QUESTION 141
Which three statements about LDAP are true? (Choose three.)
A. |
LDAP uses UDP port 389 by default. |
B. |
LDAP is defined in terms of ASN.1 and transmitted using BER. |
C. |
LDAP is used for accessing X.500 directory services. |
D. |
An LDAP directory entry is uniquely identified by its DN. |
E. |
A secure connection via TLS is established via the UseTLS operation. |
Correct Answer: BCD
QUESTION 142
Which two EAP methods may be susceptible to offline dictionary attacks? (Choose two.)
A. |
EAP-MD5 |
B. |
LEAP |
C. |
PEAP with MS-CHAPv2 |
D. |
EAP-FAST |
Correct Answer: AB
QUESTION 143
Which PKCS is invoked during IKE MM5 and MM6 when digital certificates are used as the authentication method?
A. |
PKCS#7 |
B. |
PKCS#10 |
C. |
PKCS#13 |
D. |
PKCS#11 |
E. |
PKCS#3 |
Correct Answer: A
QUESTION 144
Which three features describe DTLS protocol? (Choose three.)
A. |
DTLS handshake does not support reordering or manage loss packets. |
B. |
DTLS provides enhanced security, as compared to TLS. |
C. |
DTLS provides block cipher encryption and decryption services. |
D. |
DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery. |
E. |
DTLS is used by application layer protocols that use UDP as a transport mechanism. |
F. |
DTLS does not support replay detection. |
Correct Answer: CDE
QUESTION 145
Which statement regarding TFTP is not true?
A. |
Communication is initiated over UDP port 69. |
B. |
Files are transferred using a secondary data channel. |
C. |
Data is transferred using fixed-size blocks. |
D. |
TFTP authentication information is sent in clear text. |
E. |
TFTP is often utilized by operating system boot loader procedures. |
F. |
The TFTP protocol is implemented by a wide variety of operating systems and network devices. |
Correct Answer: D
QUESTION 146
User A at Company A is trying to transfer files to Company B, using FTP. User A can connect to the FTP server at Company B correctly, but User A cannot get a directory listing or upload files.
The session hangs. What are two possible causes for this problem? (Choose two.)
A. |
Active FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company |
B. |
B. Passive FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B. |
C. |
At Company A, active FTP is being used with a non-application aware firewall applying NAT to the source address of User A only. |
D. |
The FTP server administrator at Company B has disallowed User A from accessing files on that server. |
E. |
Passive FTP is being used, and the firewall at Company B is not allowing connections through to port 20 on the FTP server. |
Correct Answer: AC
QUESTION 147
Which three new capabilities were added to HTTP v1.1 over HTTP v1.0? (Choose three.)
A. |
chunked transfer encoding |
B. |
HTTP pipelining |
C. |
POST method |
D. |
HTTP cookies |
E. |
keepalive mechanism |
Correct Answer: ABE
QUESTION 148
Which three Cisco security product features assist in preventing TCP-based man-in-the-middle attacks? (Choose three.)
A. |
Cisco ASA TCP initial sequence number randomization? |
B. |
Cisco ASA TCP sliding-window conformance validation? |
C. |
Cisco IPS TCP stream reassembly? |
D. |
Cisco IOS TCP maximum segment size adjustment? |
Correct Answer: ABC
QUESTION 149
Which would be the best method to deploy on a Cisco ASA to detect and prevent viruses and worms?
A. |
deep packet inspection |
B. |
content security via the Control Security Services Module |
C. |
Unicast Reverse Path Forwarding |
D. |
IP audit signatures |
Correct Answer: B
QUESTION 150
Which four IPv6 messages should be allowed to transit a transparent firewall? (Choose four.)
A. |
router solicitation with hop limit = 1 |
B. |
router advertisement with hop limit = 1 |
C. |
neighbor solicitation with hop limit = 255 |
D. |
neighbor advertisement with hop limit = 255 |
E. |
listener query with link-local source address |
F. |
listener report with link-local source address |
Correct Answer: CDEF
Free VCE & PDF File for Cisco 350-018 Practice Tests
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …