QUESTION 361
Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)
A. |
Infrastructure ACLs are used to block-permit the traffic in the router forwarding path. |
B. |
Infrastructure ACLs are used to block-permit the traffic handled by the route processor. |
C. |
Infrastructure ACLs are used to block-permit the transit traffic. |
D. |
Infrastructure ACLs only protect device physical management interface. |
Correct Answer: BD
QUESTION 362
Which statement about the SYN flood attack is true?
A. |
The SYN flood attack is always directed from valid address. |
B. |
The SYN flood attack target is to deplete server memory so that legitimate request cannot be served. |
C. |
The SYN flood attack is meant to completely deplete the TCB SYN-Received state backlog. |
D. |
The SYN flood attack can be launched for both UDP and TCP open ports on the server. |
E. |
SYN-Received state backlog for TCBs is meant to protect server CPU cycles. |
Correct Answer: C
QUESTION 363
The HTTP inspection engine has the ability to inspect traffic based on which three parameters? (Choose three.)
A. |
Transfer Encoding |
B. |
Request Method |
C. |
Header |
D. |
Application Type |
E. |
Header Size |
F. |
Source Address |
Correct Answer: ABD
QUESTION 364
For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. |
BVI is required for the inspection of IP traffic. |
B. |
The firewall can perform routing on bridged interfaces. |
C. |
BVI is required if routing is disabled on the firewall. |
D. |
BVI is required if more than two interfaces are in a bridge group. |
E. |
BVI is required for the inspection of non-IP traffic. |
F. |
BVI can manage the device without having an interface that is configured for routing. |
Correct Answer: DF
QUESTION 365
Event Store is a component of which IPS application?
A. |
SensorApp |
B. |
InterfaceApp |
C. |
MainApp |
D. |
NotificationApp |
E. |
AuthenticationApp |
Correct Answer: C
QUESTION 366
Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?
A. |
AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation. |
B. |
The Cisco Secure ACS Solution Engine does not support accounting AV pairs. |
C. |
AV pairs are only string values. |
D. |
AV pairs are of two types: string and integer. |
Correct Answer: C
QUESTION 367
Refer to the exhibit. Which option describes the behavior of this configuration?
A. |
Devices that perform IEEE 802.1X should be in the MAC address database for successful authentication. |
B. |
IEEE 802.1x devices must fail MAB to perform IEEE 802.1X authentication. |
C. |
If 802.1X fails, the device will be assigned to the default guest VLAN. |
D. |
The device will perform subsequent IEEE 802.1X authentication if it passed MAB authentication. |
E. |
If the device fails IEEE 802.1X, it will start MAB again. |
Correct Answer: B
QUESTION 368
When is the supplicant considered to be clientless?
A. |
when the authentication server does not have credentials to authenticate. |
B. |
when the authenticator is missing the dot1x guest VLAN under the port with which the supplicant is connected. |
C. |
when the supplicant fails EAP-MD5 challenge with the authentication server. |
D. |
when the supplicant fails to respond to EAPOL messages from the authenticator. |
E. |
when the authenticator is missing the reauthentication timeout configuration under the port with which the supplicant is connected. |
Correct Answer: D
QUESTION 369
Which Cisco IOS IPS signature action denies an attacker session using the dynamic access list?
A. |
produce-alert |
B. |
deny-attacker-inline |
C. |
deny-connection-inline |
D. |
reset-tcp-action |
E. |
deny-session-inline |
F. |
deny-packet-inline |
Correct Answer: B
QUESTION 370
Which IPS appliance signature engine inspects IPv6 Layer 3 traffic?
A. |
Atomic IP |
B. |
Meta |
C. |
Atomic IP Advanced |
D. |
Fixed |
E. |
Service |
Correct Answer: C
Free VCE & PDF File for Cisco 350-018 Practice Tests
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …