Cisco 350-018 Online Practice Questions and Exam Preparation

Cisco 350-018 Online Questions & Answers

• Question 361:

  Drag and drop the SMTP components on the left onto their corresponding roles on the right.

  Select and Place:

  

  

• Question 362:

  Which BGP configuration forces the session to tear down when the learned routes from the neighbor exceed 10?

  A. neighbor 10.0.0.1 maximum-prefix 10 80 warning-only
  B. neighbor 10.0.0.1 maximum-prefix 10 80
  C. neighbor 10.0.0.1 maximum-prefix 80 10 warning-only
  D. neighbor 10.0.0.1 maximum-prefix 80 10
  B. neighbor 10.0.0.1 maximum-prefix 10 80

• Question 363:

  Which two statements about DTLS are true? (Choose two)

  A. It is more secure than TLS
  B. unlike TLS, DTLS support VPN connections with ASA
  C. when DPD is disabled, DTLS connections can automatically fall back to TLS.
  D. it support SSL VPN without requiring an SSL tunnel
  E. it overcomes the latency and bandwidth problem that can occur with SSL
  F. It can reduce packet delays and improve application performance
  C. when DPD is disabled, DTLS connections can automatically fall back to TLS.
  E. it overcomes the latency and bandwidth problem that can occur with SSL

• Question 364:

  The address of an inside client is translated from a private address to a public address by a NAT router for access to an outside web server. What term describes the destination address (client) after the outside web server responds, and before it hits the NAT router?

  A. inside local
  B. inside global
  C. outside local
  D. outside global
  B. inside global

• Question 365:

  Which two statements about implementing GDOI in a DMVPN network are true?(Choose two)

  A. DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub.
  B. Rekeying requires an exclusive IGMP join in the mGRE interface.
  C. The crypto map is applied to the subinterface of each spoke.
  D. Direct spoke-to-spoke traffic is black-holed.
  E. If a group member rekey operation fails. It must wait for the SA lifetime to expire before it can register with th key server.
  F. The DMVPN hub can actes the GDOI key server.
  A. DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub.
  F. The DMVPN hub can actes the GDOI key server.

• Question 366:

  Which field in an HTTPS server certificate is compared to a server name in the URL?

  A. Common Name
  B. Issuer Name
  C. Organization
  D. Organizational Unit
  A. Common Name

• Question 367:

  Drag and drop the components of a Teredo IPv6 packet from the left to the correct position in the packet on the right

  Select and Place:

  

  

• Question 368:

  Which statement about the TACACS+ AV pair is true?

  A. AV pair value is integer.
  B. Cisco ACS does not support accounting AV pairs.
  C. AV pair values could be both strings and integers.
  D. AV pair does not have value type.
  D. AV pair does not have value type.

• Question 369:

  Which item is not encrypted by ESP?

  A. ESP header
  B. ESP trailer
  C. IP header
  D. Data
  E. TCP-UDP header
  A. ESP header

• Question 370:

  Which three statements about Dynamic ARP Inspection on Cisco Switches are true? (Choose three.)

  A. Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports.
  B. Dynamic ARP inspection is only supported on access ports.
  C. Dynamic ARP inspection checks ARP packets against the trusted database.
  D. The trusted database can be manually configured using the CLI.
  E. Dynamic ARP inspection does not perform ingress security checking.
  F. DHCP snooping is used to dynamically build the trusted database.
  C. Dynamic ARP inspection checks ARP packets against the trusted database.
  D. The trusted database can be manually configured using the CLI.
  F. DHCP snooping is used to dynamically build the trusted database.