350-018 braindump : May 2016 Edition

Verified of 350-018 practice materials and dumps for Cisco certification for IT candidates, Real Success Guaranteed with Updated 350-018 pdf dumps vce Materials. 100% PASS CCIE Pre-Qualification Test for Security exam Today!

2016 May 350-018 Study Guide Questions:

Q1. A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue? 

A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client. 

B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client. 

C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client. 

D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client. 

E. The Cisco Easy VPN client machine needs to have multiple NICs to support this. 

Answer: B 


Q2. Refer to the exhibit. 


Which statement about the exhibit is true? 

A. The tunnel configuration is incomplete and the DMVPN session will fail between R1 and R2. 

B. IPsec phase-2 will fail to negotiate due to a mismatch in parameters. 

C. A DMVPN session will establish between R1 and R2 provided that the BGP and EIGRP configurations are correct. 

D. A DMVPN session will establish between R1 and R2 provided that the BGP configuration is correct. 

E. A DMVPN session will fail to establish because R2 is missing the ISAKMP peer address. 

Answer: C 


Q3. Which Cisco IOS IPS signature action denies an attacker session using the dynamic access list? 

A. produce-alert 

B. deny-attacker-inline 

C. deny-connection-inline 

D. reset-tcp-action 

E. deny-session-inline 

F. deny-packet-inline 

Answer: C 


350-018  practice

Replace testking 350-018 latest version:

Q4. Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.) 

A. TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types. 

B. IPv6 object nesting is supported. 

C. Network objects support IPv4 and IPv6 addresses. 

D. Objects are not supported in transparent mode. 

E. Objects are supported in single- and multiple-context firewall modes. 

Answer: ACE 


Q5. Which statement about the Firewalk attack is true? 

A. The firewall attack is used to discover hosts behind firewall device. 

B. The firewall attack uses ICMP sweep to find expected hosts behind the firewall. 

C. The firewall attack uses traceroute with a predetermined TTL value to discover hosts behind the firewall. 

D. The firewall attack is used to find the vulnerability in the Cisco IOS firewall code. 

E. The firewall attack uses an ICMP echo message to discover firewall misconfiguration. 

Answer: C 


Q6. Given the IPv4 address 10.10.100.16, which two addresses are valid IPv4-compatible IPv6 addresses? (Choose two.) 

A. :::A:A:64:10 

B. ::10:10:100:16 

C. 0:0:0:0:0:10:10:100:16 

D. 0:0:10:10:100:16:0:0:0 

Answer: BC 


350-018  practice

Actual cbt nuggets 350-018:

Q7. Which three statements are true about DES? (Choose three.) 

A. A 56-bit key is used to encrypt 56-bit blocks of plaintext. 

B. A 56-bit key is used to encrypt 64-bit blocks of plaintext. 

C. Each block of plaintext is processed through 16 rounds of identical operations. 

D. Each block of plaintext is processed through 64 rounds of identical operations. 

E. ECB, CBC, and CBF are modes of DES. 

F. Each Block of plaintext is processed through 8 rounds of identical operations. 

G. CTR, CBC, and OFB are modes of DES. 

Answer: BCE 


Q8. Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.) 

A. confidentiality and integrity of customer records and credit card information 

B. accountability in the event of corporate fraud 

C. financial information handled by entities such as banks, and mortgage and insurance brokers 

D. assurance of the accuracy of financial records 

E. US Federal government information 

F. security standards that protect healthcare patient data 

Answer: BD 


Q9. With ASM, sources can launch attacks by sending traffic to any groups that are supported by an active RP. Such traffic might not reach a receiver but will reach at least the first-hop router in the path, as well as the RP, allowing limited attacks. However, if the attacking source knows a group to which a target receiver is listening and there are no appropriate filters in place, then the attacking source can send traffic to that group. This traffic is received as long as the attacking source is listening to the group. 

Based on the above description, which type of security threat is involved? 

A. DoS 

B. man-in-the-middle 

C. compromised key 

D. data modification 

Answer: A 


Q10. Which three options are extension headers that are implemented in IPv6? (Choose three.) 

A. Routing Header. 

B. Generic Tunnel Header. 

C. Quality of Service Header. 

D. Fragment Header. 

E. Encapsulating Security Payload Header. 

F. Path MTU Discovery Header. 

Answer: ADE 



see more 350-018 dumps