Cisco 350-018 Online Practice Questions and Exam Preparation

Cisco 350-018 Online Questions & Answers

• Question 421:

  Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?

  A. HTTP inspection
  B. static entries in the botnet blacklist and whitelist
  C. global ACL
  D. NetFlow
  E. DNS inspection and DNS snooping
  E. DNS inspection and DNS snooping

• Question 422:

  For which reason would an RSA key pair need to be removed?

  A. The CA is under DoS attack
  B. The CA has suffered a power outage
  C. The existing CA is replaced, and the new CA requires newly generated keys
  D. PKI architecture would never allow the RSA key pair removal
  C. The existing CA is replaced, and the new CA requires newly generated keys

• Question 423:

  What is the recommended network MACSec policy mode for high security deployments?

  A. should-secure
  B. must-not-secure
  C. must-secure
  D. monitor-only
  E. high-impact
  C. must-secure

• Question 424:

  Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)

  A. update
  B. query
  C. reply
  D. hello
  E. acknowledgement
  D. hello
  E. acknowledgement

• Question 425:

  What are two advantages of using NLA with Windows Terminal Services? (Choose two.)

  A. uses SPNEGO and TLS to provide optional double encryption of user credentials
  B. forces the use of Kerberos to pass credentials from client to server
  C. protects against man-in-the-middle attacks
  D. requires clients to present an SSL certificate to verify their authenticity
  E. protects servers against DoS attacks by requiring lesser resources for authentication
  A. uses SPNEGO and TLS to provide optional double encryption of user credentials
  C. protects against man-in-the-middle attacks

• Question 426:

  

  Refer to the exhibit . What is the effect of the given configuration?

  A. It requires the enable password to be authorized by the LOCAL database
  B. It allows users to log in with any user name in the LOCAL database
  C. It enables management authorization for a user-authenticated RADIUS server
  D. Users will be authenticated against the RADIUS servers defined in the adm_net list
  E. It allows SSH connections to console login into the ASA
  D. Users will be authenticated against the RADIUS servers defined in the adm_net list

• Question 427:

  

  Refer to exhibit What is the effect of the given ACL policy?

  A. The policy will disable IPEV6 source routing
  B. The policy will deny all IPv6 Ebgp sessions C. The policy will deny all IPv6 routed packets
  D. The policy will deny all IPv6 routing packets
  A. The policy will disable IPEV6 source routing

• Question 428:

  What is a primary function of the SXP protocol?

  A. to extend a TrustSec domain on switches that do not support packet tagging with SGTs
  B. to map the SGT tag to VLAN information
  C. to allow the SGT tagged packets to be transmitted on trunks
  D. to exchange the SGT information between different TrustSec domains
  A. to extend a TrustSec domain on switches that do not support packet tagging with SGTs

• Question 429:

  Which ICMP message could be used with traceroute to map network topology?

  A. Echo Reply
  B. Redirect
  C. Time Exceeded
  D. Echo
  E. Router Selection
  F. Address Mask Request
  C. Time Exceeded

• Question 430:

  If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)

  A. Configure the Call Station ID Type to bE. "IP Address".
  B. Configure the Call Station ID Type to bE. "System MAC Address".
  C. Configure the Call Station ID Type to bE. "MAC and IP Address".
  D. Enable DHCP Proxy.
  E. Disable DHCP Proxy.
  B. Configure the Call Station ID Type to bE. "System MAC Address".
  E. Disable DHCP Proxy.