[Free] Download New Updated (February 2016) Cisco 350-018 Practice Tests 211-220

By | February 12, 2016

Ensurepass

QUESTION 211

Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly?

 

A.

dynamic-filter inspect tcp/80

B.

dynamic-filter whitelist

C.

inspect botnet

D.

inspect dns dynamic-filter-snoop

 

Correct Answer: D

 

 

 

 

QUESTION 212

Refer to the exhibit. Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.

 

clip_image001

 

A.

stateful failover using active-active for multi-context

B.

stateful failover using active-standby for multi-context

C.

stateful failover using active-standby for single-context

D.

stateless failover using interface-level failover for multi-context

 

Correct Answer: A

 

 

QUESTION 213

You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

 

A) You need two customer contexts, named contextA and contextB.

B) Allocate interfaces G0/0 and G0/1 to contextA.

C) Allocate interfaces G0/0 and G0/2 to contextB.

D) The physical interface name for G0/1 within contextA should be “inside”.

E) All other context interfaces must be viewable via their physical interface names.

 

If the admin context is alread

 

A.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/2 visible

B.

context contexta

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside

context contextb

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/2 visible

C.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 invisible

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 invisible

allocate-interface GigabitEthernet0/2 invisible

D.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/2

E.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible

allocate-interface GigabitEthernet0/2 visible

 

Correct Answer: A

 

 

QUESTION 214

Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)

 

A.

Create the security zones and security zone pairs.

B.

Create the self zone.

C.

Create the default global inspection policy.

D.

Create the type inspect class maps and policy maps.

E.

Assign a security level to each security zone.

F.

Assign each router interface to a security zone.

G.

Apply a type inspect policy map to each zone pair.

 

Correct Answer: ADFG

 

 

QUESTION 215

Refer to the exhibit. The client is protected by a firewall. An IPv6 SMTP connection from the client to the server on TCP port 25 will be subject to which action?

 

clip_image003

A.

pass action by the HTTP_CMAP

B.

inspection action by the TCP_CMAP

C.

inspection action by the SMTP_CMAP

D.

drop action by the default class

E.

pass action by the HTTP_CMAP

 

Correct Answer: C

 

 

QUESTION 216

Which Cisco IPS appliance signature engine defines events that occur in a related manner, within a sliding time interval, as components of a combined signature?

 

A.

Service engine

B.

Sweep engine

C.

Multistring engine

D.

Meta engine

 

Correct Answer: D

 

 

QUESTION 217

Which three options are the types of zones that are defined for anomaly detection on the Cisco IPS Sensor? (Choose three.)

 

A.

inside

B.

outside

C.

internal

D.

external

E.

illegal

F.

baseline

 

Correct Answer: CDE

 

 

QUESTION 218

Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

 

A.

It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.

B.

It defines a wide variety of authorization actions, including “reauthenticate.”

C.

It defines the format for a Change of Authorization packet.

D.

It defines a DM.

E.

It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

 

Correct Answer: ACD

 

 

QUESTION 219

Which three statements are true regarding Security Group Tags? (Choose three.)

 

A.

When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.

B.

When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.

C.

Security Group Tags are a supported network authorization result using Cisco ACS 5.x.

D.

Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.

E.

A Security Group Tag is a variable length string that is returned as an authorization result.

 

Correct Answer: ACD

 

 

QUESTION 220

Refer to the exhibit. What is the cause of the issue that is reported in this debug output?

 

clip_image005

 

A.

The identity of the peer is not acceptable.

B.

There is an esp transform mismatch.

C.

There are mismatched ACLs on remote and local peers.

D.

The SA lifetimes are set to 0.

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 350-018 Practice Tests

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …