[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 431-440

Ensurepass

QUESTION 431

Which option is an example of network reconnaissance attack?

 

A.

botnets

B.

ping of death

C.

SYN flooding

D.

inverse mapping

 

Correct Answer: D

 

 

QUESTION 432

Which statement about Cisco IPS signatures is true?

 

A.

All of the built-in signatures are enabled by default.

B.

Tuned signatures are built-in signatures whose parameters cannot be adjusted.

C.

Once the signature is removed from the sensing engine it cannot be restored.

D.

It is recommended to retire a signature not being used to enhance the sensor performance.

 

Correct Answer: D

 

 

QUESTION 433

Which two statements correctly describe ASA resource management in multiple context mode? (Choose two.)

 

A.

The class sets the resource maximum limit for a context to which it belongs.

B.

A resource cannot be oversubscribed or set to be unlimited in the class.

C.

The resource limit can only be set as a percentage in the class and not as an absolute value.

D.

Context belongs to a default class if not assigned to any other class.

E.

The default class provides unlimited access for all the resources.

 

Correct Answer: AD

 

 

QUESTION 434

Event Action Rule is a component of which IPS application?

 

A.

InterfaceApp

B.

MainApp

C.

SensorApp

D.

NotificationApp

E.

AuthenticationApp

F.

SensorDefinition

 

Correct Answer: C

 

 

QUESTION 435

For what reason is BVI required in the Transparent Cisco IOS Firewall?

 

A.

BVI is required for the inspection of IP traffic.

B.

BVI is required if routing is disabled on the firewall.

C.

BVI is required if more than two interfaces are in the same bridge group.

D.

BVI is required for the inspection of non-IP traffic.

E.

BVI cannot be used to manage the device.

 

Correct Answer: C

 

 

QUESTION 436

Depending on configuration, which of the following two behaviors can the ASA classifier exhibit when receiving unicast traffic on an interface shared by multiple contexts? (Choose two.)

 

A.

Traffic is classified using the destination address of the packet using the connection table.

B.

Traffic is classified using the destination address of the packet using the NAT table.

C.

Traffic is classified using the destination address of the packet using the routing table.

D.

Traffic is classified by copying and sending the packet to all the contexts.

E.

Traffic is classified using the destination MAC address of the packet.

Correct Answer: BE

 

 

QUESTION 437

Which Cisco IPS appliance signature engine inspects IPv6 Layer 3 traffic?

 

A.

Atomic IP

B.

Meta

C.

Atomic IP Advanced

D.

Fixed

E.

Service

 

Correct Answer: C

 

 

QUESTION 438

Which statement about the TACACS+ AV pair is true?

 

A.

AV pair value is integer.

B.

Cisco ACS does not support accounting AV pairs.

C.

AV pair values could be both strings and integers.

D.

AV pair does not have value type.

 

Correct Answer: D

 

 

QUESTION 439

In Cisco IOS firewall the HTTP inspection engine has the ability to protect against which of the following?

 

A.

Tunneling over port 443.

B.

Tunneling over port 80.

C.

HTTP file transfers authorized by the configured security policy.

D.

Authorized request methods.

 

Correct Answer: B

 

 

QUESTION 440

Which statement correctly describes a category for the ASA Botnet Traffic Filter feature?

 

A.

Unlisted addresses: The addresses are malware addresses that are not identified by the dynamic database and are hence defined statically.

B.

Ambiguous addresses: In this case, the same domain name has multiple malware addresses. These addresses are on the graylist.

C.

Known malware addresses: These addresses are identified as blacklist addresses in the dynamic database and static list.

D.

Known allowed addresses: These addresses are identified as whitelist addresses that are bad addresses but still allowed.

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …