[Free] 2018(May) EnsurePass Examcollection Cisco 350-018 Dumps with VCE and PDF 331-340

Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 331 – (Topic 4)

If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next?

  1. drop the packet

  2. check the outside interface inbound ACL to determine if the packet is permitted or denied

  3. perform NAT operations on the packet if required

  4. check the MPF policy to determine if the packet should be passed to the SSM

  5. perform stateful packet inspection based on the MPF policy

Answer: B

Question No: 332 – (Topic 4)

In HTTPS session establishment, what does the server hello message inform the client?

  1. that the server will accept only HTTPS traffic

  2. which versions of SSL/TLS the server will accept

  3. which ciphersuites the client may choose from

  4. which ciphersuite the server has chosen to use

  5. the PreMaster secret to use in generating keys

Answer: D

Question No: 333 – (Topic 4)

What are two advantages of using NLA with Windows Terminal Services? (Choose two.)

  1. uses SPNEGO and TLS to provide optional double encryption of user credentials

  2. forces the use of Kerberos to pass credentials from client to server

  3. protects against man-in-the-middle attacks

  4. requires clients to present an SSL certificate to verify their authenticity

  5. protects servers against DoS attacks by requiring lesser resources for authentication

Answer: A,C

Question No: 334 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which message could contain an authenticated initial_contact notify during IKE main mode negotiation?

  1. message 3

  2. message 5

  3. message 1

  4. none, initial_contact is sent only during quick mode

  5. none, notify messages are sent only as independent message types

Answer: B

Question No: 335 – (Topic 4)

Which statement about the Cisco NAC CAS is true?

  1. The Cisco NAC CAS acts as a gateway between untrusted networks.

  2. The Cisco NAC CAS can only operate as an in-band real IP gateway.

  3. The Cisco NAC CAS can operate as an out-of-band virtual gateway.

  4. The Cisco NAC CAS is an administration and monitoring server.

Answer: C

Question No: 336 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which three statements about the Cisco ASDM screen seen in the exhibit are true? (Choose three.)

  1. This access rule is applied to all the ASA interfaces in the inbound direction.

  2. The ASA administrator needs to expand the More Options tag to configure the inbound or outbound direction of the access rule.

  3. The ASA administrator needs to expand the More Options tag to apply the access rule to an interface.

  4. The resulting ASA CLI command from this ASDM configuration is access-list global_access line 1 extended permit ip host 1.1.1.1 host 2.2.2.1.

  5. This access rule is valid only on the ASA appliance that is running software release 8.3 or later.

  6. This is an outbound access rule.

Answer: A,D,E

Question No: 337 – (Topic 4)

During the establishment of an Easy VPN tunnel, when is XAUTH performed?

  1. at the end of IKEv1 Phase 2

  2. at the beginning of IKEv1 Phase 1

  3. at the end of Phase 1 and before Phase 2 starts in IKEv1 and IKEv2

  4. at the end of Phase 1 and before Phase 2 starts in IKEv1

Answer: D

Question No: 338 – (Topic 4)

Which protocol can be used to encrypt traffic sent over a GRE tunnel?

  1. SSL

  2. SSH

  3. IPsec

  4. DH

  5. TLS

Answer: C

Question No: 339 – (Topic 4)

What are two reasons for a certificate to appear in a CRL? (Choose two.)

  1. CA key compromise

  2. cessation of operation

  3. validity expiration

  4. key length incompatibility

  5. certification path invalidity

Answer: A,B

Question No: 340 – (Topic 4)

Which IPsec protocol provides data integrity but no data encryption?

  1. AH

  2. ESP

  3. SPI

  4. DH

Answer: A

100% Ensurepass Free Download!
Download Free Demo:350-018 Demo PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No