QUESTION 371
When routing is configured on ASA, which statement is true?
|
A. |
If the default route is not present, then the routing table is checked. |
|
B. |
If the routing table has two matching entries, the packet is dropped. |
|
C. |
If routing table has two matching entries with same prefix length, the first entry is used. |
|
D. |
If routing table has two matching entries with different prefix lengths, the entry with the longer prefix length is used. |
Correct Answer: D
QUESTION 372
Which statement about the ASA redundant interface is true?
|
A. |
It is a logical interface that combines two physical interfaces, both of which are active. |
|
B. |
It can only be used for failover links. |
|
C. |
By default, the first physical interface that is configured in the pair is the active interface. |
|
D. |
The redundant interface uses the MAC address of the second physical interface in the pair. |
Correct Answer: C
QUESTION 373
Which two pieces of information are communicated by the ASA failover link? (Choose two.)
< /font>
|
A. |
unit state |
|
B. |
connections State |
|
C. |
routing tables |
|
D. |
power status |
|
E. |
MAC address exchange |
Correct Answer: AE
QUESTION 374
When is a connection entry created on ASA for a packet that is rece
ived on the ingress interface?
|
A. |
When the packet is checked by the access-list. |
|
B. |
When the packet reaches the ingress interface internal buffer. |
|
C. |
When the packet is a SYN packet or UDP packet. |
|
D. |
When a translation rule exists for the packet. |
|
E. |
When the packet is subjected to inspection. |
Correct Answer: D
QUESTION 375
Which two statements about the multiple context mode running Version 9.x are true? (Choose two.)
|
A. |
RIP is not supported. |
|
B. |
An interface cannot be shared by multiple contexts. |
|
C. |
Remote access VPN is supported. |
|
D. |
Only the admin and context configuration files are supported. |
|
E. |
OSPFv3 is supported. |
|
F. |
Multicast feature is supported |
|
G. |
Site-To-Site VPN feature is supported |
Correct Answer: AG
QUESTION 376
Which two options describe how the traffic for the shared interface is classified in ASA multi context mode? (Choose two.)
|
A. |
Traffic is classified at the source address in the packet. |
|
B. |
Traffic is classified at the destination address in the packet. |
|
C. |
Traffic is classified at the destination address in the context. |
|
D. |
Traffic is classified by copying and sending the packet to all the contexts. |
|
E. |
Traffic is classified by sending the MAC address for the shared interface. |
Correct Answer: CE
QUESTION 377
Which two statements correctly describes ASA resource management in multiple context mode? (Choose two.)
|
A. |
The class sets the resource maximum limit for a context to which it belongs. |
|
B. |
A resource cannot be oversubscribed or set to be unlimited in the class. |
|
C. |
The resource limit can only be set as a percentage in the class and not as an absolute value. |
|
D. |
Context belongs to a default class if not assigned to any other class. |
|
E. |
The default class provides unlimited access for all the resources. |
Correct Answer: AD
QUESTION 378
Which two statements about ASA transparent mode are true? (Choose two.)
|
A. |
Transparent mose acts as a Layer-3 firewall. |
|
B. |
The inside and outside interface must be in a different subnet. |
|
C. |
IP traffic will not pass unless it is permitted by an access-list. |
|
D. |
ARP traffic is dropped unless it is permitted. |
|
E. |
A configured route applies only to the traffic that is originated by the ASA. |
|
F. |
In multiple context mode, all contexts need to be in transparent mode. |
Correct Answer: CE
QUESTION 379
Which statement correctly describes a botnet filter category?
|
A. |
Unlisted addresses: The addresses are malware addresses that are not identified by the dynamic database and are hence defined statically. |
|
B. |
Ambiguous addresses: In this case, the same domain name has multiple malware addresses but not all the addresses are in the dynamic database. These addresses are on the graylist. |
|
C. |
Known malware addresses: These addresses are identified as blacklist addresses in the dynamic database and static list. |
|
D. |
Known allowed addresses: These addresses are identified as whitelist addresses that are bad addresses but still allowed. |
Correct Answer: C
QUESTION 380
Refer to the exhibit. Why does the EasyVPN session fail to establish between the client and server?
|
A. |
incomplete ISAKMP profile configuration on the server |
|
B. |
incorrect IPsec phase-2 configuration on the server |
|
C. |
incorrect group configuration on the client |
|
D. |
ISAKMP key mismatch |
|
E. |
incorrect ACL in the ISAKMP client group configuration |
Correct Answer: B
Free VCE & PDF File for Cisco 350-018 Practice Tests
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …