Good News! With Cisco 350-018 exam dumps, you will never worry about your Cisco 350-018 exam, all the questions and answers are updated timely by our experts. Also now Pass4cert.net is offering free Cisco 350-018 exam VCE player and PDF files for free on their website.
Exam A
QUESTION 1
Which layer of the OSI model is referenced when utilizing http inspection on the Cisco ASA to filter Instant Messaging or Peer to Peer networks with the Modular Policy Framework?
A. application layer
B. presentation layer
C. network layer
D. transport layer
Correct Answer: A
QUESTION 2
In an 802.11 WLAN, which option is the Layer 2 identifier of a basic service set, and also is typically the MAC address of the radio of the access point?
A. BSSID
B. SSID
C. VBSSID
D. MBSSID
Correct Answer: A
QUESTION 3
What term describes an access point which is detected by your wireless network, but is not a trusted or managed access point?
A. rogue
B. unclassified
C. interferer
D. malicious
Correct Answer: A
QUESTION 4
Which authentication mechanism is available to OSPFv3?
A. simple passwords
B. MD5
C. null
D. IKEv2
E. IPsec AH/ESP
Correct Answer: E
QUESTION 5
Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)
A. manually configured
B. automatic 6to4
C. ISATAP
D. GRE
Correct Answer: AD
QUESTION 6
Before BGP update messages may be sent, a neighbor must stabilize into which neighbor state?
A. Active
B. Idle
C. Connected
D. Established
Correct Answer: D
QUESTION 7
In order to reassemble IP fragments into a complete IP datagram, which three IP header fields are referenced by the receiver? (Choose three.)
A. don’t fragment flag
B. packet is fragmented flag
C. IP identification field
D. more fragment flag
E. number of fragments field
F. fragment offset field
Correct Answer: CDF
QUESTION 8
Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?
A. SNMP
B. TACACS+
C. RADIUS
D. EAP over LAN
E. PPPoE
Correct Answer: D
QUESTION 9
What are two benefits of using IKEv2 instead of IKEv1 when deploying remote-access IPsec VPNs? (Choose two.)
A. IKEv2 supports EAP authentication methods as part of the protocol.
B. IKEv2 inherently supports NAT traversal.
C. IKEv2 messages use random message IDs.
D. The IKEv2 SA plus the IPsec SA can be established in six messages instead of nine messages.
E. All IKEv2 messages are encryption-protected.
Correct Answer: AB
QUESTION 10
Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall to allow PMTUD?
A. ICMPv6 Type 1, Code 0, no route to host
B. ICMPv6 Type 1, Code 1, communication with destination administratively prohibited
C. ICMPv6 Type 2, Code 0, packet too big
D. ICMPv6 Type 3, Code 1, fragment reassembly time exceeded
E. ICMPv6 Type 128, Code 0, echo request
F. ICMPv6 Type 129, Code 0, echo reply
Correct Answer: C
QUESTION 11
A firewall rule that filters on the protocol field of an IP packet is acting on which layer of the OSI reference model?
A. network layer
B. application layer
C. transport layer
D. session layer
Correct Answer: A
QUESTION 12
Which three statements are true about MACsec? (Choose three.)
A. It supports GCM modes of AES and 3DES.
B. It is defined under IEEE 802.1AE.
C. It provides hop-by-hop encryption at Layer 2.
D. MACsec expects a strict order of frames to prevent anti-replay.
E. MKA is used for session and encryption key management.
F. It uses EAP PACs to distribute encryption keys.
Correct Answer: BCE
QUESTION 13
Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)
A. PEAP
B. EAP-TLS
C. EAP-FAST
D. EAP-TTLS
E. EAPOL
F. EAP-RADIUS
G. EAP-MD5
Correct Answer: ABCD
QUESTION 14
Which three statements are true about the SSH protocol? (Choose three.)
A. SSH protocol runs over TCP port 23.
B. SSH protocol provides for secure remote login and other secure network services over an insecure network.
C. Telnet is more secure than SSH for remote terminal access.
D. SSH protocol runs over UDP port 22.
E. SSH transport protocol provides for authentication, key exchange, confidentiality, and integrity.
F. SSH authentication protocol supports public key, password, host based, or none as authentication methods.
Correct Answer: BEF
QUESTION 15
Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
A. Only SMTP inspection is provided on the Cisco ASA firewall.
B. A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server.
C. ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.
D. SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.
E. ESMTP servers can identify the maximum email size they can receive by using the SIZE command.
Correct Answer: CE
QUESTION 16
Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.)
A. static NAT
B. dynamic NAT
C. dynamic NAT with overloading
D. PAT
E. VAT
Correct Answer: CD
QUESTION 17
How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?
A. It is included in the CIADDR field.
B. It is included as DHCP Option 50 in the OPTIONS field.
C. It is included in the YIADDR field.
D. It is the source IP address of the UDP/53 wrapper packet.
E. The client cannot request its last IP address; it is assigned automatically by the server.
Correct Answer: B
QUESTION 18
Which type of VPN is based on the concept of trusted group members using the GDOI key management protocol?
A. DMVPN
B. SSLVPN
C. GETVPN
D. EzVPN
E. MPLS VPN
F. FlexVPN
Correct Answer: C
QUESTION 19
Refer to the exhibit. Which three statements are true? (Choose three.)
A. Because of a “root delay” of 0ms, this router is probably receiving its time directly from a Stratum 0 or 1GPS reference clock.
B. This router has correctly synchronized its clock to its NTP master.
C. The NTP server is running authentication and should be trusted as a valid time source.
D. Specific local time zones have not been configured on this router.
E. This router will not act as an NTP server for requests from other devices.
Correct Answer: BCE
QUESTION 20
Refer to the exhibit. Which message could contain an authenticated initial_contact notify during IKE main mode negotiation?
A. message 3
B. message 5
C. message 1
D. none, initial_contact is sent only during quick mode
E. none, notify messages are sent only as independent message types
Correct Answer: B
We provide thoroughly reviewed Cisco 350-018 using the training resources which are the best for Cisco 350-018 test, and to get certified by Microsoft Windows Store apps. It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 350-018 content and to print and share content.