[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 221-230

Ensurepass

QUESTION 221

In order to implement CGA on a Cisco IOS router for SeND, which three configuration steps are required? (Choose three.)

 

A.

Generate an RSA key pair.

B.

Define a site-wide pre-shared key.

C.

Define a hash algorithm that is used to generate the CGA.

D.

Generate the CGA modifier.

E.

Assign a CGA link-local or globally unique address to the interface.

F.

Define an encryption algorithm that is used to generate the CGA.

 

Correct Answer: ADE

 

 

QUESTION 222

As defined by Cisco TrustSec, which EAP method is used for Network Device Admission Control authentication?

 

A.

EAP-FAST

B.

EAP-TLS

C.

PEAP

D.

LEAP

 

< span lang="EN-US" style="font-family: ; mso-font-kerning: 0pt; mso-no-proof: yes">Correct Answer: A

 

 

QUESTION 223

Which three statements about the keying methods used by MACSec are true? (Choose three.)

 

< tr style="mso-yfti-irow: 5; mso-yfti-lastrow: yes">

A.

Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA.

B.

A valid mode for SAP is NULL.

C.

MKA is implemented as an EAPoL packet exchange.

D.

SAP is enabled by default for Cisco TrustSec in manual configuration mode.

E.

SAP is not supported on switch SVIs.

F.

SAP is supported on SPAN destination ports.

 

Correct Answer: BCE

 

 

QUESTION 224

What is the function of this command?

 

switch(config-if)# switchport port-security mac-address sticky

 

A.

It allows the switch to restrict the MAC addresses on the switch port, based on the static MAC addresses configured in the startup configuration.

B.

It allows the administrator to manually configure the secured MAC addresses on the switch port.

C.

It allows the switch to permanently store the secured MAC addresses in the MAC address table (CAM table).

D.

It allows the switch to perform sticky learning, in which the dynamically learned MAC addresses are copied from the MAC address table (CAM table) to the startup configuration.

E.

It allows the switch to dynamically learn the MAC addresses on the switch port, and the MAC addresses will be added to the running configuration

Correct Answer: E

 

 

QUESTION 225

When configuring a switchport for port security that will support multiple devices and that has already been configured for 802.1X support, which two commands need to be added? (Choose two.)

 

A.

The 802.1X port configuration must be extended with the command dot1x multiple-host.

B.

The 802.1X port configuration must be extended with the command dot1x port-security.

C.

The switchport configuration needs to include the command switchport port-security.

D.

The switchport configuration needs to include the port-security aging command.

E.

The 802.1X port configuration needs to remain in port-control force-authorized rather than port- control auto.

 

Correct Answer: AC

 

 

QUESTION 226

In Cisco IOS, what is the result of the ip dns spoofing command on DNS queries that are coming from the inside and are destined to DNS servers on the outside?

 

A.

The router will prevent DNS packets without TSIG information from passing through the router.

B.

The router will act as a proxy to the DNS request and reply to the DNS request with the IP address of the interface that received the DNS query if the outside interface is down.

C.

The router will take the DNS query and forward it on to the DNS server with its information in place of the client IP.

D.

The router will block unknown DNS requests on both the inside and outside interfaces.

 

Correct Answer: B

 

 

QUESTION 227

The Wi-Fi Alliance defined two certification programs, called WPA and WPA2, which are based on the IEEE 802.11i standard. Which three statements are true about these certifications? (Choose three.)

 

A.

WPA is based on the ratified IEEE 802.11i standard.

B.

WPA2 is bas
ed on the ratified IEEE 802.11i standard.

C.

WPA enhanced WEP with the introduction of TKIP.

D.

WPA2 requires the support of AES-CCMP.

E.

WPA2 supports only 802.1x/EAP authentication.

 

Correct Answer: BCD

 

 

QUESTION 228

When you are configuring the COOP feature for GETVPN redundancy, which two steps are required to ensure the proper COOP operations between the key servers? (Choose two.)

 

A.

Generate an exportable RSA key pair on the primary key server and export it to the secondary key server.

B.

Enable dead peer detection between the primary and secondary key servers.

C.

Configure HSRP between the primary and secondary key servers.

D.

Enable IPC between the primary and secondary key servers.

E.

Enable NTP on both the primary and secondary key servers to ensure that they are synchronized to the same clock source.

 

Correct Answer: AB

 

 

QUESTION 229

A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue?

 

A.

The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.

B.

The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split- tunnel-list containing the local LAN addresses that are relevant to the client.

C.

The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.

D.

The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.

E.

The Cisco Easy VPN client machine needs to have multiple NICs to support this.

 

Correct Answer: B

 

 

QUESTION 230

During the establishment of an Easy VPN tunnel, when is XAUTH performed?

 

A.

at the end of IKEv1 Phase 2

B.

at the beginning of IKEv1 Phase 1

C.

at the end of Phase 1 and before Phase 2 starts in IKEv1 and IKEv2

D.

at the end of Phase 1 and before Phase 2 starts in IKEv1

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …