Cisco 350-018 Online Practice Questions and Exam Preparation

Cisco 350-018 Online Questions & Answers

• Question 531:

  What protocol does IPv6 Router Advertisement use for its messages?

  A. ARP
  B. TCP
  C. ICMPv6
  D. UDP
  C. ICMPv6

• Question 532:

  Which two pieces of information are communicated by the ASA failover link? (Choose two.)

  A. unit state
  B. connections State
  C. routing tables
  D. power status
  E. MAC address exchange
  A. unit state
  E. MAC address exchange

• Question 533:

  If an ASA device is configured as a remote access IPsec server with RADIUS authentication and password management enabled, which type of authentication will it use?

  A. MS-CHAFV2
  B. MS-CHAPv1
  C. RSA
  D. NTLM
  E. PAP
  E. PAP

• Question 534:

  In ISO 27001 ISMS, which three of these certification process phases are required to collect information for ISO 27001? (Choose three.)

  A. discover
  B. certification audit
  C. post-audit
  D. observation
  E. pre-audit
  F. major compliance
  B. certification audit
  C. post-audit
  E. pre-audit

• Question 535:

  What are two limitations of the Atomic IP Advanced Engine? (Choose two.)

  A. It has limited ability to check the fragmentation header.
  B. It is unable to fire high-severity alerts for known vulnerabilities.
  C. It is unable to detect IP address anomalies, including IP spoofing
  D. It is unable to inspect a packet's length fields for bad information.
  E. It is unable to detect Layer 4 attacks if the packets were fragmented by IPv6.
  A. It has limited ability to check the fragmentation header.
  E. It is unable to detect Layer 4 attacks if the packets were fragmented by IPv6.

• Question 536:

  Which three EAP methods require a server-side certificate? (Choose three.)

  A. PEAP with MS-CHAPv2
  B. EAP-TLS
  C. EAP-FAST
  D. EAP-TTLS
  E. EAP-GTP
  A. PEAP with MS-CHAPv2
  B. EAP-TLS
  D. EAP-TTLS

• Question 537:

  Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)

  A. Create the security zones and security zone pairs.
  B. Create the self zone.
  C. Create the default global inspection policy.
  D. Create the type inspect class maps and policy maps.
  E. Assign a security level to each security zone.
  F. Assign each router interface to a security zone.
  G. Apply a type inspect policy map to each zone pair.
  A. Create the security zones and security zone pairs.
  D. Create the type inspect class maps and policy maps.
  F. Assign each router interface to a security zone.
  G. Apply a type inspect policy map to each zone pair.

• Question 538:

  Refer to the exhibit.

  

  Which item is not authenticated by ESP in tunnel mode?

  A. ESP header
  B. ESP trailer
  C. New IP header
  D. Original IP header
  E. Data
  F. TCP-UDP header
  C. New IP header

• Question 539:

  Refer to the exhibit.

  

  Why does the EasyVPN session fail to establish between the client and server?

  A. incomplete ISAKMP profile configuration on the server
  B. incorrect IPsec phase-2 configuration on the server
  C. incorrect group configuration on the client
  D. ISAKMP key mismatch
  E. incorrect ACL in the ISAKMP client group configuration
  B. incorrect IPsec phase-2 configuration on the server

• Question 540:

  What functionality does SXP provide to enhance security?

  A. its supports Cisco's TrustSec implementation on virtual machines
  B. it supports Cisco's TrustSec solutions by transporting information over network that are unable to support SGT propagation.
  C. it support secure communications between Cisco IronPort and cloud-based email servers.
  D. it support secure communications between Cisco IronPort and Exchange.
  B. it supports Cisco's TrustSec solutions by transporting information over network that are unable to support SGT propagation.