Cisco 350-018 Online Practice Questions and Exam Preparation

Cisco 350-018 Online Questions & Answers

• Question 621:

  Which option shows the correct sequence of the DHCP packets that are involved in IP address assignment between the DHCP client and the server?

  A. REQUEST, OFFER, ACK
  B. DISCOVER, OFFER, REQUEST, ACK
  C. REQUEST, ASSIGN, ACK
  D. DISCOVER, ASSIGN, ACK
  E. REQUEST, DISCOVER, OFFER, ACK
  B. DISCOVER, OFFER, REQUEST, ACK

• Question 622:

  Which two options are differences between automation and orchestration? (choose two)

  A. Orchestration is focused on an end to-end process or workflow
  B. Automation is a f workflow composed of tasks. And orchestration is a technical task
  C. Automation is focused on automating a single or multiple tasks
  D. Automation is to be used to replace human intervention
  E. Orchestration is focused on multiple technologies to be integrated together
  A. Orchestration is focused on an end to-end process or workflow
  C. Automation is focused on automating a single or multiple tasks

• Question 623:

  Which two items are required for LDAP authenticated bind operations? (Choose two.)

  A. Root DN
  B. Password
  C. Username
  D. SSO
  E. UID
  A. Root DN
  B. Password

• Question 624:

  Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)

  A. IKE ID_KEY_ID
  B. OU field in a certificate that is presented by a client
  C. XAUTH username
  D. hash of the OTP that is sent during XAUTH challenge/response
  E. IKE ID_IPV4_ADDR
  A. IKE ID_KEY_ID
  B. OU field in a certificate that is presented by a client

• Question 625:

  Which of the following statements are true regarding hashing?

  A. Changing 1 bit of the input SHA-1 changes 1 bit of the output.
  B. SHA-1 is stronger than MD5 because t can be used with a key to prevent modification.
  C. MD5 produces a 160-bit result.
  D. MD5 takes more CPU cycles to compute than SHA-1.
  E. SHA-256 is an extension to SHA-1 with a longer output.
  A. Changing 1 bit of the input SHA-1 changes 1 bit of the output.
  E. SHA-256 is an extension to SHA-1 with a longer output.

• Question 626:

  What is the purpose of aaa server radius dynamic-author command?

  A. Enables the device to dynamically receive updates from a policy server
  B. Enables the switch to automatically authorize the connecting device if all the configured RADIUS servers are unavailable
  C. Impairs the ability to configure RADIUS local AAA
  D. This command disables dynamic authorization local server configuration mode.
  A. Enables the device to dynamically receive updates from a policy server

• Question 627:

  Refer to the exhibit.

  

  Which statement best describes the problem?

  A. Context vpn1 is not inservice.
  B. There is no gateway that is configured under context vpn1.
  C. The config has not been properly updated for context vpn1.
  D. The gateway that is configured under context vpn1 is not inservice.
  A. Context vpn1 is not inservice.

• Question 628:

  Comparing and contrasting IKEv1 and IKEv2, which three statements are true? (Choose three.)

  A. IKEv2 adds EAP as a method of authentication for clients; IKEv1 does not use EAP.
  B. IKEv1 and IKEv2 endpoints indicate support for NAT-T via the vendor_ID payload.
  C. IKEv2 and IKEv1 always ensure protection of the identities of the peers during the negotiation process.
  D. IKEv2 provides user authentication via the IKE_AUTH exchange; IKEv1 uses the XAUTH exchange.
  E. IKEv1 and IKEv2 both use INITIAL_CONTACT to synchronize SAs.
  F. IKEv1 supports config mode via the SET/ACK and REQUEST/RESPONSE methods; IKEv2 supports only REQUEST/RESPONSE.
  A. IKEv2 adds EAP as a method of authentication for clients; IKEv1 does not use EAP.
  D. IKEv2 provides user authentication via the IKE_AUTH exchange; IKEv1 uses the XAUTH exchange.
  E. IKEv1 and IKEv2 both use INITIAL_CONTACT to synchronize SAs.

• Question 629:

  Which statement is true about SYN cookies?

  A. The state is kept on the server machine TCP stack.
  B. A system has to check every incoming ACK against state tables.
  C. SYN cookies do not help to protect against SYM flood attacks.
  D. No state is kept on the server machine state but is embedded in the initial sequence number.
  D. No state is kept on the server machine state but is embedded in the initial sequence number.

• Question 630:

  Which of the following describes the DHCP "starvation" attack?

  A. Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.
  B. Saturate the network with DHCP requests to prevent other network services from working.
  C. Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names.
  D. Send DHCP response packets for the purpose of overloading CAM tables.
  A. Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.