Cisco 350-018 Online Practice Questions and Exam Preparation

Cisco 350-018 Online Questions & Answers

• Question 601:

  In Cisco IOS firewall the HTTP inspection engine has the ability to protect against which of the following?

  A. Tunneling over port 443.
  B. Tunneling over port 80.
  C. HTTP file transfers authorized by the configured security policy.
  D. Authorized request methods.
  B. Tunneling over port 80.

• Question 602:

  DNSSEC was designed to overcome which security limitation of DNS?

  A. DNS man-in-the-middle attacks
  B. DNS flood attacks
  C. DNS fragmentation attacks
  D. DNS hash attacks
  E. DNS replay attacks
  F. DNS violation attacks
  A. DNS man-in-the-middle attacks

• Question 603:

  Which pair of ICMP messages is used in an inverse mapping attack?

  A. Echo-Echo Request
  B. Route Solicitation- Time Exceeded
  C. Echo-Time Exceeded
  D. Echo Reply-Host Unreachable
  E. Echo-Host Unreachable
  D. Echo Reply-Host Unreachable

• Question 604:

  Which three options are methods of load-balancing data in an ASA cluster environment? (Choose three.)

  A. ECMP
  B. floating static routes
  C. PBR
  D. HSRP
  E. distance-vector routing
  F. spanned EtherChannel
  A. ECMP
  C. PBR
  F. spanned EtherChannel

• Question 605:

  For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)

  A. BVI is required for the inspection of IP traffic.
  B. The firewall can perform routing on bridged interfaces.
  C. BVI is required if routing is disabled on the firewall.
  D. BVI is required if more than two interfaces are in a bridge group.
  E. BVI is required for the inspection of non-IP traffic.
  F. BVI can manage the device without having an interface that is configured for routing.
  D. BVI is required if more than two interfaces are in a bridge group.
  F. BVI can manage the device without having an interface that is configured for routing.

• Question 606:

  Refer to the exhibit.

  

  Which option describes the behavior of this configuration?

  A. Traffic from the 30.30.0.0/16 network to the 10.10.0.0/32 network will be translated.
  B. Traffic from the 30.30.0.0/32 network to the 10.10.0.0/16 network will not be translated.
  C. Traffic from the 10.10.0.0/16 network to the 30.30.30.0/24 network will not be translated.
  D. Traffic from the 10.10.0.0/32 network to the 30.30.30.0/16 network will be translated.
  C. Traffic from the 10.10.0.0/16 network to the 30.30.30.0/24 network will not be translated.

• Question 607:

  Which two router configurations block packets with the type 0 routing header on the interface?(Choose two) A. Option A

  

  B. Option B
  C. Option C
  D. Option D
  E. Option E
  B. Option B
  C. Option C

• Question 608:

  

  Refer to the exhibit.What is the effect of the given command sequence?

  A. The server will accept secure HTTP connections from clients with signed security certicates
  B. The client profile will match the authorization profile defined in the AAA server
  C. The HTTP server and client will negotiate the cipher suite encryption parameters
  D. The clients are added to the cipher suite*s profile
  E. The server will accept secure HTTP connections from clients defined in the AAA server
  A. The server will accept secure HTTP connections from clients with signed security certicates

• Question 609:

  What are the three default account duration settings supported by the Cisco ISE Guest services? (Choose three)

  A. DefaultStartEnd
  B. DefaultEightHours
  C. DefaultFirstLoginEight
  D. DefaultUnlimited
  E. DefaultFirstLogin
  F. DefaultFiveHours
  A. DefaultStartEnd
  B. DefaultEightHours
  C. DefaultFirstLoginEight

• Question 610:

  What are the three scanning engines that the cisco IronPort dynamic vectoring and Streaming engine can use to protect against malware? (Choose three)

  A. Sophos
  B. McAfee
  C. Symantec
  D. F-Secure
  E. Webroot
  F. TrendMicro
  A. Sophos
  B. McAfee
  E. Webroot