[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 261-270

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 261 – (Topic 4)

What does the Common Criteria (CC) standard define?

  1. The current list of Common Vulnerabilities and Exposures (CVEs)

  2. The U.S standards for encryption export regulations

  3. Tools to support the development of pivotal, forward-looking information system technologies

  4. The international standards for evaluating trust in information systems and products

  5. The international standards for privacy laws

  6. The standards for establishing a security incident response system

Answer: D

Question No: 262 – (Topic 4)

Which Cisco ASA feature can be used to update non-compliant antivirus/antispyware definition files on an AnyConnect client?

  1. dynamic access policies

  2. dynamic access policies with Host Scan and advanced endpoint assessment

  3. Cisco Secure Desktop

  4. advanced endpoint assessment

Answer: B

Question No: 263 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

With the client protected by the firewall, an HTTP connection from the client to the server

on TCP port 80 will be subject to which action?

  1. inspection action by the HTTP_CMAP

  2. inspection action by the TCP_CMAP

  3. drop action by the default class

  4. inspection action by both the HTTP_CMAP and TCP_CMAP

  5. pass action by the HTTP_CMAP

  6. drop action due to class-map misclassification

Answer: B

Question No: 264 – (Topic 4)

Which statement applies to Flexible NetFlow?

  1. Flexible NetFlow uses seven key fields in IP datagrams to identify the flow.

  2. Flexible NetFlow uses key fields of IP datagram to identify fields from which data is captured.

  3. User-defined flows can be defined in Flexible NetFlow.

  4. Flexible NetFlow cannot be used for billing and accounting applications.

  5. Flexible NetFlow does not have any predefined records.

Answer: C

Question No: 265 – (Topic 4)

Which two options best describe the authorization process as it relates to network access? (Choose two.)

  1. the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store

  2. the process of providing network access to the end user

  3. applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user

  4. the process of validating the provided credentials

Answer: B,C

Question No: 266 – (Topic 4)

The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.

  1. policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0

    drop log

  2. policy-map type inspect icmpv6 ICMPv6_PMAP match header routing-type eq 0

    drop log

  3. policy-map type inspect ipv6-header HEADER_PMAP match header routing-type eq 0

    drop log

  4. policy-map type inspect http HEADER_PMAP match routing-header 0

    drop log

  5. policy-map type inspect ipv6 IPv6_PMAP match header type 0

    drop log

  6. policy-map type inspect ipv6-header HEADER_PMAP match header type 0

drop log

Answer: A

Question No: 267 – (Topic 4)

According to RFC 4890, which four ICMPv6 types are recommended to be allowed to transit a firewall? (Choose four.)

  1. Type 1 – destination unreachable

  2. Type 2 – packet too big

  3. Type 3 – time exceeded

  4. Type 0 – echo reply

  5. Type 8 – echo request

  6. Type 4 – parameter problem

Answer: A,B,C,F

Question No: 268 – (Topic 4)

Which three features are supported with ESP? (Choose three.)

  1. ESP uses IP protocol 50.

  2. ESP supports Layer 4 and above encryption only.

  3. ESP provides confidentiality, data origin authentication, connectionless integrity, and antireplay service.

  4. ESP supports tunnel or transport modes.

  5. ESP has less overhead and is faster than the AH protocol.

  6. ESP provides confidentiality, data origin authentication, connection-oriented integrity, and antireplay service.

Answer: A,C,D

Question No: 269 – (Topic 4)

Which statement about IPv6 is true?

  1. Broadcast is available.

  2. The address pool will never deplete.

  3. Data security is natively supported through mandatory IPv6 extension headers for ESP and AH.

  4. Increased NAT is required compared to IPv4.

  5. IPv6 has fewer bits available for addressing than IPv4.

Answer: C

Question No: 270 – (Topic 4)

Which two pieces of information are communicated by the ASA failover link? (Choose two.)

  1. unit state

  2. connections State

  3. routing tables

  4. power status

  5. MAC address exchange

Answer: A,E

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.