Pass Your 350-018 Certification Exam Easily With Passleader’s 350-018 Study Materials (21-40)

QUESTION 21
An attacker configures an access point to
broadcast the same SSID that is used at a public hot- spot, and launches a
deauthentication attack against the clients that are connected to the hot-spot,
with the hope that the clients will then associate to the AP of the attacker. In
addition to the deauthentication attack, what attack has been launched?

A.    man-in-the-middle
B.    MAC spoofing
C.    Layer 1
DoS
D.    disassociation attack

Answer: A

QUESTION 22
Which statement best describes the concepts of
rootkits and privilege escalation?

A.    Rootkits propagate themselves.
B.    Privilege
escalation is the result of a rootkit.
C.    Rootkits are a result of a
privilege escalation.
D.    Both of these require a TCP port to gain
access.

Answer: B

QUESTION 23
Which multicast capability is not supported by
the Cisco ASA appliance?

A.    ASA configured as a rendezvous point
B.    sending
multicast traffic across a VPN tunnel
C.    NAT of multicast traffic
D.    IGMP forwarding (stub) mode

Answer: B

QUESTION 24
Which method of output queuing is supported on
the Cisco ASA appliance?

A.    CBWFQ
B.    priority queuing
C.    MDRR
D.    WFQ
E.    custom queuing

Answer: B

QUESTION 25
Which four values can be used by the Cisco IPS
appliance in the risk rating calculation? (Choose four.)

A.    attack severity rating
B.    target value
rating
C.    signature fidelity rating
D.    promiscuous delta
E.    threat rating
F.    alert rating

Answer: ABCD

QUESTION 26
Which three authentication methods does the
Cisco IBNS Flexible Authentication feature support? (Choose three.)

A.    cut-through proxy
B.    dot1x
C.    MAB
D.    SSO
E.    web authentication

Answer: BCE

QUESTION 27
Troubleshooting the web authentication fallback
feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant
are able to authenticate, but clients without the supplicant are not able to use
web authentication. Which configuration option will correct this issue?

A.    switch(config)# aaa accounting auth-proxy default
start-stop group radius
B.    switch(config-if)# authentication host-mode
multi-auth
C.    switch(config-if)# webauth
D.    switch(config)# ip http
server
E.    switch(config-if)# authentication priority webauth dot1x

Answer: D

QUESTION 28
Which option on the Cisco ASA appliance must be
enabled when implementing botnet traffic filtering?

A.    HTTP inspection
B.    static entries in the botnet
blacklist and whitelist
C.    global ACL
D.    NetFlow
E.    DNS
inspection and DNS snooping

Answer: E

QUESTION 29
Which signature engine is used to create a
custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable
web application identified by the “/runscript.php” URI is run?

A.    AIC HTTP
B.    Service HTTP
C.    String
TCP
D.    Atomic IP
E.    META
F.    Multi-String

Answer: B

QUESTION 30
With the Cisco FlexVPN solution, which four VPN
deployments are supported? (Choose four.)

A.    site-to-site IPsec tunnels?
B.    dynamic
spoke-to-spoke IPSec tunnels? (partial mesh)
C.    remote access from
software or hardware IPsec clients?
D.    distributed full mesh IPsec
tunnels?
E.    IPsec group encryption using GDOI?
F.    hub-and-spoke
IPsec tunnels?

Answer: ABCF


Pass Your 350-018 Certification Exam Easily With Passleader's 350-018 Study Materials

http://www.passleader.com/350-018.html

QUESTION 31
Which four techniques can you use for IP
management plane security? (Choose four.)

A.    Management Plane Protection
B.    uRPF
C.    strong
passwords
D.    RBAC
E.    SNMP security measures
F.    MD5
authentication

Answer: ACDE

QUESTION 32
Which three statements about remotely triggered
black hole filtering are true? (Choose three.)

A.    It filters undesirable traffic.
B.    It uses BGP or
OSPF to trigger a network-wide remotely controlled response to attacks.
C.    It provides a rapid-response technique that can be used in handling
security-related events and incidents.
D.    It requires uRPF.

Answer: ACD

QUESTION 33
Which three statements about Cisco Flexible
NetFlow are true? (Choose three.)

A.    The packet information used to create flows is not
configurable by the user.
B.    It supports IPv4 and IPv6 packet
fields.
C.    It tracks all fields of an IPv4 header as well as sections of
the data payload.
D.    It uses two types of flow cache, normal and
permanent.
E.    It can be a useful tool in monitoring the network for
attacks.

Answer: BCE

QUESTION 34
During a computer security forensic
investigation, a laptop computer is retrieved that requires content analysis and
information retrieval. Which file system is on it, assuming it has the default
installation of Microsoft Windows Vista operating system?

A.    HSFS
B.    WinFS
C.    NTFS
D.    FAT
E.    FAT32

Answer: C

QUESTION 35
Which three statements about the IANA are true?
(Choose three.)

A.    IANA is a department that is operated by the
IETF.
B.    IANA oversees global IP address allocation.
C.    IANA managed
the root zone in the DNS.
D.    IANA is administered by the ICANN.
E.    IANA defines URI schemes for use on the Internet.

Answer: BCD

QUESTION 36
What does the Common Criteria (CC) standard
define?

A.    The current list of Common Vulnerabilities and Exposures
(CVEs)
B.    The U.S standards for encryption export regulations
C.    Tools to support the development of pivotal, forward-looking information system
technologies
D.    The international standards for evaluating trust in
information systems and products
E.    The international standards for
privacy laws
F.    The standards for establishing a security incident
response system

Answer: D

QUESTION 37
Which three types of information could be used
during the incident response investigation phase? (Choose three.)

A.    netflow data
B.    SNMP alerts
C.    encryption
policy
D.    syslog output
E.    IT compliance reports

Answer: ABD

QUESTION 38
Which of the following best describes Chain of
Evidence in the context of security forensics?

A.    Evidence is locked down, but not necessarily
authenticated.
B.    Evidence is controlled and accounted for to maintain its
authenticity and integrity.
C.    The general whereabouts of evidence is
known.
D.    Someone knows where the evidence is and can say who had it if it
is not logged.

Answer: B

QUESTION 39
Which option is a benefit of implementing RFC
2827?

A.    prevents DoS from legitimate, non-hostile end
systems
B.    prevents disruption of special services such as Mobile
IP
C.    defeats DoS attacks which employ IP source address spoofing
D.    restricts directed broadcasts at the ingress router
E.    allows DHCP or
BOOTP packets to reach the relay agents as appropriate

Answer: C

QUESTION 40
Which of the following provides the features of
route summarization, assignment of contiguous blocks of addresses, and combining
routes for multiple classful networks into a single route?

A.    classless interdomain routing
B.    route
summarization
C.    supernetting
D.    private IP addressing

Answer: A


Pass Your 350-018 Certification Exam Easily With Passleader's 350-018 Study Materials

http://www.passleader.com/350-018.html