Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!
CCIE Security Exam (v4.1)
Question No: 231 – (Topic 4)
Which three NAT types support bidirectional traffic initiation? (Choose three.)
-
static NAT
-
NAT exemption
-
policy NAT with nat/global
-
static PAT
-
identity NAT
Answer: A,B,D
Question No: 232 – (Topic 4)
Which three security features were introduced with the SNMPv3 protocol? (Choose three.)
-
Message integrity, which ensures that a packet has not been tampered with in-transit
-
DoS prevention, which ensures that the device cannot be impacted by SNMP buffer overflow
-
Authentication, which ensures that the message is from a valid source
-
Authorization, which allows access to certain data sections for certain authorized users
-
Digital certificates, which ensure nonrepudiation of authentications
-
Encryption of the packet to prevent it from being seen by an unauthorized source
Answer: A,C,F
Question No: 233 – (Topic 4)
error: % Invalid input detected at #39;^#39; marker.
Above error is received when generating RSA keys for SSH access on a router using the crypto key generate rsa command. What are the reasons for this error? (Choose two.)
-
The hostname must be configured before generating RSA keys.
-
The image that is used on the router does not support the crypto key generate rsa command.
-
The command has been used with incorrect syntax.
-
The crypto key generate rsa command is used to configure SSHv2, which is not supported on Cisco IOS devices.
Answer: B,C
Question No: 234 – (Topic 4)
Refer to the exhibit.
Which message of the ISAKMP exchange is failing?
-
main mode 1
-
main mode 3
-
aggressive mode 1
-
main mode 5
-
aggressive mode 2
Answer: B
Question No: 235 – (Topic 4)
Which three new capabilities were added to HTTP v1.1 over HTTP v1.0? (Choose three.)
-
chunked transfer encoding
-
HTTP pipelining
-
POST method
-
HTTP cookies
-
keepalive mechanism
Answer: A,B,E
Question No: 236 – (Topic 4)
If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be
configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)
-
Configure the Call Station ID Type to bE. quot;IP Addressquot;.
-
Configure the Call Station ID Type to bE. quot;System MAC Addressquot;.
-
Configure the Call Station ID Type to bE. quot;MAC and IP Addressquot;.
-
Enable DHCP Proxy.
-
Disable DHCP Proxy.
Answer: B,E
Question No: 237 – (Topic 4)
Which algorithm is used to generate the IKEv2 session key?
-
Diffie-Hellman
-
Rivest, Shamir, and Adleman
-
Secure Hash Algorithm
-
Rivest Cipher 4
Answer: A
Question No: 238 – (Topic 4)
Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)
-
PEAP
-
EAP-TLS
-
EAP-FAST
-
EAP-TTLS
-
EAPOL
-
EAP-RADIUS
-
EAP-MD5
Answer: A,B,C,D
Question No: 239 – (Topic 4)
What entities decrypt a transmission sent by a GDOI group member?
-
all group members
-
the key server only
-
the peer that is indicated by the key server
-
the key server and the peer that is indicated by the key server
Answer: A
Question No: 240 – (Topic 4)
Which three multicast features are supported on the Cisco ASA? (Choose three.)
-
PIM sparse mode?
-
IGMP forwarding?
-
Auto-RP
-
NAT of multicast traffic?
Answer: A,B,D
100% Ensurepass Free Download!
–Download Free Demo:350-018 Demo PDF
100% Ensurepass Free Guaranteed!
–350-018 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |