetime seconds 10800 C. crypto ipsec profile getvpn-profile set security-association lifetime seconds 10800 ! crypto gdoi group GET-Group identity number 1234 server local sa ipsec 1 profile getvpn-profile D. crypto gdoi group GET-Group identity number 1234 Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 291-300

By on
EnsurepassQUESTION 291 Which NTP stratum level means that the clock is unsynchronized?   A. 0 B. 1 C. 8 D. 16   Correct Answer: D     QUESTION 292 Which statement is true about an NTP server?   A. It answers using UTC time. B. It uses the local time of the server with its time zone indication. C. It uses the local time of the server and does not indicate its time zone. D. It answers using the time zone of the client.   Correct Answer: A   Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 281-290

By on
EnsurepassQUESTION 281 What is a primary function of the SXP protocol?   A. to extend a TrustSec domain on switches that do not support packet tagging with SGTs B. to map the SGT tag to VLAN information C. to allow the SGT tagged packets to be transmitted on trunks D. to exchange the SGT information between different TrustSec domains   Correct Answer: A     QUESTION 282 In RFC 4034, DNSSEC introduced which four new resource record types? (Choose four.)   Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 271-280

By on
EnsurepassQUESTION 271 Which three statements about the TACACS protocol are correct? (Choose three.)   A. TACACS+ is an IETF standard protocol. B. TACACS+ uses TCP port 47 by default. C. TACACS+ is considered to be more secure than the RADIUS protocol. D. TACACS+ can support authorization and accounting while having another separate authentication solution. E. TACACS+ only encrypts the password of the user for security. F. TACACS+ supports per-user or per-group for authorization Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 261-270

By on
EnsurepassQUESTION 261 Which protocol is superseded by AES?   A. DES B. RSA C. RC4 D. MD5   Correct Answer: A     QUESTION 262 What is the purpose of the SPI field in an IPsec packet?   A. identifies a transmission channel B. provides anti-replay protection C. ensures data integrity D. contains a shared session key   Correct Answer: A     QUESTION 263 Which IPsec protocol provides data integrity but no data encryption?   Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 251-260

By on
EnsurepassQUESTION 251 Beacons, probe request, and association request frames are associated with which category?   A. management B. control C. data D. request   Correct Answer: A     QUESTION 252 Which feature can be implemented to avoid any MPLS packet loss?   A. IP TTL propagation B. LDP IGP sync C. label advertisement sync D. conditional label advertisement E. PHP   Correct Answer: B     QUESTION 253 Which four types of VPN Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 241-250

By on
EnsurepassQUESTION 241 Which MPLS label is the signaled value to activate PHP (penultimate hop popping)?   A. 0x00 B. php C. swap D. push E. imp-null Correct Answer: E     QUESTION 242 What action will be taken by a Cisco IOS router if a TCP packet, with the DF bit set, is larger than the egress interface MTU?   A. Split the packet into two packets, so that neither packet exceeds the egress interface MTU, and forward them out. B. Respond to the sender Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 231-240

By on
EnsurepassQUESTION 231 Which three traffic conditions can be matched when configuring single rate, dual token bucket traffic policing on Cisco routers? (Choose three.)   A. conform B. normal C. violate D. peak E. exceed F. average   Correct Answer: ACE     QUESTION 232 A frame relay PVC at router HQ has a CIR of 768 kb/s and the frame relay PVC at router branch office has a CIR of 384 kb/s. Which QoS mechanism can best be used to ease the data congestion and Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 211-220

By on
EnsurepassQUESTION 211 Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)   A. Create the security zones and security zone pairs. B. Create the self zone. C. Create the default global inspection policy. D. Create the type inspect class maps and policy maps. E. Assign a security level to each security zone. F. Assign each router interface to a security zone. G. Apply a type inspect policy Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 221-230

By on
EnsurepassQUESTION 221 In order to implement CGA on a Cisco IOS router for SeND, which three configuration steps are required? (Choose three.)   A. Generate an RSA key pair. B. Define a site-wide pre-shared key. C. Define a hash algorithm that is used to generate the CGA. D. Generate the CGA modifier. E. Assign a CGA link-local or globally unique address to the interface. F. Define an encryption algorithm that is used to generate the CGA.   Correct Answer: ADE   Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 201-210

By on
EnsurepassQUESTION 201 In an 802.11 wireless network, what would an attacker have to spoof to initiate a deauthentication attack against connected clients?   A. the BSSID of the AP where the clients are currently connected B. the SSID of the wireless network C. the MAC address of the target client machine D. the broadcast address of the wireless network   Correct Answer: A       QUESTION 202 What is the commonly known name for the process of generating and gathering Read more [...]

Continue Reading

350-018 Actual Test (October 2016)

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 191-200

By on
EnsurepassQUESTION 191 Which three statements are true about TLS? (Choose three.)   A. TLS protocol uses a MAC to protect the message integrity. B. TLS data encryption is provided by the use of asymmetric cryptography. C. The identity of a TLS peer can be authenticated using public key or asymmetric cryptography. D. TLS protocol is originally based on the SSL 3.0 protocol specification. E. TLS provides support for confidentiality, authentication, and nonrepudiation.   Correct Read more [...]

Continue Reading