[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 381-390

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 381 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.

  1. stateful failover using active-active for multi-context

  2. stateful failover using active-standby for multi-context

  3. stateful failover using active-standby for single-context

  4. stateless failover using interface-level failover for multi-context

Answer: A

Question No: 382 – (Topic 4)

A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes 20 B of IP header, which statement is true considering the most efficient way to transmit this PDU?

  1. The first three packets will have a packet payload size of 1400.

  2. The last packet will have a payload size of 560.

  3. The first three packets will have a packet payload size of 1480.

  4. The last packet will have a payload size of 20.

Answer: C

Question No: 383 – (Topic 4)

Which configuration is the correct way to change a GET VPN Key Encryption Key lifetime to 10800 seconds on the key server?

  1. crypto isakmp policy 1 lifetime 10800

  2. crypto ipsec security-association lifetime? seconds 10800

  3. crypto ipsec profile getvpn-profile

    set security-association lifetime seconds 10800

    !

    crypto gdoi group GET-Group identity number 1234

    server local sa ipsec 1

    profile getvpn-profile

  4. ?crypto gdoi group GET-Group identity number 1234

    server local

    rekey lifetime seconds 10800

  5. crypto gdoi group GET-Group identity number 1234

server local

set security-association lifetime seconds 10800

Answer: D

Question No: 384 – (Topic 4)

What is the purpose of the SPI field in an IPsec packet?

  1. identifies a transmission channel

  2. provides anti-replay protection

  3. ensures data integrity

  4. contains a shared session key

Answer: A

Question No: 385 – (Topic 4)

What feature on the Cisco ASA is used to check for the presence of an up-to-date antivirus vendor on an AnyConnect client?

  1. Dynamic Access Policies with no additional options

  2. Dynamic Access Policies with Host Scan enabled

  3. advanced endpoint assessment

  4. LDAP attribute maps obtained from Antivirus vendor

Answer: B

Question No: 386 – (Topic 4)

Which transport type is used by the DHCP protocol?

  1. UDP ports 67 and 69

  2. TCP ports 67 and 68

  3. UDP and TCP port 67

  4. UDP ports 67 and 68

Answer: D

Question No: 387 – (Topic 4)

crypto isakmp profile vpn1 vrf vpn1

keyring vpn1

match identity address 172.16.1.1 255.255.255.255 crypto map crypmap 1 ipsec-isakmp

set peer 172.16.1.1 set transform-set vpn1

set isakmp-profile vpn1 match address 101

!

interface Ethernet1/2 crypto map crypmap

Which statements apply to the above configuration? (Choose two.)

  1. This configuration shows the VRF-Aware IPsec feature that is used to map the crypto ISAKMP profile to a specific VRF.

  2. VRF and ISAKMP profiles are mutually exclusive, so the configuration is invalid.

  3. An IPsec tunnel can be mapped to a VRF instance.

  4. Peer command under the crypto map is redundant and not required.

Answer: A,C

Question No: 388 – (Topic 4)

What is the purpose of the BGP TTL security check?

  1. The BGP TTL security check is used for iBGP session.

  2. The BGP TTL security check protects against CPU utilization-based attacks.

  3. The BGP TTL security check checks for a TTL value in packet header of less than or equal to for successful peering.

  4. The BGP TTL security check authenticates a peer.

  5. The BGP TTL security check protects against routing table corruption.

Answer: B

Question No: 389 – (Topic 4)

Which two statements about SNMP are true? (Choose two)

  1. SNMP operates at Layer-6 of the OSI model.

  2. NMS sends a request to the agent at TCP port 161.

  3. NMS sends request to the agent from any source port.

  4. NMS receives notifications from the agent on UDP 162.

  5. MIB is a hierarchical representation of management data on NMS.

Answer: C,D

Question No: 390 – (Topic 4)

Which three options are components of Mobile IPv6? (Choose three.)

  1. home agent

  2. correspondent node

  3. mobile node

  4. binding node

  5. discovery probe

Answer: A,B,C

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.