[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 111-120

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 111 – (Topic 2)

Which signature engine would you choose to filter for the regex [aA][tT][tT][aA][cC][kK] in the URI field of the HTTP header?

  1. ATOMIC IP

  2. service HTTP

  3. AIC HTTP

  4. string TCP

Answer: B

Reference: https://supportforums.cisco.com/blog/149481/introduction-regular-expressions- ips

Question No: 112 – (Topic 2)

Which of the following statement is true about the ARP Spoofing attack?

  1. Attacker sends the ARP request with the MAC address and IP address of a legitimate resource in the network.

  2. ARP spoofing does not facilitate man-in the middle attack for the attacker.

  3. Attacker sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.

  4. Attacker sends the ARP request with the MAC address and IP address of its own.

Answer: C Explanation:

ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker#39;s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

Reference: https://en.wikipedia.org/wiki/ARP_spoofing

Question No: 113 – (Topic 2)

What are the three default account duration settings supported by the Cisco ISE Guest services? (Choose three)

  1. DefaultStartEnd

  2. DefaultEightHours

  3. DefaultFirstLoginEight

  4. DefaultUnlimited

  5. DefaultFirstLogin

  6. DefaultFiveHours

Answer: A,B,C

Question No: 114 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

With the client attempting an implicit SFTP connection to the SFTP server, which mode works by default?

  1. passive

  2. neither passive nor active

  3. active

  4. both passive and active

Answer: B Explanation:

The ASA firewall has issues in regards of handling this type of connections. Normally when regular FTP is used, the ASA sees the payload on the FTP control channel and does the proper NAT translations when using passive mode, when using active, he sees the IP addresses and let the data connection to be established. On the other hand, since on the secure methods (FTPS and SFTP), the control channel is encrypted, the ASA has not way to determine the ports being used .

Question No: 115 – (Topic 2)

Which two statements about DNSSEC are true? (Choose two)

  1. It support data confidentiality for DNS client

  2. It can protect bulk data as is it transmitted between DNS servers.

  3. It supports data integrity for DNS clients.

  4. It supports spilt-horizon DNS to prevent attackers from enumerating the names in a zone

  5. It can protect all types of data published in the DNS

Answer: C,E

Question No: 116 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

In which two parts should the multicast boundary command be applied? (Choose two.)

  1. A

  2. B

  3. C

  4. D

  5. E

  6. F

Answer: A,F

Explanation:

You define a multicast boundary to prevent Auto-RP messages from entering the PIM domain. You create an access list to deny packets destined for 224.0.1.39 and 224.0.1.40, which carry Auto-RP information.

Reference:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/1 5-

2_2_e/multicast/configuration_guide/b_mc_1522e_3750x_3560x_cg/b_mc_3750x_3560x_ chapter_010.html#task_33BF7D47C052413ABF8ACFCE9C871DD2

Question No: 117 – (Topic 2)

Refer the exhibit,

Ensurepass 2018 PDF and VCE

which two statements about the given IPv6 ZBF configuration are true? (Choose two)

  1. It provides backward compatibility with legacy IPv6 inspection.

  2. It passes TCP, UDP, ICMP, and FTP traffic from z1 to z2.

  3. It provides backward compatibility with legacy IPv4 inspection.

  4. It passes TCP, UDP, ICMP and FTP traffic in both directions between z1 and z2

  5. It inspects TCP, UDP, ICMP and FTP traffic from z1 to z2.

  6. It inspects TCP, UDP, CIMP and FTP traffic from z1 to z2

Answer: A,E

Question No: 118 – (Topic 2)

Which statement is true about the PKI deployment using Cisco IOS devices?

  1. During the enrollment, CA or RA signs the client certificate request with its public key.

  2. RA is capable to publish the CRLs.

  3. Peers use private leys in their certificates to negotiate IPSec SAs to establish the secure channel.

  4. RA is used for accepting the enrollment requests.

  5. Certificate Revocation is not supported by SCEP protocol.

Answer: D

Explanation: The RA only has the power to accept registration requests and forward them to the CA. It is not allowed to issue certificates or publish CRLs. The CA is responsible for these functions.

Reference:

http://www.cisco.com/en/US/tech/tk1132/technologies_white_paper09186a00800e79cb.sht ml

Question No: 119 – (Topic 2)

Which three statements about Cisco Secure Desktop are true? (Choose three)

  1. It is interpretable with Clientless SSL VPN, AnyConnect, and the IPSec VPN client.

  2. Its supports shared network folder

  3. It validate PKI certificates

  4. It supports multiple prelogin checks, including IP address, certificate and OS

  5. It supports unlimited CSD locations.

  6. It can be pre-installed to reduce download time.

Answer: B,C,E

Question No: 120 – (Topic 2)

Which two statements about DNSSEC are true? (Choose two)

  1. It support data confidentiality for DNS client

  2. It can protect bulk data as is it transmitted between DNS servers.

  3. It supports data integrity for DNS clients.

  4. It supports spilt-horizon DNS to prevent attackers from enumerating the names in a zone

  5. It can protect all types of data published in the DNS

Answer: C,E

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *