Cisco 351-018 Online Practice Questions and Exam Preparation

Cisco 351-018 Online Questions & Answers

• Question 261:

  Which technology, configured on the Cisco ASA, allows Active Directory authentication credentials to be applied automatically to web forms that require authentication for clientless SSL connections?

  A. one-time passwords
  B. certificate authentication
  C. user credentials obtained during authentication
  D. Kerberos authentication
  C. user credentials obtained during authentication

• Question 262:

  Refer to the exhibit.

  

  According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server?

  A. ciaddr
  B. yiaddr
  C. siaddr
  D. giaddr
  D. giaddr

• Question 263:

  Which statement about a botnet attack is true?

  A. The botnet attack is an attack on a firewall to disable it's filtering ability.
  B. The botnet attack is a network sweeping attack to find hosts that are alive alive behind the filtering device.
  C. The botnet attack is a collection of infected computers that launch automated attacks.
  D. The owner of the infected computer willingly participates in automated attacks.
  E. The botnet attack enhances the efficiency of the computer for effective automated attacks.
  C. The botnet attack is a collection of infected computers that launch automated attacks.

• Question 264:

  Which three multicast features are supported on the Cisco ASA? (Choose three.)

  A. PIM sparse mode?
  B. IGMP forwarding?
  C. Auto-RP
  D. NAT of multicast traffic?
  A. PIM sparse mode?
  B. IGMP forwarding?
  D. NAT of multicast traffic?

• Question 265:

  According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?

  A. Allow only POST requests.
  B. Mark all cookies as HTTP only.
  C. Use per-session challenge tokens in links within your web application.
  D. Always use the "secure" attribute for cookies.
  E. Require strong passwords.
  C. Use per-session challenge tokens in links within your web application.

• Question 266:

  Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

  A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
  B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
  C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
  D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.
  C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
  D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.

• Question 267:

  Which statement about the AH is true?

  A. AH authenticates only the data.
  B. AH authenticates only the IP header.
  C. AH authenticates only the TCP-UDP header.
  D. AH authenticates the entire packet and any mutable fields.
  E. AH authenticates the entire packet except for any mutable fields.
  E. AH authenticates the entire packet except for any mutable fields.

• Question 268:

  Which option correctly describes the security enhancement added for OSPFv3?

  A. The AuType field in OSPFv3 now supports the more secure SHA-1 and SHA-2 algorithms in addition to MD5.
  B. The AuType field is removed from the OSPFv3 header since simple password authentication is no longer an option.
  C. The Authentication field in OSPFv3 is increased from 64 bits to 128 bits to accommodate more secure authentication algorithms.
  D. Both the AuType and Authentication fields are removed from the OSPF header in OSPFv3, since now it relies on the IPv6 Authentication Header (AH) and IPv6 Encapsulating Security Payload (ESP) to provide integrity, authentication, and/or confidentiality.?
  E. The Authentication field is removed from the OSPF header in OSPFv3, because OSPFv3 must only run inside of an authenticated IPSec tunnel.
  D. Both the AuType and Authentication fields are removed from the OSPF header in OSPFv3, since now it relies on the IPv6 Authentication Header (AH) and IPv6 Encapsulating Security Payload (ESP) to provide integrity, authentication, and/or confidentiality.?

• Question 269:

  Which encryption mechanism is used in WEP?

  A. RC4
  B. RC5
  C. DES
  D. AES
  A. RC4

• Question 270:

  Refer to the exhibit.

  

  Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.

  A. stateful failover using active-active for multi-context
  B. stateful failover using active-standby for multi-context
  C. stateful failover using active-standby for single-context
  D. stateless failover using interface-level failover for multi-context
  A. stateful failover using active-active for multi-context