Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 51-60

By | April 23, 2015

Ensurepass

 

QUESTION 51

Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant are able to authenticate, but clients without the supplicant are not able to use web authentication. Which configuration option will correct this issue?

 

A.

switch(config)# aaa accounting auth-proxy default start-stop group radius

B.

switch(config-if)# authentication host-mode multi-auth

C.

switch(config-if)# webauth

D.

switch(config)# ip http server

E.

switch(config-if)# authentication priority webauth dot1x

 

Correct Answer: D

 

 

QUESTION 52

Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?

 

A.

HTTP inspection

B.

static entries in the botnet blacklist and whitelist

C.

global ACL

D.

NetFlow

E.

DNS inspection and DNS snooping

 

Correct Answer: E

 

 

QUESTION 53

Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable web application identified by the “/runscript.php” URI is run?

 

A.

AIC HTTP

B.

Service HTTP

C.

String TCP

D.

Atomic IP

E.

META

F.

Multi-String

Correct Answer: B

 

 

QUESTION 54

Refer to the exhibit. Which statement about this Cisco Catalyst switch 802.1X configuration is true?

 

clip_image001

 

A.

If an IP phone behind the switch port has an 802.1X supplicant, MAC address bypass will still be used to authenticate the IP Phone.

B.

If an IP phone behind the switch port has an 802.1X supplicant, 802.1X authentication will be used to authenticate the IP phone.

C.

The authentication host-mode multi-domain command enables the PC connected behind the IP phone to bypass 802.1X authentication.

D.

Using the authentication host-mode multi-domain command will allow up to eight PCs connected behind the IP phone via a hub to be individually authentication using 802.1X.

 

Correct Answer: B

 

 

QUESTION 55

The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.

 

A.

policy-map type inspect ipv6 IPv6_PMAP

match header routing-type eq 0

drop log

B.

policy-map type inspect icmpv6 ICMPv6_PMAP

match header routing-type eq 0

drop log

C.

policy-map type inspect ipv6-header HEADER_PMAP

match header routing-type eq 0

drop log

D.

policy-map type inspect http HEADER_PMAP

match routing-header 0

drop log

E.

policy-map type inspect ipv6 IPv6_PMAP

match header type 0

drop log

F.

policy-map type inspect ipv6-header HEADER_PMAP

match header type 0

drop log

 

Correct Answer: A

 

 

QUESTION 56

Refer to the exhibit. With the client protected by the firewall, an HTTP connection from the client to the server on TCP port 80 will be subject to which action?

 

clip_image003

 

A.

inspection action by the HTTP_CMAP

B.

inspection action by the TCP_CMAP

C.

drop action by the default class

D.

inspection action by both the HTTP_CMAP and TCP_CMAP

E.

pass action by the HTTP_CMAP

F.

drop action due to class-map misclassification

 

Correct Answer: B

 

 

QUESTION 57

Refer to the exhibit. Which route will be advertised by the Cisco ASA to its OSPF neighbors?

 

clip_image004

 

A.

10.39.23.0/24

B.

10.40.29.0/24

C.

10.66.42.215/32

D.

10.40.29.0/24

 

Correct Answer: A

 

 

QUESTION 58

Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)

 

A.

range of IP addresses

B.

subnet of IP addresses

C.

destination IP NAT translation

D.

source IP NAT translation

E.

source and destination FQDNs

F.

port and protocol ranges

 

Correct Answer: ABD

 

 

QUESTION 59

Regarding VSAs, which statement is true?

 

A.

VSAs may be implemented on any RADIUS server.

B.

VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor.

For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.

C.

VSAs do not apply to RADIUS; they are a TACACS attribute.

D.

Each VSA is defined in an RFC and is considered to be a standard.

 

Correct Answer: A

 

 

QUESTION 60

Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)

 

A.

Microsoft Windows registry keys

B.

the existence of specific processes in memory

C.

the UUID of an Apple iPad or iPhone

D.

if a service is started on a Windows host

E.

the HTTP User-Agent string of a device

F.

if an Apple iPad or iPhone has been “jail-broken”

G.

if an antivirus application is installed on an Apple MacBook

 

Correct Answer: ABDG

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …