[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 371-380

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 371 – (Topic 4)

Which three statements about LDAP are true? (Choose three.)

  1. LDAP uses UDP port 389 by default.

  2. LDAP is defined in terms of ASN.1 and transmitted using BER.

  3. LDAP is used for accessing X.500 directory services.

  4. An LDAP directory entry is uniquely identified by its DN.

  5. A secure connection via TLS is established via the UseTLS operation.

Answer: B,C,D

Question No: 372 – (Topic 4)

What is the recommended network MACSec policy mode for high security deployments?

  1. should-secure

  2. must-not-secure

  3. must-secure

  4. monitor-only

  5. high-impact

Answer: C

Question No: 373 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which configuration is required to enable the exporter?

  1. Source Loopback0

  2. Cache timeout active 60

  3. Cache timeout inactive 60

  4. Next-hop address

Answer: A

Question No: 374 – (Topic 4)

Management Frame Protection is available in two deployment modes, Infrastructure and Client. Which three statements describe the differences between these modes? (Choose three.)

  1. Infrastructure mode appends a MIC to management frames.

  2. Client mode encrypts management frames.

  3. Infrastructure mode can detect and prevent common DoS attacks.

  4. Client mode can detect and prevent common DoS attacks.

  5. Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients.

Answer: A,B,D

Question No: 375 – (Topic 4)

MACsec, which is defined in 802.1AE, provides MAC-layer encryption over wired networks. Which two statements about MACsec are true? (Choose two.)

  1. Only links between network access devices and endpoint devices can be secured by using MACsec.

  2. MACsec is designed to support communications between network devices only.

  3. MACsec manages the encryption keys that the MKA protocol uses.

  4. A switch that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy that is associated with the client.

Answer: A,D

Question No: 376 – (Topic 4)

Which statement describes the computed authentication data in the AH protocol?

  1. The computed authentication data is never sent across.

  2. The computed authentication data is part of a new IP header.

  3. The computed authentication data is part of the AH header.

  4. The computed authentication data is part of the original IP header.

Answer: C

Question No: 377 – (Topic 4)

policy-map type inspect ipv6 IPv6-map match header routing-type range 0 255 drop

class-map outside-class match any

policy-map outside-policy class outside-class inspect ipv6 IPv6-map

service-policy outside-policy interface outside Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?

  1. policy-map type inspect ipv6 IPv6-map match ipv6 header

    count gt; 3

  2. policy-map outside-policy class outside-class

    inspect ipv6 header count gt 3

  3. class-map outside-class

    match ipv6 header count greater 3

  4. policy-map type inspect ipv6 IPv6-map match header count gt 3

drop

Answer: D

Question No: 378 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which option describes the behavior of this configuration?

  1. The packet will be dropped if received on the same interface that the router would use to forward return packet.

  2. The packet will be forwarded as long as it is in the routing table.

  3. The packet will be forwarded if received on the same interface that the router would use to forward return packet.

  4. Packet will be forwarded only if exists a default route for the return path.

Answer: C

Question No: 379 – (Topic 4)

Which statement about DNS is true?

  1. The client-server architecture is based on push-pull messages.

  2. Query and response messages have different format.

  3. In the DNS message header, the QR flag set to 1 indicates a query.

  4. In the DNS header, an Opcode value of 2 represents a server status request.

  5. In the DNS header, the Rcode value is set to 0 for format error.

Answer: D

Question No: 380 – (Topic 4)

Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)

  1. IKE ID_KEY_ID

  2. OU field in a certificate that is presented by a client

  3. XAUTH username

  4. hash of the OTP that is sent during XAUTH challenge/response

  5. IKE ID_IPV4_ADDR

Answer: A,B

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.