Valid 350-018 Braindumps With Premium Q&As From Passleader Guarantee 100% Exam Pass (61-80)

QUESTION 61
Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.)

A.    TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types.
B.    IPv6 object nesting is supported.
C.    Network objects support IPv4 and IPv6 addresses.
D.    Objects are not supported in transparent mode.
E.    Objects are supported in single- and multiple-context firewall modes.

Answer: ACE

QUESTION 62
Which command is used to replicate HTTP connections from the Active to the Standby Cisco ASA appliance in failover?

A.    monitor-interface http
B.    failover link fover replicate http
C.    failover replication http
D.    interface fover replicate http standby
E.    No command is needed, as this is the default behavior.

Answer: C

QUESTION 63
Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?

A.    class-map type inspect
B.    parameter-map type inspect
C.    service-policy type inspect
D.    policy-map type inspect tcp
E.    inspect-map type tcp

Answer: B

QUESTION 64
Which three NAT types support bidirectional traffic initiation? (Choose three.)

A.    static NAT
B.    NAT exemption
C.    policy NAT with nat/global
D.    static PAT
E.    identity NAT

Answer: ABD

QUESTION 65
Which IPS module can be installed on the Cisco ASA 5520 appliance?

A.    IPS-AIM
B.    AIP-SSM
C.    AIP-SSC
D.    NME-IPS-K9
E.    IDSM-2

Answer: B

QUESTION 66
Which two options best describe the authorization process as it relates to network access? (Choose two.)

A.    the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store
B.    the process of providing network access to the end user
C.    applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user
D.    the process of validating the provided credentials

Answer: BC

QUESTION 67
If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)

A.    Configure the Call Station ID Type to be: "IP Address".
B.    Configure the Call Station ID Type to be: "System MAC Address".
C.    Configure the Call Station ID Type to be: "MAC and IP Address".
D.    Enable DHCP Proxy.
E.    Disable DHCP Proxy.

Answer: BE

QUESTION 68
Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)

A.    Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription
B.    Cisco ISR G2 Router with SECK9 and ScanSafe subscription
C.    Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers
D.    Cisco Web Security Appliance with ScanSafe subscription

Answer: BC

QUESTION 69
Which four statements about SeND for IPv6 are correct? (Choose four.)

A.    It protects against rogue RAs.
B.    NDP exchanges are protected by IPsec SAs and provide for anti-replay.
C.    It defines secure extensions for NDP.
D.    It authorizes routers to advertise certain prefixes.
E.    It provides a method for secure default router election on hosts.
F.    Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange.
G.    It is facilitated by the Certification Path Request and Certification Path Response ND messages.

Answer: ACDE

QUESTION 70
What is the recommended network MACSec policy mode for high security deployments?

A.    should-secure
B.    must-not-secure
C.    must-secure
D.    monitor-only
E.    high-impact

Answer: A

http://www.passleader.com/350-018.html

QUESTION 71
Which three statements about NetFlow version 9 are correct? (Choose three.)

A.    It is backward-compatible with versions 8 and 5.
B.    Version 9 is dependent on the underlying transport; only UDP is supported.
C.    A version 9 export packet consists of a packet header and flow sets.
D.    Generating and maintaining valid template flow sets requires additional processing.
E.    NetFlow version 9 does not access the NetFlow cache entry directly.

Answer: CDE

QUESTION 72
Which three statements about VXLANs are true? (Choose three.)

A.    It requires that IP protocol 8472 be opened to allow traffic through a firewall.
B.    Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
C.    A VXLAN gateway maps VXLAN IDs to VLAN IDs.
D.    IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
E.    A VXLAN ID is a 32-bit value.

Answer: BCD

QUESTION 73
Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)

A.    IKE ID_KEY_ID
B.    OU field in a certificate that is presented by a client
C.    XAUTH username
D.    hash of the OTP that is sent during XAUTH challenge/response
E.    IKE ID_IPV4_ADDR

Answer: AB

QUESTION 74
Which multicast routing mechanism is optimal to support many-to-many multicast applications?

A.    PIM-SM
B.    MOSPF
C.    DVMRP
D.    BIDIR-PIM
E.    MSDP

Answer: D

QUESTION 75
Which three statements regarding VLANs are true? (Choose three.)

A.    To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID and VLAN type must all be specifically configured by the administrator.
B.    A VLAN is a broadcast domain.
C.    Each VLAN must have an SVI configured on the Cisco Catalyst switch for it to be operational.
D.    The native VLAN is used for untagged traffic on an 802.1Q trunk.
E.    VLANs can be connected across wide-area networks.

Answer: BDE

QUESTION 76
Which technology, configured on the Cisco ASA, allows Active Directory authentication credentials to be applied automatically to web forms that require authentication for clientless SSL connections?

A.    one-time passwords
B.    certificate authentication
C.    user credentials obtained during authentication
D.    Kerberos authentication

Answer: C

QUESTION 77
In what subnet does address 192.168.23.197/27 reside?

A.    192.168.23.0
B.    192.168.23.128
C.    192.168.23.160
D.    192.168.23.192
E.    192.168.23.196

Answer: D

QUESTION 78
Given the IPv4 address 10.10.100.16, which two addresses are valid IPv4-compatible IPv6 addresses? (Choose two.)

A.    :::A:A:64:10
B.    ::10:10:100:16
C.    0:0:0:0:0:10:10:100:16
D.    0:0:10:10:100:16:0:0:0

Answer: BC

QUESTION 79
What is the size of a point-to-point GRE header, and what is the protocol number at the IP layer?

A.    8 bytes, and protocol number 74
B.    4 bytes, and protocol number 47
C.    2 bytes, and protocol number 71
D.    24 bytes, and protocol number 1
E.    8 bytes, and protocol number 47

Answer: B

QUESTION 80
When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.)

A.    TKIP uses an advanced encryption scheme based on AES.
B.    TKIP provides authentication and integrity checking using CBC-MAC.
C.    TKIP provides per-packet keying and a rekeying mechanism.
D.    TKIP provides message integrity check.
E.    TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset.
F.    TKIP uses a 48-bit initialization vector.

Answer: CDF

Valid 350-018 Braindumps With Premium Q&As From Passleader Guarantee 100% Exam Pass

http://www.passleader.com/350-018.html