[Free] Download New Updated (February 2016) Cisco 350-018 Practice Tests 21-30

By | February 12, 2016

Ensurepass

QUESTION 21

DNSSEC was designed to overcome which security limitation of DNS?

 

A.

DNS man-in-the-middle attacks

B.

DNS flood attacks

C.

DNS fragmentation attacks

D.

DNS hash attacks

E.

DNS replay attacks

F.

DNS violation attacks

 

Correct Answer: A

 

 

QUESTION 22

Which three statements are true about MACsec? (Choose three.)

 

A.

It supports GCM modes of AES and 3DES.

B.

It is defined under IEEE 802.1AE.

C.

It provides hop-by-hop encryption at Layer 2.

D.

MACsec expects a strict order of frames to prevent anti-replay.

E.

MKA is used for session and encryption key management.

F.

It uses EAP PACs to distribute encryption keys.

 

Correct Answer: BCE

 

 

QUESTION 23

Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment?

 

A.

SSL Handshake Protocol

B.

SSL Alert Protocol

C.

SSL Record Protocol

D.

SSL Change CipherSpec Protocol

 

Correct Answer: C

QUESTION 24

IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)

 

A.

Send

B.

Mobile IPv6

C.

site-to-site virtual interfaces

D.

OSPFv3

E.

CAPWAP

F.

LWAPP

 

Correct Answer: BCD

 

 

QUESTION 25

Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)

 

A.

PEAP

B.

EAP-TLS

C.

EAP-FAST

D.

EAP-TTLS

E.

EAPOL

F.

EAP-RADIUS

G.

EAP-MD5

 

Correct Answer: ABCD

 

 

QUESTION 26

Which three statements are true about the SSH protocol? (Choose three.)

 

A.

SSH protocol runs over TCP port 23.

B.

SSH protocol provides for secure remote login and other secure network services over an insecure network.

C.

Telnet is more secure than SSH for remote terminal access.

D.

SSH protocol runs over UDP port 22.

E.

SSH transport protocol provides for authentication, key exchange, confidentiality, and integrity.

F.

SSH authentication protocol supports public key, password, host based, or none as authentication methods.

 

Correct Answer: BEF

 

 

QUESTION 27

Which two statements are true when comparing ESMTP and SMTP? (Choose two.)

 

A.

Only SMTP inspection is provided on the Cisco ASA firewall.

B.

A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server.

C.

ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.

D.

SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.

E.

ESMTP servers can identify the maximum email size they can receive by using the SIZE command.

Correct Answer: CE

 

 < /p>

QUESTION 28

How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?

 

A.

It is included in the CIADDR field.

B.

It is included as DHCP Option 50 in the OPTIONS field.

C.

It is included in the YIADDR field.

D.

It is the source IP address of the UDP/53 wrapper packet.

E.

The client cannot request its last IP address; it is assigned automatically by the server.

 

Correct Answer: B

 

 

QUESTION 29

Which two statements about an authoritative server in a DNS system are true? (Choose two.)

 

A.

It indicates that it is authoritative for a name by setting the AA bit in responses.

B.

It has a direct connection to one of the root name servers.

C.

It has a ratio of exactly one authoritative name server per domain.

D.

It cannot cache or respond to queries from domains outside its authority.

E.

It has a ratio of at least one authoritative name server per domain.

 

Correct Answer: AE

 

 

QUESTION 30

Refer to the exhibit. Which three statements are true? (Choose three.)

 

clip_image001

 

A.

Because of a “root delay” of 0ms, this router is probably receiving its time directly from a Stratum 0 or 1 GPS reference clock.

B.

This router has correctly synchronized its clock to its NTP master.

C.

The NTP server is running authentication and should be trusted as a valid time source.

D.

Specific local time zones have not been configured on this router.

E.

This router will not act as an NTP server for requests from other devices.

 

Correct Answer: BCE

 

Free VCE & PDF File for Cisco 350-018 Practice Tests

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …