testinside 350-018 [Aug 2016]

Download of 350-018 real exam materials and tutorials for Cisco certification for candidates, Real Success Guaranteed with Updated 350-018 pdf dumps vce Materials. 100% PASS CCIE Pre-Qualification Test for Security exam Today!

2016 Aug 350-018 Study Guide Questions:

Q121. Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment? 

A. SSL Handshake Protocol 

B. SSL Alert Protocol 

C. SSL Record Protocol 

D. SSL Change CipherSpec Protocol 

Answer: C 

Q122. Refer to the exhibit. 

Which statement best describes the problem? 

A. Context vpn1 is not inservice. 

B. There is no gateway that is configured under context vpn1. 

C. The config has not been properly updated for context vpn1. 

D. The gateway that is configured under context vpn1 is not inservice. 

Answer: A 

Q123. Refer to the exhibit. 

What is the reason for the failure of the DMVPN session between R1 and R2? 

A. tunnel mode mismatch 

B. IPsec phase-1 configuration is missing peer address on R2 

C. IPsec phase-1 policy mismatch 

D. IPsec phase-2 policy mismatch 

E. incorrect tunnel source interface on R1 

Answer: E 

350-018  practice exam

Rebirth 350-018 pass4sure latest version:

Q124. Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW? 

A. class-map type inspect 

B. parameter-map type inspect 

C. service-policy type inspect 

D. policy-map type inspect tcp 

E. inspect-map type tcp 

Answer: B 

Q125. Which three statements are true regarding Security Group Tags? (Choose three.) 

A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result. 

B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile. 

C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x. 

D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication. 

E. A Security Group Tag is a variable length string that is returned as an authorization result. 

Answer: ACD 

Q126. Refer to the exhibit. 

According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server? 

A. ciaddr 

B. yiaddr 

C. siaddr 

D. giaddr 

Answer: D 


Precise testking 350-018 latest version:

Q127. Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation? 

A. session token 

B. one-time password 

C. time stamps 

D. sequence number 

E. nonce 

Answer: D 

Q128. What is the function of this command? 

switch(config-if)# switchport port-security mac-address sticky 

A. It allows the switch to restrict the MAC addresses on the switch port, based on the static 

MAC addresses configured in the startup configuration. 

B. It allows the administrator to manually configure the secured MAC addresses on the switch port. 

C. It allows the switch to permanently store the secured MAC addresses in the MAC address table (CAM table). 

D. It allows the switch to perform sticky learning, in which the dynamically learned MAC addresses are copied from the MAC address table (CAM table) to the startup configuration. 

E. It allows the switch to dynamically learn the MAC addresses on the switch port, and the MAC addresses will be added to the running configuration 

Answer: E 

Q129. Which Cisco technology protects against Spanning Tree Protocol manipulation? 

A. spanning-tree protection 

B. root guard and BPDU guard 

C. Unicast Reverse Path Forwarding 

D. MAC spoof guard 

E. port security 

Answer: B 

Q130. Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.) 

A. It prevents rogue APs from being wired into the network. 

B. It provides encryption capability of data traffic between APs and controllers. 

C. It prevents rogue clients from accessing the wired network. 

D. It ensures that 802.1x requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place. 

Answer: AD 

About 350-018 Information: 350-018 Dumps