Cisco 351-018 Online Practice Questions and Exam Preparation

Cisco 351-018 Online Questions & Answers

• Question 151:

  Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)

  A. The firewall is not a routed hop.
  B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces.
  C. Static routes are supported.
  D. PAT and NAT are not supported.
  E. Only one global address per device is supported for management.
  F. SSL VPN is supported for management.
  A. The firewall is not a routed hop.
  B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces.
  C. Static routes are supported.

• Question 152:

  Which statement correctly describes a botnet filter category?

  A. Unlisted addresses: The addresses are malware addresses that are not identified by the dynamic database and are hence defined statically.
  B. Ambiguous addresses: In this case, the same domain name has multiple malware addresses but not all the addresses are in the dynamic database. These addresses are on the graylist.
  C. Known malware addresses: These addresses are identified as blacklist addresses in the dynamic database and static list.
  D. Known allowed addresses: These addresses are identified as whitelist addresses that are bad addresses but still allowed.
  C. Known malware addresses: These addresses are identified as blacklist addresses in the dynamic database and static list.

• Question 153:

  When configuring an Infrastructure ACL (iACL) to protect the IPv6 infrastructure of an enterprise network, where should the iACL be applied??

  A. all infrastructure devices in both the inbound and outbound direction
  B. all infrastructure devices in the inbound direction
  C. all infrastructure devices in the outbound direction
  D. all parameter devices in both the inbound and outbound direction
  E. all parameter devices in the inbound direction
  F. all parameter devices in the outbound direction
  E. all parameter devices in the inbound direction

• Question 154:

  A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. How can this issue be resolved?

  A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.
  B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split- tunnel-list containing the local LAN addresses that are relevant to the client.
  C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.
  D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.
  E. The Cisco Easy VPN client machine needs to have multiple NICs to support this.
  B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split- tunnel-list containing the local LAN addresses that are relevant to the client.

• Question 155:

  Refer to the exhibit.

  

  Which three fields of the IP header labeled can be used in a spoofing attack? (Choose one.)

  A. 6, 7, 11
  B. 6, 11, 12
  C. 3, 11, 12
  D. 4, 7, 11
  A. 6, 7, 11

• Question 156:

  When is a connection entry created on ASA for a packet that is received on the ingress interface?

  A. When the packet is checked by the access-list.
  B. When the packet reaches the ingress interface internal buffer.
  C. When the packet is a SYN packet or UDP packet.
  D. When a translation rule exists for the packet.
  E. When the packet is subjected to inspection.
  D. When a translation rule exists for the packet.

• Question 157:

  Refer to the exhibit.

  

  A customer has an IPsec tunnel that is configured between two remote offices. The customer is seeing these syslog messages on Router B:

  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=x, sequence number=y

  What is the most likely cause of this error?

  A. The customer has an LLQ QoS policy that is configured on the WAN interface of Router A.
  B. A hacker on the Internet is launching a spoofing attack.
  C. Router B has an incorrectly configured IP MTU value on the WAN interface.
  D. There is packet corruption in the network between Router A and Router B.
  E. Router A and Router B are not synchronized to the same timer source.
  A. The customer has an LLQ QoS policy that is configured on the WAN interface of Router A.

• Question 158:

  What action will be taken by a Cisco IOS router if a TCP packet, with the DF bit set, is larger than the egress interface MTU?

  A. Split the packet into two packets, so that neither packet exceeds the egress interface MTU, and forward them out.
  B. Respond to the sender with an ICMP Type 3 , Code 4.
  C. Respond to the sender with an ICMP Type 12, Code 2.
  D. Transmit the packet unmodified.
  B. Respond to the sender with an ICMP Type 3 , Code 4.

• Question 159:

  Which two statements about the AES algorithm are true? (Choose two)

  A. The AES algorithm is an asymmetric block cipher.
  B. The AES algorithm operates on a 128-bits block.
  C. The AES algorithm uses a fixed length-key of 128 bits.
  D. The AES algorithm does not give any advantage over 3DES due to the same key length.
  E. The AES algorithm consist of four functions. Three functions provide confusion-diffusion and one provides encryption.
  B. The AES algorithm operates on a 128-bits block.
  E. The AES algorithm consist of four functions. Three functions provide confusion-diffusion and one provides encryption.

• Question 160:

  When routing is configured on ASA, which statement is true?

  A. If the default route is not present, then the routing table is checked.
  B. If the routing table has two matching entries, the packet is dropped.
  C. If routing table has two matching entries with same prefix length, the first entry is used.
  D. If routing table has two matching entries with different prefix lengths, the entry with the longer prefix length is used.
  D. If routing table has two matching entries with different prefix lengths, the entry with the longer prefix length is used.