100% Valid And Newest–Do not worry about your Cisco 350-018 exam! Just try Flydumps the latest Cisco 350-018 exam dumps.The latest new version with all the official new added Cisco 350-018 questions and answers.High pass rate and money back
QUESTION 61
Refer to the exhibit.
Which statement best describes the problem?
A. Context vpn1 is not inservice.
B. There is no gateway that is configured under context vpn1.
C. The config has not been properly updated for context vpn1.
D. The gateway that is configured under context vpn1 is not inservice.
Correct Answer: A
QUESTION 62
Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)
“Pass Any Exam. Any Time.” – www.actualtests.com 28 Cisco 350-018 Exam
A. The firewall is not a routed hop.
B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces.
C. Static routes are supported.
D. PAT and NAT are not supported.
E. Only one global address per device is supported for management.
F. SSL VPN is supported for management.
Correct Answer: ABC
QUESTION 63
Which three statements about Cisco IOS RRI are correct? (Choose three.)
A. RRI is not supported with ipsec-profiles.
B. Routes are created from ACL entries when they are applied to a static crypto map.
C. Routes are created from source proxy IDs by the receiver with dynamic crypto maps.
D. VRF-based routes are supported.
E. RRI must be configured with DMVPN.
Correct Answer: BCD
QUESTION 64
Which of the following describes the DHCP “starvation” attack?
A. Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.
B. Saturate the network with DHCP requests to prevent other network services from working.
C. Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names.
D. Send DHCP response packets for the purpose of overloading CAM tables.
Correct Answer: A
QUESTION 65
“Pass Any Exam. Any Time.” – www.actualtests.com 29 Cisco 350-018 Exam Which Cisco technology protects against Spanning Tree Protocol manipulation?
A. spanning-tree protection
B. root guard and BPDU guard
C. Unicast Reverse Path Forwarding
D. MAC spoof guard
E. port security
Correct Answer: B
QUESTION 66
Refer to the exhibit.
“Pass Any Exam. Any Time.” – www.actualtests.com 30 Cisco 350-018 Exam
Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)
A. The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.
B. Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.
C. Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.
D. Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.
E. Interface FastEthernet 5/1 is the community port.
F. Interface FastEthernet 5/4 is the isolated port. “Pass Any Exam. Any Time.” – www.actualtests.com 31 Cisco 350-018 Exam
Correct Answer: BC QUESTION 67
Which three configuration components are required to implement QoS policies on Cisco routers using MQC? (Choose three.)
A. class-map
B. global-policy
C. policy-map
D. service-policy
E. inspect-map
Correct Answer: ACD
QUESTION 68
Which type of PVLAN ports can communicate among themselves and with the promiscuous port?
A. isolated
B. community
C. primary
D. secondary
E. protected
Correct Answer: B
QUESTION 69
Which statement is true about the Cisco NEAT 802.1X feature?
A. The multidomain authentication feature is not supported on the authenticator switch interface.
B. It allows a Cisco Catalyst switch to act as a supplicant to another Cisco Catalyst authenticator switch.
C. The supplicant switch uses CDP to send MAC address information of the connected host to the “Pass Any Exam. Any Time.” – www.actualtests.com 32 Cisco 350-018 Exam authenticator switch.
D. It supports redundant links between the supplicant switch and the authenticator switch.
Correct Answer: B
QUESTION 70
Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?
A. PKI
B. TACACS+
C. multi-auth host mode
D. port security
E. 802.1x
Correct Answer: E
QUESTION 71
With the Cisco FlexVPN solution, which four VPN deployments are supported? (Choose four.)
A. site-to-site IPsec tunnels?
B. dynamic spoke-to-spoke IPSec tunnels? (partial mesh)
C. remote access from software or hardware IPsec clients?
D. distributed full mesh IPsec tunnels?
E. IPsec group encryption using GDOI?
F. hub-and-spoke IPsec tunnels?
Correct Answer: ABCF QUESTION 72
Which four techniques can you use for IP management plane security? (Choose four.) “Pass Any Exam. Any Time.” – www.actualtests.com 33 Cisco 350-018 Exam
A. Management Plane Protection
B. uRPF
C. strong passwords
D. RBAC
E. SNMP security measures
F. MD5 authentication
Correct Answer: ACDE QUESTION 73
Which three statements about remotely triggered black hole filtering are true? (Choose three.)
A. It filters undesirable traffic.
B. It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks.
C. It provides a rapid-response technique that can be used in handling security-related events and incidents.
D. It requires uRPF.
Correct Answer: ACD QUESTION 74
Which three statements about Cisco Flexible NetFlow are true? (Choose three.)
A. The packet information used to create flows is not configurable by the user.
B. It supports IPv4 and IPv6 packet fields.
C. It tracks all fields of an IPv4 header as well as sections of the data payload.
D. It uses two types of flow cache, normal and permanent.
E. It can be a useful tool in monitoring the network for attacks.
Correct Answer: BCE QUESTION 75
During a computer security forensic investigation, a laptop computer is retrieved that requires
“Pass Any Exam. Any Time.” – www.actualtests.com 34 Cisco 350-018 Exam content analysis and information retrieval. Which file system is on it, assuming it has the default installation of Microsoft Windows Vista operating system?
A. HSFS
B. WinFS
C. NTFS
D. FAT
E. FAT32
Correct Answer: C QUESTION 76
Which three statements about the IANA are true? (Choose three.)
A. IANA is a department that is operated by the IETF.
B. IANA oversees global IP address allocation.
C. IANA managed the root zone in the DNS.
D. IANA is administered by the ICANN.
E. IANA defines URI schemes for use on the Internet.
Correct Answer: BCD
QUESTION 77
What does the Common Criteria (CC) standard define?
A. The current list of Common Vulnerabilities and Exposures (CVEs)
B. The U.S standards for encryption export regulations
C. Tools to support the development of pivotal, forward-looking information system technologies
D. The international standards for evaluating trust in information systems and products
E. The international standards for privacy laws
F. The standards for establishing a security incident response system
Correct Answer: D
QUESTION 78
Which three types of information could be used during the incident response investigation phase? (Choose three.)
A. netflow data
B. SNMP alerts
C. encryption policy
D. syslog output
E. IT compliance reports
Correct Answer: ABD
QUESTION 79
Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Correct Answer: B
Try Cisco 350-018 exam free demo before you decide to buy it in Flydumps.com. After you buy Flydumps Cisco 350-018 exam dumps, you will get free update for ONE YEAR!