[Free] 2018(Aug) Ensurepass Cisco 350-018 Dumps with VCE and PDF 151-160

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 151 – (Topic 2)

Which statement is true about the Cisco ASA interface monitoring?

  1. ASA does not clear the received packets count on the monitored interface before running the tests.

  2. Interfaces of the same context cannot be monitored.

  3. It is possible to configure a context to monitor a shared interface.

  4. If the monitored interface has both IPv4 and IPv6 addresses then it cannot be monitored.

Answer: C Explanation:

You can monitor up to 250 interfaces (in multiple mode, divided between all contexts). You should monitor important interfaces. For example in multiple mode, you might configure one context to monitor a shared interface. (Because the interface is shared, all contexts benefit from the monitoring.)

Reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_gen eral_config/ha_failover.html

Question No: 152 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which three descriptions of the configuration are true? (Choose three.)

  1. The configuration is on the NHS.

  2. The tunnel IP address represents the NBMA address.

  3. This tunnel is a point-to-point GRE tunnel.

  4. The tunnel is not providing peer authentication.

  5. The configuration is on the NHC.

  6. The tunnel encapsulates multicast traffic.

  7. The tunnel provides data confidentiality.

Answer: A,F,G

Question No: 153 – (Topic 2)

What are two features that can stop man-in-the-middle attacks? (Choose two.)

  1. DCHP snooping

  2. ARP snooping

  3. dynamic MAC ACLs

  4. destination MAC ACLs

  5. ARP sniffing on specific ports

Answer: A,B

Question No: 154 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which two statements correctly describe the debug output?

  1. The remote VPN address is 180.10.10.1

  2. The message is observed on the NHS

  3. The message is observed on the NHC.

  4. The remote routable address 91.91.91.1.

  5. The local non-routable address is 20.10.10.3.

  6. The NHRP hold time is 3 hours.

Answer: A,C

Question No: 155 – (Topic 2)

What is an example of a stream cipher?

  1. RC4

  2. DES

  3. Blowfish

  4. RC6

Answer: A

Question No: 156 – (Topic 2)

Which three statements about SSHv1 and SSHv2 are true? (Choose three.)

  1. Both SSHv1 and SSHv2 support multiple session channels on a single connection.

  2. Both SSHv1 and SSHv2 require a server key to protect the session key.

  3. SSHv2 supports a wider variety of user-authentication methods than SSHv1.

  4. Unlike SSHv1, SSHv2 uses separate protocols for authentication, connection, and transport.

  5. Unlike SSHv1, SSHv2 supports multiple forms of user authentication in a single session.

  6. Both SSHv1 and SSHv2 negotiate the bulk cipher.

Answer: D,E,F Explanation:

SSH-1 and SSH-2 Differences SSH-2

SSH-1

Separate transport, authentication, and connection protocols. One monolithic protocol.

Strong cryptographic integrity check. Weak CRC-32 integrity check.

Supports password changing. N/A

Any number of session channels per connection (including none).

Exactly one session channel per connection (requires issuing a remote command even when you don#39;t want one).

Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key.

Negotiates only the bulk cipher; all others are fixed.

Encryption, MAC, and compression are negotiated separately for each direction, with independent keys.

The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm#39;s design demands that keys not be reused).

Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability.

Fixed encoding precludes interoperable additions.

User authentication methods:

->public-key (DSA, RSA, OpenPGP)

->hostbased

->password

->(Rhosts dropped due to insecurity)

Supports a wider variety:

->public-key (RSA only)

->RhostsRSA

->password

->Rhosts (rsh-style)

->TIS

->Kerberos

Use of Diffie-Hellman key agreement removes the need for a server key. Server key used for forward secrecy on the session key.

Supports public-key certificates. N/A

User authentication exchange is more flexible and allows requiring multiple forms of authentication for access.

Allows exactly one form of authentication per session.

Hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc.

RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness.

Periodic replacement of session keys. N/A

Reference: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch03_05.htm

Question No: 157 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

What sequence of command would generate the given output?

Ensurepass 2018 PDF and VCE

  1. Exhibit A

  2. Exhibit B

  3. Exhibit C

  4. Exhibit D

Answer: C

Question No: 158 – (Topic 2)

Of which IPS application is Event Store a component?

  1. InterfaceApp

  2. AuthenticationApp

  3. SensorApp

  4. NotificationApp

  5. MainApp

Answer: E Explanation:

Cisco IPS software includes the following applications:

Ensurepass 2018 PDF and VCE

鈥?/p>

Ensurepass 2018 PDF and VCE

MainApp-Initializes the system, starts and stops the other applications, configures the OS, and performs upgrades. It contains the following components:

Ensurepass 2018 PDF and VCE

ctlTransSource (Control Transaction server)-Allows sensors to send control transactions. This is used to enable the master blocking sensor capability of Attack Response Controller (formerly known as Network Access Controller).

Event Store-An indexed store used to store IPS events (error, status, and alert system messages) that is accessible through the CLI, IDM, IME, ASDM, or SDEE.

Reference: http://www.cisco.com/c/en/us/td/docs/security/ips/7-

0/configuration/guide/cli/cliguide7/cli_system_architecture.html#wp1009053

Question No: 159 – (Topic 2)

What two statements about the PCoIP protocol are true? (Choose two.)

  1. It uses a variety of codecs to support different operating systems.

  2. It supports both lossy and lossless compression.

  3. It is a TCP-based protocol

  4. It is available in both software and hardware.

  5. It is a client-rendered, multi-codec protocol.

Answer: B,D

Question No: 160 – (Topic 2)

Which two statements about the RC4 algorithm are true? (Choose two.)

  1. The RC4 algorithm is an asymmetric key algorithm.

  2. In the RC4 algorithm, the 40-bit key represents four characters of ASCII code.

  3. The RC4 algorithm is faster in computation than DES.

  4. The RC4 algorithm uses variable-length keys.

  5. The RC4 algorithm cannot be used with wireless encryption protocols.

Answer: C,D

100% Ensurepass Free Download!
350-018 PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *