Download New Updated (Spring 2015) Cisco 350-018 Actual Tests 91-100

By | April 23, 2015

Ensurepass

 

QUESTION 91

Which three statements are true about PIM-SM operations? (Choose three.)

 

A.

PIM-SM supports RP configuration using static RP, Auto-RP, or BSR.

B.

PIM-SM uses a shared tree that is rooted at the multicast source.

C.

Different RPs can be configured for different multicast groups to increase RP scalability.

D.

Candidate RPs and RP mapping agents are configured to enable Auto-RP.

E.

PIM-SM uses the implicit join model.

 

Correct Answer: ACD

 

 

QUESTION 92

An IPv6 multicast receiver joins an IPv6 multicast group using which mechanism?

 

A.

IGMPv3 report

B.

IGMPv3 join

C.

MLD report

D.

general query

E.

PIM join

 

Correct Answer: C

 

 

QUESTION 93

Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?

 

A.

!

ipv6 access-list test

deny ipv6 FF05::/16 any

deny ipv6 any FF05::/16

!

output omitted

permit ipv6 any any

!

B.

!

ipv6 access-list test

permit ipv6 any FF05::/16

!

output omitted

deny ipv6 any any

!

C.

!

ipv6 access-list test

deny ipv6 any any eq dns

deny ipv6 any any eq dhcp

!

output omitted

permit ipv6 any any

!

D.

!

ipv6 access-list test

deny ipv6 any 2000::/3

!

output omitted

permit ipv6 any any

!

E.

!

ipv6 access-list test

deny ipv6 any FE80::/10

!

output omitted

permit ipv6 any any

!

 

Correct Answer: A

 

 

QUESTION 94

Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.)

 

A.

It prevents rogue APs from being wired into the network.

B.

It provides encryption capability of data traffic between APs and controllers.

C.

It prevents rogue clients from accessing the wired network.

D.

It ensures that 802.1x requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place.

 

Correct Answer: AD

 

 

QUESTION 95

Which option explains the passive scan technique that is used by wireless clients to discover available wireless networks?

 

A.

listening for access point beacons that contain available wireless networks

B.

sending a null probe request

C.

sending a null association request

D.

listening for access point probe response frames that contain available wireless networks

 

Correct Answer: A

 

 

QUESTION 96

Which protocol can be used to encrypt traffic sent over a GRE tunnel?

 

A.

SSL

B.

SSH

C.

IPsec

D.

DH

E.

TLS

 

Correct Answer: C

 

 

QUESTION 97

Which three options are security measures that are defined for Mobile IPv6? (Choose three.)

 

A.

IPsec SAs are used for binding updates and acknowledgements.

B.

The use of IKEv1 or IKEv2 is mandatory for connections between the home agent and mobile node.

C.

Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication.

D.

Mobile IPv6 control messages are protected by SHA-2.

E.

IPsec SAs are used to protect dynamic home agent address discovery.

F.

IPsec SAs can be used to protect mobile prefix solicitations and advertisements.

 

Correct Answer: ACF

 

 

QUESTION 98

Which three statements are true about DES? (Choose three.)

 

A.

A 56-bit key is used to encrypt 56-bit blocks of plaintext.

B.

A 56-
bit key is used to encrypt 64-bit blocks of plaintext.

C.

Each block of plaintext is processed through 16 rounds of identical operations.

D.

Each block of plaintext is processed through 64 rounds of identical operations.

E.

ECB, CBC, and CBF are modes of DES.

F.

Each Block of plaintext is processed through 8 rounds of identical operations.

G.

CTR, CBC, and OFB are modes of DES.

 

Correct Answer: BCE

 

 

QUESTION 99

Comparing and contrasting IKEv1 and
IKEv2, which three statements are true? (Choose three.)

 

A.

IKEv2 adds EAP as a method of authentication for clients; IKEv1 does not use EAP.

B.

IKEv1 and IKEv2 endpoints indicate support for NAT-T via the vendor_ID payload.

C.

IKEv2 and IKEv1 always ensure protection of the identities of the peers during the negotiation process.

D.

IKEv2 provides user authentication via the IKE_AUTH exchange; IKEv1 uses the XAUTH exchange.

E.

IKEv1 and IKEv2 both use INITIAL_CONTACT to synchronize SAs.

F.

IKEv1 supports config mode via the SET/ACK and REQUEST/RESPONSE methods; IKEv2 supports only REQUEST/RESPONSE.

 

Correct Answer: ADE

 

 

QUESTION 100

Which three statements about GDOI are true? (Choose three.)

 

A.

GDOI uses TCP port 848.

B.

The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange.

C.

The KEK protects the GROUPKEY_PUSH message.

D.

The TEK is used to encrypt and decrypt data traffic.

E.

GDOI does not support PFS.

 

Correct Answer: BCD

 

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …