[Free] 2018(May) EnsurePass Examcollection Cisco 350-018 Dumps with VCE and PDF 161-170

Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 161 DRAG DROP – (Topic 2)

Drag and drop the SMTP components on the left onto their corresponding roles on the right.

Ensurepass 2018 PDF and VCE


Ensurepass 2018 PDF and VCE


MTA – Is the component responsible to move email from sending mail server to the recipient mail server.

MUA – Is the component that interacts with the end user

POP/IMAP – Is the component responsible to fetch email from the recipient mail server mailbox to recipient MUA

MDA – Is the component responsible to move the email from MTA to the user mailbox in the recipient mail server

The following terminology is important in understanding the operation of a mail server.

->Mail User Agent (MUA): The MUA is a component which interacts with end users directly. Examples of MUA are Thunderbird, MS Outlook, Zimbra Desktop. Web mail interfaces like Gmail and Yahoo! are also MUA.

->Mail Transfer Agent (MTA): The MTA is responsible for transferring an email from a sending mail server all the way to a recipient mail server. Examples of MTA

are sendmail and postfix.

->Mail Delivery Agent (MDA): Within a destination mail server, local MTA accepts an incoming email from remote MTA. The email is then delivered to user#39;s mailbox by MDA.

->POP/IMAP: POP and IMAP protocols are used to fetch emails from a recipient server#39;s mailbox to recipient MUA.

Question No: 162 – (Topic 2)

Which encapsulation technique does VXLAN use?

  1. MAC in TCP

  2. MAC in MAC

  3. MAC in UDP

  4. MAC in GRE

Answer: C Explanation:

VXLAN is a MAC in IP/UDP(MAC-in-UDP) encapsulation technique with a 24-bit segment identifier in the form of a VXLAN ID.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-


Question No: 163 – (Topic 2)

Which two statements about SSL VPN smart tunnels on a Cisco IOS device are true? (Choose two.)

  1. They are incompatible with split tunneling.

  2. They do not support FTP.

  3. They are incompatible with MAPI proxy.

  4. They support private socket libraries.

  5. They can be started in more than one Web browser at the same time.

Answer: A,C Explanation:

Restrictions for Cisco IOS SSL VPN Smart Tunnels Support

->Smart tunnels do not support split tunneling, Cisco Secure Desktop, private socket libraries, and MAPI proxy.

->Smart tunnels must not be started in two different web browsers simultaneously.

->Applications only with the winsock dll library such as Remote Desktop, VNCviewer, Outlook Express, Outlook Web Access (OWA), Secure Shell (SSH) using Putty, Telnet, FTP, and others are supported.

Reference: http://www.cisco.com/c/en/us/td/docs/ios- xml/ios/sec_conn_sslvpn/configuration/15-mt/sec-conn-sslvpn-15-mt-book/sec-conn- sslvpn-smart-tunnels-support.html

Question No: 164 – (Topic 2)

Which statement about the DH group is true?

  1. It provides data confidentiality.

  2. It does not provide data authentication.

  3. It is negotiated in IPsec phase 2.

  4. It establishes a shared key over a secured medium.

Answer: B

Reference: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

Question No: 165 – (Topic 2)

What ASA feature can you use to restrict a user to a specific VPN group?

  1. MPF

  2. A Webtype ACL

  3. group-lock

  4. A VPN filter

Answer: C

Question No: 166 – (Topic 2)

Which two values you must configure on the Cisco ASA firewall to support FQDN ACL? (Choose two.)

  1. a DNS server

  2. an FQDN object

  3. a policy map

  4. a class map

  5. a service object

  6. a service policy

Answer: A,B

Reference: https://supportforums.cisco.com/document/66011/using-hostnames-dns- access-lists-configuration-steps-caveats-and-troubleshooting

Question No: 167 – (Topic 2)

Which statement is valid regarding SGACL?

  1. SGACL mapping and policies can only be manually configured.

  2. Dynamically downloaded SGACL does not override manually configured conflicting policies.

  3. SGACL is access-list bound with a range of SGTs and DGTs.

  4. SGACL is not a role-based access list.

Answer: C Explanation:

A role-based access control list bound to a range of SGTs and DGTs forms an SGACL Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sga cl_config.html

Question No: 168 – (Topic 2)

Which ICMP message type code indicates that fragment reassembly time has been exceeded?

  1. Type 11, code 0

  2. Type 11, Code 1

  3. Type 12, Code 2

  4. Type 4, Code 0

Answer: B Explanation: ICMP Type Literal


echo-reply 3

destination unreachable code 0 = net unreachable 1 = host unreachable 2 = protocol unreachable 3 = port unreachable 4 = fragmentation needed and DF set 5 = source route failed


source-quench 5

redirect code 0 = redirect datagrams for the network 1 = redirect datagrams for the host 2 = redirect datagrams for the type of service and network 3 = redirect datagrams for the type of service and host


alternate-address 8

echo 9

router-advertisement 10

router-solicitation 11

time-exceeded code 0 = time to live exceeded in transit 1 = fragment reassembly time exceeded

Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-


Question No: 169 – (Topic 2)

Refer the exhibit.

Ensurepass 2018 PDF and VCE

Two routers are connected using GRE through a WAN link. Your syslog server is logging the given error message. What is a possible reason for the errors?

  1. The loopback interface is configured as the source of the tunnel

  2. The connection is experiencing WAN link flapping

  3. The tunnel key is misconfigured

  4. Secondary addresses are being used on the physical interface

  5. The tunnel source and destination are advertised through the tunnel itself

Answer: E

Question No: 170 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which two statements about this debug output are true? (Choose two.)

  1. The request is from NHC to NHS.

  2. The request is from NHS to NNC.

  3. is the remote NBMA address.

  4. is the local VPN address.

  5. is the local non-routable address.

  6. This debug output represents a failed NHRP request.

Answer: A,D

100% Ensurepass Free Download!
Download Free Demo:350-018 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 350-018 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No