Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!
CCIE Security Exam (v4.1)
Question No: 261 – (Topic 4)
What does the Common Criteria (CC) standard define?
-
The current list of Common Vulnerabilities and Exposures (CVEs)
-
The U.S standards for encryption export regulations
-
Tools to support the development of pivotal, forward-looking information system technologies
-
The international standards for evaluating trust in information systems and products
-
The international standards for privacy laws
-
The standards for establishing a security incident response system
Answer: D
Question No: 262 – (Topic 4)
Which Cisco ASA feature can be used to update non-compliant antivirus/antispyware definition files on an AnyConnect client?
-
dynamic access policies
-
dynamic access policies with Host Scan and advanced endpoint assessment
-
Cisco Secure Desktop
-
advanced endpoint assessment
Answer: B
Question No: 263 – (Topic 4)
Refer to the exhibit.
With the client protected by the firewall, an HTTP connection from the client to the server
on TCP port 80 will be subject to which action?
-
inspection action by the HTTP_CMAP
-
inspection action by the TCP_CMAP
-
drop action by the default class
-
inspection action by both the HTTP_CMAP and TCP_CMAP
-
pass action by the HTTP_CMAP
-
drop action due to class-map misclassification
Answer: B
Question No: 264 – (Topic 4)
Which statement applies to Flexible NetFlow?
-
Flexible NetFlow uses seven key fields in IP datagrams to identify the flow.
-
Flexible NetFlow uses key fields of IP datagram to identify fields from which data is captured.
-
User-defined flows can be defined in Flexible NetFlow.
-
Flexible NetFlow cannot be used for billing and accounting applications.
-
Flexible NetFlow does not have any predefined records.
Answer: C
Question No: 265 – (Topic 4)
Which two options best describe the authorization process as it relates to network access? (Choose two.)
-
the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store
-
the process of providing network access to the end user
-
applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user
-
the process of validating the provided credentials
Answer: B,C
Question No: 266 – (Topic 4)
The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.
-
policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0
drop log
-
policy-map type inspect icmpv6 ICMPv6_PMAP match header routing-type eq 0
drop log
-
policy-map type inspect ipv6-header HEADER_PMAP match header routing-type eq 0
drop log
-
policy-map type inspect http HEADER_PMAP match routing-header 0
drop log
-
policy-map type inspect ipv6 IPv6_PMAP match header type 0
drop log
-
policy-map type inspect ipv6-header HEADER_PMAP match header type 0
drop log
Answer: A
Question No: 267 – (Topic 4)
According to RFC 4890, which four ICMPv6 types are recommended to be allowed to transit a firewall? (Choose four.)
-
Type 1 – destination unreachable
-
Type 2 – packet too big
-
Type 3 – time exceeded
-
Type 0 – echo reply
-
Type 8 – echo request
-
Type 4 – parameter problem
Answer: A,B,C,F
Question No: 268 – (Topic 4)
Which three features are supported with ESP? (Choose three.)
-
ESP uses IP protocol 50.
-
ESP supports Layer 4 and above encryption only.
-
ESP provides confidentiality, data origin authentication, connectionless integrity, and antireplay service.
-
ESP supports tunnel or transport modes.
-
ESP has less overhead and is faster than the AH protocol.
-
ESP provides confidentiality, data origin authentication, connection-oriented integrity, and antireplay service.
Answer: A,C,D
Question No: 269 – (Topic 4)
Which statement about IPv6 is true?
-
Broadcast is available.
-
The address pool will never deplete.
-
Data security is natively supported through mandatory IPv6 extension headers for ESP and AH.
-
Increased NAT is required compared to IPv4.
-
IPv6 has fewer bits available for addressing than IPv4.
Answer: C
Question No: 270 – (Topic 4)
Which two pieces of information are communicated by the ASA failover link? (Choose two.)
-
unit state
-
connections State
-
routing tables
-
power status
-
MAC address exchange
Answer: A,E
100% Ensurepass Free Download!
–350-018 PDF
100% Ensurepass Free Guaranteed!
–350-018 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |