Category: 350-018 Dumps

QUESTION 71
Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)

A.    Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription
B.    Cisco ISR G2 Router with SECK9 and ScanSafe subscription
C.    Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers
D.    Cisco Web Security Appliance with ScanSafe subscription

Answer: BC

» Read more

QUESTION 61
Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?

A.    The global access list is matched first before the interface access lists.
B.    Both the interface and global access lists can be applied in the input or output direction.
C.    When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing
“global” as the interface will apply the access list entry globally.
D.    NAT control is enabled by default.
E.    The static CLI command is used to configure static NAT translation rules.

Answer: A

» Read more

QUESTION 51
Which three nonproprietary EAP methods do not require the use of a client-side certificate for mutual authentication? (Choose three.)

A.    LEAP
B.    EAP-TLS
C.    PEAP
D.    EAP-TTLS
E.    EAP-FAST

Answer: CDE

» Read more

QUESTION 41
Which of the following best describes Chain of Evidence in the context of security forensics?

A.    Evidence is locked down, but not necessarily authenticated.
B.    Evidence is controlled and accounted for to maintain its authenticity and integrity.
C.    The general whereabouts of evidence is known.
D.    Someone knows where the evidence is and can say who had it if it is not logged.

Answer: B

» Read more

QUESTION 31
Refer to the exhibit. Which statement about this Cisco Catalyst switch 802.1X configuration is true?

A.    If an IP phone behind the switch port has an 802.1X supplicant, MAC address bypass will still be
used to authenticate the IP Phone.
B.    If an IP phone behind the switch port has an 802.1X supplicant, 802.1X authentication will be used
to authenticate the IP phone.
C.    The authentication host-mode multi-domain command enables the PC connected behind the IP
phone to bypass 802.1X authentication.
D.    Using the authentication host-mode multi-domain command will allow up to eight PCs connected
behind the IP phone via a hub to be individually authentication using 802.1X.

Answer: B

» Read more

QUESTION 21
An attacker configures an access point to broadcast the same SSID that is used at a public hot- spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker.
In addition to the deauthentication attack, what attack has been launched?

A.    man-in-the-middle
B.    MAC spoofing
C.    Layer 1 DoS
D.    disassociation attack

Answer: A

» Read more

QUESTION 11
IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)

A.    Send
B.    Mobile IPv6
C.    site-to-site virtual interfaces
D.    OSPFv3
E.    CAPWAP
F.    LWAPP

Answer: BCD

» Read more

QUESTION 1
Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)

A.    update
B.    query
C.    reply
D.    hello
E.    acknowledgement

Answer: DE

» Read more