Which three statements are true about objects
and object groups on a Cisco ASA appliance that is running Software Version 8.4
or later? (Choose three.)
A. TCP, UDP, ICMP, and ICMPv6 are supported service object
B. IPv6 object nesting is supported.
objects support IPv4 and IPv6 addresses.
D. Objects are not supported in
E. Objects are supported in single- and multiple-context
Which command is used to replicate HTTP
connections from the Active to the Standby Cisco ASA appliance in failover?
A. monitor-interface http
B. failover link fover
C. failover replication http
D. interface fover
replicate http standby
E. No command is needed, as this is the default
Which C3PL configuration component is used to
tune the inspection timers such as setting the tcp idle-time and tcp
synwait-time on the Cisco ZBFW?
A. class-map type inspect
B. parameter-map type
C. service-policy type inspect
D. policy-map type inspect
E. inspect-map type tcp
Which three NAT types support bidirectional
traffic initiation? (Choose three.)
A. static NAT
B. NAT exemption
C. policy NAT
D. static PAT
E. identity NAT
Which IPS module can be installed on the Cisco
ASA 5520 appliance?
Which two options best describe the
authorization process as it relates to network access? (Choose two.)
A. the process of identifying the validity of a certificate,
and validating specific fields in the certificate against an identity
B. the process of providing network access to the end user
C. applying enforcement controls, such as downloadable ACLs and VLAN assignment, to
the network access session of a user
D. the process of validating the
If ISE is not Layer 2 adjacent to the Wireless
LAN Controller, which two options should be configured on the Wireless LAN
Controller to profile wireless endpoints accurately? (Choose two.)
A. Configure the Call Station ID Type to be: “IP
B. Configure the Call Station ID Type to be: “System MAC
C. Configure the Call Station ID Type to be: “MAC and IP
D. Enable DHCP Proxy.
E. Disable DHCP Proxy.
Which two methods are used for forwarding
traffic to the Cisco ScanSafe Web Security service? (Choose two.)
A. Cisco AnyConnect VPN Client with Web Security and
B. Cisco ISR G2 Router with SECK9 and ScanSafe
C. Cisco ASA adaptive security appliance using DNAT policies
to forward traffic to ScanSafe subscription servers
D. Cisco Web Security
Appliance with ScanSafe subscription
Which four statements about SeND for IPv6 are
correct? (Choose four.)
A. It protects against rogue RAs.
B. NDP exchanges are
protected by IPsec SAs and provide for anti-replay.
C. It defines secure
extensions for NDP.
D. It authorizes routers to advertise certain
E. It provides a method for secure default router election on
F. Neighbor identity protection is provided by Cryptographically
Generated Addresses that are derived from a Diffie-Hellman key
G. It is facilitated by the Certification Path Request and
Certification Path Response ND messages.
What is the recommended network MACSec policy
mode for high security deployments?
Which three statements about NetFlow version 9
are correct? (Choose three.)
A. It is backward-compatible with versions 8 and 5.
B. Version 9 is dependent on the underlying transport; only UDP is
C. A version 9 export packet consists of a packet header and
D. Generating and maintaining valid template flow sets requires
E. NetFlow version 9 does not access the NetFlow
cache entry directly.
Which three statements about VXLANs are true?
A. It requires that IP protocol 8472 be opened to allow
traffic through a firewall.
B. Layer 2 frames are encapsulated in IP,
using a VXLAN ID to identify the source VM.
C. A VXLAN gateway maps VXLAN
IDs to VLAN IDs.
D. IGMP join messages are sent by new VMs to determine
the VXLAN multicast IP.
E. A VXLAN ID is a 32-bit value.
Which two identifiers are used by a Cisco Easy
VPN Server to reference the correct group policy information for connecting a
Cisco Easy VPN Client? (Choose two.)
A. IKE ID_KEY_ID
B. OU field in a certificate that is
presented by a client
C. XAUTH username
D. hash of the OTP that is
sent during XAUTH challenge/response
E. IKE ID_IPV4_ADDR
Which multicast routing mechanism is optimal to
support many-to-many multicast applications?
Which three statements regarding VLANs are true?
A. To create a new VLAN on a Cisco Catalyst switch, the VLAN
name, VLAN ID and VLAN type must all be specifically configured by the
B. A VLAN is a broadcast domain.
C. Each VLAN must
have an SVI configured on the Cisco Catalyst switch for it to be
D. The native VLAN is used for untagged traffic on an 802.1Q
E. VLANs can be connected across wide-area networks.
Which technology, configured on the Cisco ASA,
allows Active Directory authentication credentials to be applied automatically
to web forms that require authentication for clientless SSL connections?
A. one-time passwords
C. user credentials obtained during authentication
D. Kerberos authentication
In what subnet does address 192.168.23.197/27
Given the IPv4 address 10.10.100.16, which two
addresses are valid IPv4-compatible IPv6 addresses? (Choose two.)
What is the size of a point-to-point GRE header,
and what is the protocol number at the IP layer?
A. 8 bytes, and protocol number 74
B. 4 bytes, and
protocol number 47
C. 2 bytes, and protocol number 71
D. 24 bytes,
and protocol number 1
E. 8 bytes, and protocol number 47
When implementing WLAN security, what are three
benefits of using the TKIP instead of WEP? (Choose three.)
A. TKIP uses an advanced encryption scheme based on
B. TKIP provides authentication and integrity checking using
C. TKIP provides per-packet keying and a rekeying
D. TKIP provides message integrity check.
E. TKIP reduces
WEP vulnerabilities by using a different hardware encryption chipset.
F. TKIP uses a 48-bit initialization vector.
New Published PassLeader 350-018 Exam VCE File Ended The Finally Difficult For Passing Exam