[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 241-250

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 241 – (Topic 4)

In order to implement CGA on a Cisco IOS router for SeND, which three configuration steps are required? (Choose three.)

  1. Generate an RSA key pair.

  2. Define a site-wide pre-shared key.

  3. Define a hash algorithm that is used to generate the CGA.

  4. Generate the CGA modifier.

  5. Assign a CGA link-local or globally unique address to the interface.

  6. Define an encryption algorithm that is used to generate the CGA.

Answer: A,D,E

Question No: 242 – (Topic 4)

Which Category to Protocol mapping for NBAR is correct?

  1. Category: Enterprise Applications

    Protocol: Citrix ICA, PCAnywhere, SAP, IMAP

  2. Category: Internet Protocol: FTP, HTTP, TFTP

  3. Category: Network Management Protocol: ICMP, SNMP, SSH, Telnet

  4. Category: Network Mail Services Protocol: MAPI, POP3, SMTP

Answer: B

Question No: 243 – (Topic 4)

Which three statements about IKEv2 are correct? (Choose three.)

  1. INITIAL_CONTACT is used to synchronize state between peers.

  2. The IKEv2 standard defines a method for fragmenting large messages.

  3. The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.

  4. Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.

  5. NAT-T is not supported.

  6. Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.

Answer: A,C,D

Question No: 244 – (Topic 4)

What is a primary function of the SXP protocol?

  1. to extend a TrustSec domain on switches that do not support packet tagging with SGTs

  2. to map the SGT tag to VLAN information

  3. to allow the SGT tagged packets to be transmitted on trunks

  4. to exchange the SGT information between different TrustSec domains

Answer: A

Question No: 245 – (Topic 4)

Which four protocols are supported by Cisco IOS Management Plane Protection? (Choose four.)

  1. Blocks Extensible Exchange Protocol (BEEP)

  2. Hypertext Transfer Protocol Secure (HTTPS)

  3. Secure Copy Protocol (SCP)

  4. Secure File Transfer Protocol (SFTP)

  5. Secure Shell (SSH)

  6. Simple Network Management Protocol (SNMP)

Answer: A,B,E,F

Question No: 246 – (Topic 4)

Which three statements about SMTP are true? (Choose three.)

  1. SMTP uses TCP port 25.

  2. The POP protocol is used by the SMTP client to manage stored mail.

  3. The IMAP protocol is used by the SMTP client to send email.

  4. The mail delivery agent in the SMTP architecture is responsible for DNS lookup.

  5. SMTPS uses SSL and TLS.

  6. SMTP uses TCP port 587.

Answer: A,E,F

Question No: 247 – (Topic 4)

Which three EAP methods require a server-side certificate? (Choose three.)

  1. PEAP with MS-CHAPv2

  2. EAP-TLS

  3. EAP-FAST

  4. EAP-TTLS

  5. EAP-GTP

Answer: A,B,D

Question No: 248 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)

  1. The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.

  2. Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.

  3. Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.

  4. Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.

  5. Interface FastEthernet 5/1 is the community port.

  6. Interface FastEthernet 5/4 is the isolated port.

Answer: B,C

Question No: 249 – (Topic 4)

Which statement is true about IKEv2 and IKEv1?

  1. IKEv2 can be configured to use EAP, but IKEv1 cannot.

  2. IKEv2 can be configured to use AES encryption, but IKEv1 cannot.

  3. IKEv2 can be configured to interoperate with IKEv1 on the other end.

  4. IKEv2 consumes more bandwidth than IKEv1.

Answer: A

Question No: 250 – (Topic 4)

Which two options describe how the traffic for the shared interface is classified in ASA multi context mode? (Choose two.)

  1. Traffic is classified at the source address in the packet.

  2. Traffic is classified at the destination address in the packet.

  3. Traffic is classified at the destination address in the context.

  4. Traffic is classified by copying and sending the packet to all the contexts.

  5. Traffic is classified by sending the MAC address for the shared interface.

Answer: C,E

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.