New Published PassLeader 350-018 Exam VCE File Ended The Finally Difficult For Passing Exam (61-80)

QUESTION 61
Which three statements are true about objects
and object groups on a Cisco ASA appliance that is running Software Version 8.4
or later? (Choose three.)

A.    TCP, UDP, ICMP, and ICMPv6 are supported service object
protocol types.
B.    IPv6 object nesting is supported.
C.    Network
objects support IPv4 and IPv6 addresses.
D.    Objects are not supported in
transparent mode.
E.    Objects are supported in single- and multiple-context
firewall modes.

Answer: ACE

QUESTION 62
Which command is used to replicate HTTP
connections from the Active to the Standby Cisco ASA appliance in failover?

A.    monitor-interface http
B.    failover link fover
replicate http
C.    failover replication http
D.    interface fover
replicate http standby
E.    No command is needed, as this is the default
behavior.

Answer: C

QUESTION 63
Which C3PL configuration component is used to
tune the inspection timers such as setting the tcp idle-time and tcp
synwait-time on the Cisco ZBFW?

A.    class-map type inspect
B.    parameter-map type
inspect
C.    service-policy type inspect
D.    policy-map type inspect
tcp
E.    inspect-map type tcp

Answer: B

QUESTION 64
Which three NAT types support bidirectional
traffic initiation? (Choose three.)

A.    static NAT
B.    NAT exemption
C.    policy NAT
with nat/global
D.    static PAT
E.    identity NAT

Answer: ABD

QUESTION 65
Which IPS module can be installed on the Cisco
ASA 5520 appliance?

A.    IPS-AIM
B.    AIP-SSM
C.    AIP-SSC
D.    NME-IPS-K9
E.    IDSM-2

Answer: B

QUESTION 66
Which two options best describe the
authorization process as it relates to network access? (Choose two.)

A.    the process of identifying the validity of a certificate,
and validating specific fields in the certificate against an identity
store
B.    the process of providing network access to the end user
C.    applying enforcement controls, such as downloadable ACLs and VLAN assignment, to
the network access session of a user
D.    the process of validating the
provided credentials

Answer: BC

QUESTION 67
If ISE is not Layer 2 adjacent to the Wireless
LAN Controller, which two options should be configured on the Wireless LAN
Controller to profile wireless endpoints accurately? (Choose two.)

A.    Configure the Call Station ID Type to be: “IP
Address”.
B.    Configure the Call Station ID Type to be: “System MAC
Address”.
C.    Configure the Call Station ID Type to be: “MAC and IP
Address”.
D.    Enable DHCP Proxy.
E.    Disable DHCP Proxy.

Answer: BE

QUESTION 68
Which two methods are used for forwarding
traffic to the Cisco ScanSafe Web Security service? (Choose two.)

A.    Cisco AnyConnect VPN Client with Web Security and
ScanSafe subscription
B.    Cisco ISR G2 Router with SECK9 and ScanSafe
subscription
C.    Cisco ASA adaptive security appliance using DNAT policies
to forward traffic to ScanSafe subscription servers
D.    Cisco Web Security
Appliance with ScanSafe subscription

Answer: BC

QUESTION 69
Which four statements about SeND for IPv6 are
correct? (Choose four.)

A.    It protects against rogue RAs.
B.    NDP exchanges are
protected by IPsec SAs and provide for anti-replay.
C.    It defines secure
extensions for NDP.
D.    It authorizes routers to advertise certain
prefixes.
E.    It provides a method for secure default router election on
hosts.
F.    Neighbor identity protection is provided by Cryptographically
Generated Addresses that are derived from a Diffie-Hellman key
exchange.
G.    It is facilitated by the Certification Path Request and
Certification Path Response ND messages.

Answer: ACDE

QUESTION 70
What is the recommended network MACSec policy
mode for high security deployments?

A.    should-secure
B.    must-not-secure
C.    must-secure
D.    monitor-only
E.    high-impact

Answer: A


PassLeader[17]

http://www.passleader.com/350-018.html

QUESTION 71
Which three statements about NetFlow version 9
are correct? (Choose three.)

A.    It is backward-compatible with versions 8 and 5.
B.    Version 9 is dependent on the underlying transport; only UDP is
supported.
C.    A version 9 export packet consists of a packet header and
flow sets.
D.    Generating and maintaining valid template flow sets requires
additional processing.
E.    NetFlow version 9 does not access the NetFlow
cache entry directly.

Answer: CDE

QUESTION 72
Which three statements about VXLANs are true?
(Choose three.)

A.    It requires that IP protocol 8472 be opened to allow
traffic through a firewall.
B.    Layer 2 frames are encapsulated in IP,
using a VXLAN ID to identify the source VM.
C.    A VXLAN gateway maps VXLAN
IDs to VLAN IDs.
D.    IGMP join messages are sent by new VMs to determine
the VXLAN multicast IP.
E.    A VXLAN ID is a 32-bit value.

Answer: BCD

QUESTION 73
Which two identifiers are used by a Cisco Easy
VPN Server to reference the correct group policy information for connecting a
Cisco Easy VPN Client? (Choose two.)

A.    IKE ID_KEY_ID
B.    OU field in a certificate that is
presented by a client
C.    XAUTH username
D.    hash of the OTP that is
sent during XAUTH challenge/response
E.    IKE ID_IPV4_ADDR

Answer: AB

QUESTION 74
Which multicast routing mechanism is optimal to
support many-to-many multicast applications?

A.    PIM-SM
B.    MOSPF
C.    DVMRP
D.    BIDIR-PIM
E.    MSDP

Answer: D

QUESTION 75
Which three statements regarding VLANs are true?
(Choose three.)

A.    To create a new VLAN on a Cisco Catalyst switch, the VLAN
name, VLAN ID and VLAN type must all be specifically configured by the
administrator.
B.    A VLAN is a broadcast domain.
C.    Each VLAN must
have an SVI configured on the Cisco Catalyst switch for it to be
operational.
D.    The native VLAN is used for untagged traffic on an 802.1Q
trunk.
E.    VLANs can be connected across wide-area networks.

Answer: BDE

QUESTION 76
Which technology, configured on the Cisco ASA,
allows Active Directory authentication credentials to be applied automatically
to web forms that require authentication for clientless SSL connections?

A.    one-time passwords
B.    certificate
authentication
C.    user credentials obtained during authentication
D.    Kerberos authentication

Answer: C

QUESTION 77
In what subnet does address 192.168.23.197/27
reside?

A.    192.168.23.0
B.    192.168.23.128
C.    192.168.23.160
D.    192.168.23.192
E.    192.168.23.196

Answer: D

QUESTION 78
Given the IPv4 address 10.10.100.16, which two
addresses are valid IPv4-compatible IPv6 addresses? (Choose two.)

A.    :::A:A:64:10
B.    ::10:10:100:16
C.    0:0:0:0:0:10:10:100:16
D.    0:0:10:10:100:16:0:0:0

Answer: BC

QUESTION 79
What is the size of a point-to-point GRE header,
and what is the protocol number at the IP layer?

A.    8 bytes, and protocol number 74
B.    4 bytes, and
protocol number 47
C.    2 bytes, and protocol number 71
D.    24 bytes,
and protocol number 1
E.    8 bytes, and protocol number 47

Answer: B

QUESTION 80
When implementing WLAN security, what are three
benefits of using the TKIP instead of WEP? (Choose three.)

A.    TKIP uses an advanced encryption scheme based on
AES.
B.    TKIP provides authentication and integrity checking using
CBC-MAC.
C.    TKIP provides per-packet keying and a rekeying
mechanism.
D.    TKIP provides message integrity check.
E.    TKIP reduces
WEP vulnerabilities by using a different hardware encryption chipset.
F.    TKIP uses a 48-bit initialization vector.

Answer: CDF


New Published PassLeader 350-018 Exam VCE File Ended The Finally Difficult For Passing Exam

http://www.passleader.com/350-018.html