QUESTION 161
Which three statements are true about the Cisco NAC Appliance solution? (Choose three.)
|
A. |
In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server. |
|
B. |
In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco router using the “NAC discovery-host” global configuration command. |
|
C. |
In a VRF-style OOB deployment of the Cisco NAC Appliance, the discovery host may be the IP address that is on the trusted side of the Cisco NAC Appliance Server. |
|
D. |
In a Layer 3 IB deployment of the Cisco NAC Appliance, the discovery host may be configured as the IP address of the Cisco NAC Appliance Manager. |
Correct Answer: ACD
QUESTION 162
Refer to the exhibit, which shows a partial output of the show command. Which statement best describes the problem?
|
A. |
Context vpn1 is not inservice. |
|
B. |
There is no gateway that is configured under context vpn1. |
|
C. |
The config has not been properly updated for context vpn1. |
|
D. |
The gateway that is configured under context vpn1 is not inservice. |
Correct Answer: A
QUESTION 163
Review the exhibit. Which three statements about the Cisco IPS sensor are true? (Choose three.)
|
A. |
A |
|
B. |
B |
|
C. |
C |
|
D. |
D |
|
E. |
E |
Correct Answer: ACE
QUESTION 164
An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?
|
A. |
NAT overload |
|
B. |
NAT extendable |
|
C. |
NAT TCP load balancing |
|
D. |
NAT service-type DNS |
|
E. |
Correct Answer: B
QUESTION 165
Refer to the exhibit. Which three command sets are required to complete this IPv6 IPsec site-to-site VTI? (Choose three.)
|
A. |
interface Tunnel0 tunnel mode ipsec ipv6 |
|
B. |
crypto isakmp-profile match identity address ipv6 any |
|
C. |
interface Tunnel0 ipv6 enable |
|
D. |
ipv6 unicast-routing |
|
E. |
interface Tunnel0 ipv6 enable-ipsec |
Correct Answer: ACD
QUESTION 166
Refer to the exhibit. Which option correctly identifies the point on the exhibit where Control Plane Policing (input) is applied to incoming packets?
|
A. |
point 6 |
|
B. |
point 7 |
|
C. |
point 4 |
|
D. |
point 1 |
|
E. |
points 5 and 6 |
Correct Answer: A
QUESTION 167
Which QoS marking is only locally significant on a Cisco router?
|
A. |
MPLS EXP |
|
B. |
DSCP |
|
C. |
QoS group |
|
D. |
IP precedence |
|
E. |
traffic class |
|
F. |
flow label |
Correct Answer: C
QUESTION 168
Which three control plane subinterfaces are available when implementing Cisco IOS Control Plane Protection? (Choose three.)
|
A. |
CPU |
|
B. |
host |
|
C. |
fast-cache |
|
D. |
transit |
|
E. |
CEF-exception |
|
F. |
management |
Correct Answer: BDE
QUESTION 169
Management Frame Protection is available in two deployment modes, Infrastructure and Client. Which three statements describe the differences between these modes? (Choose three.)
|
A. |
Infrastructure mode appends a MIC to management frames. |
|
B. |
Client mode encrypts management frames. |
|
C. |
Infrastructure mode can detect and prevent common DoS attacks. |
|
D. |
Client mode can detect and prevent common DoS attacks. |
|
E. |
Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients. |
Correct Answer: ABD
QUESTION 170
Which three object tracking options are supported by Cisco IOS policy-based routing? (Choose three.)
|
A. |
absence of an entry in the routing table |
|
B. |
existence of a CDP neighbor relationship |
|
C. |
existence of an entry in the routing table |
|
D. |
results of an SAA operation |
|
E. |
state of the line protocol of an interface |
Correct Answer: CDE
Free VCE & PDF File for Cisco 350-018 Practice Tests
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …