[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 391-400

Ensurepass

QUESTION 391

Which two statements about SOX are true? (Choose two.)

 

A.

SOX is an IEFT compliance procedure for computer systems security.

B.

SOX is a US law.

C.

SOX is an IEEE compliance procedure for IT management to produce audit reports.

D.

SOX is a private organization that provides best practices for financial institution computer systems.

E.

Section 404 of SOX is related to IT compliance.

 

Correct Answer: BE

 

 

QUESTION 392

Refer to the exhibit. Which three statements correctly describe the configuration? (Choose three).

 

clip_image002

A.

The tunnel is not providing peer authentication

B.

The tunnel encapsulates multicast traffic.

C.

This is a point-to-point GRE tunnel.

D.

The configuration is on the NHS.

E.

The configuration is on the NHC.

F.

The tunnel provides data confidentiality.

G.

The tunnel IP address represents the NBMA address.

 

Correct Answer: BDF

 

 

QUESTION 393

Refer to the exhibit. Which statement correctly describes the configuration?

 

clip_image004

 

A.

The configuration is the super view configuration of role-based access control.

B.

The configuration would not work unless the AAA server is configured for authentication and authorization.

C.

The exec commands in the configuration will be excluded from the test view.

D.

The configuration is the CLI configuration of role-based access control.

 

Correct Answer: D

 

 

QUESTION 394

Which item is not encrypted by ESP?

 

A.

ESP header

B.

ESP trailer

C.

IP header

D.

Data

E.

TCP-UDP header

 

Correct Answer: A

 

 

QUESTION 395

Which item is not authenticated by ESP?

 

A.

ESP header

B.

ESP trailer

C.

New IP header

D.

Original IP header

E.

Data

F.

TCP-UDP header

 

Correct Answer: C

 

 

QUESTION 396

Which statement about the distributed SYN flood attack is true?

 

A.

A distributed SYN flood attack is carried out only by the valid address.

B.

A distributed SYN flood attack is carried out only by spoofed addresses.

C.

Botnet could be used to launch a distributed SYN flood attack.

D.

A distributed SYN flood attack does not completely deplete TCBs SYN-Received state backlog.

E.

A distributed SYN flood attack is the most effective SYN flood attack because it targets server memory.

 

Correct Answer: C

 

 

QUESTION 397

Which statement about the Cisco NAC CAS is true?

 

A.

The Cisco NAC CAS acts as a gateway between untrusted networks.

B.

The Cisco NAC CAS can only operate as an in-band real IP gateway.

C.

The Cisco NAC CAS can operate as an out-of-band virtual gateway.

D.

The Cisco NAC CAS is an administration and monitoring server.

 

Correct Answer: C

 

 

QUESTION 398

Which statement about the prelogin assessment module in Cisco Secure Desktop is true?

 

A.

It assigns an IP address to the remote device after successful authentication.

B.

It checks for any viruses on the remote device and reports back to the security appliance.

C.

It checks the presence or absence of specified files on the remote device.

D.

It clears the browser cache on the remote device after successful authentication.

E.

It quarantines the remote device for further assessment if specific registry keys are found.

 

Correct Answer: C

 

 

QUESTION 399

Which two statements about dynamic ARP inspection are true? (Choose two.)

 

A.

Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports.

B.

Dynamic ARP inspection is only supported on access and trunk ports.

C.

Dynamic ARP inspection checks invalid ARP packets against the trusted database.

D.

The trusted database to check for an invalid ARP packet is manually configured.

E.

Dynamic ARP inspection does not perform ingress security checking.

F.

DHCP snooping must be enabled.

 

Correct Answer: CF

 

QUESTION 400

Which statement about DHCP snooping is true?

 

A.

The dynamic ARP inspection feature must be enabled for DHCP snooping to work.

B.

DHCP snooping is enabled on a per-VLAN basis.

C.

DHCP snooping builds a binding database using information that is extracted from intercepted ARP requests.

D.

DHCP snooping is enabled on a per-port basis.

E.

DHCP snooping is does not rate-limit DHCP traffic from trusted ports.

 

Correct Answer: B

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …