[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 461-470

Ensurepass

QUESTION 461

On Cisco routers, there are two mutually exclusive types of RSA key pairs: special-usage keys and general-purpose keys. When you generate RSA key pairs, you are prompted to select either special-usage keys or general-purpose keys. Which set of statements is true?

 

A.

If you generate special-usage keys, two pairs of RSA keys are generated. One pair is used with any IKE policy that specifies RSA signatures as the authentication method. The other pair is used with any IKE policy that specifies RSA encrypted keys as the authentication method.

B.

If you generate a named key pair, only one pair of RSA keys is generated. This pair is used with IKE policies that specify either RSA signatures or RSA encrypted keys. Therefore, a general- purpose key pair might be used more frequently than a special-usage key pair.

C.

If you generate general-purpose keys, you must also specify the usage-key keyword or the general-key keyword. Named key pairs allow you to have multiple RSA key pairs, enabling the Cisco IOS Software to maintain a different key pair for each identity certificate.

D.

special-usage key pair is default in Cisco IOS

 

Correct Answer: A

 

 

QUESTION 462

What are two advantages of using NLA with Windows Terminal Services? (Choose two.)

 

A.

uses SPNEGO and TLS to provide optional double encryption of user credentials

B.

forces the use of Kerberos to pass credentials from client to server

C.

protects against man-in-the-middle attacks

D.

requires clients to present an SSL certificate to verify their authenticity

E.

protects servers against DoS attacks by requiring lesser resources for authentication

 

Correct Answer: AC

 

 

 

 

QUESTION 463

In an operating system environment, which three attacks give a user elevated privileges to access resources that are otherwise blocked? (Choose three.)

 

A.

backdoor

B.

rootkit

C.

privilege escalation

D.

DoS

E.

smurf

 

Correct Answer: ABC

 

 

QUESTION 464

Cisco firewalls and routers can respond to a TCP SYN packet that is destined for a protected resource, by using a SYN-ACK packet to validate the source of the SYN packet. What is this feature called?

 

A.

IP reverse path verification

B.

TCP reverse path verification

C.

TCP sequence number randomization

D.

TCP intercept

 

Correct Answer: D

 

 

QUESTION 465

Refer to the exhibit. Which set of commands is required on an ASA to fix the problem that the exhibit shows?

 

clip_image001

 

A.

ciscoasa(config)# webvpn

ciscoasa(config-webvpn)# enable <outside-interface-name>

ciscoasa(config)# webvpn

B.

ciscoasa(config-webvpn)#anyconnect enable

ciscoasa(config)# webvpn

ciscoasa(config-webvpn)# enable <outside-interface-name>

C.

ciscoasa(config-webvpn)# anyconnect enable

ciscoasa(config)# webvpn

D.

ciscoasa(config-webvpn)#anyconnect enable

ciscoasa(config-webvpn)#anyconnect image <anyconnect-package-file-location> 1

 

Correct Answer: B

 

 

QUESTION 466

Refer to the exhibit. Client1 has an IPsec VPN tunnel established to a Cisco ASA adaptive security appliance in Chicago. The remote access VPN client wants to access www.cisco.com, but split tunneling is disabled. Which of these is the appropriate configuration on the Cisco ASA adaptive security appliance if the VPN client’s public IP address is 209.165.201.10 and it is assigned a private address from 192.168.1.0/24?

 

clip_image002

 

A.

same-security-traffic permit intra-interface

ip local pool ippool 192.168.1.1-192.168.1.254

global (outside) 1 209.165.200.230< /span>

nat (inside) 1 192.168.1.0 255.255.255.0

B.

same-security-traffic permit intra-interface

ip local pool ippool 192.168.1.1-192.168.1.254

global (outside) 1 209.165.200.230

nat (outside) 1 192.168.1.0 255.255.255.0

C.

same-security-traffic permit intra-interface

ip local pool ippool 192.168.1.1-192.168.1.254

global (inside) 1 209.165.200.230

nat (inside) 1 192.168.1.0 255.255.255.0

D.

same-security-traffic permit intra-interface

ip local pool ippool 192.168.1.1-192.168.1.254

global (outside) 1 209.165.200.230

nat (outside) 1 209.165.201.10 255.255.255.255

E.

same-security-traffic permit intra-interface

ip local pool ippool 192.168.1.1-192.168.1.254

global (outside) 1 209.165.200.230

nat (inside) 1 209.165.201.10 255.255.255.255

F.

same-security-traffic permit intra-interface

ip local pool ippool 192.168.1.1-192.168.1.254

global (inside) 1 209.165.200.230

nat (inside) 1 209.165.201.10 255.255.255.255

 

Correct Answer: B

 

 

QUESTION 467

Which statement about the Cisco Secure Desktop hostscan endpoint assessment feature is true?

 

A.

Advanced endpoint assessment gives you the ability to turn on an antivirus active scan function if it has been disabled.

B.

Advanced endpoint assessment cannot force the antivirus software to automatically update the dat file if it has not been updated in n days.

C.

With basic endpoint assessment, you cannot check for multiple antivirus vendors products and version.

D.

Advanced endpoint assessment cannot enable the firewall if it has been disabled.

 

Correct Answer: A

 

 

QUESTION 468

Which port is used by default to communicate between VPN load-balancing ASAs?

 

A.

TCP 9022

B.

UDP 9023

C.

TCP 9023

D.

UDP 9022

 

Correct Answer: B

 

 

QUESTION 469

Which three statements apply to the behavior of Cisco AnyConnect client auto-reconnect? (Choose three.)

 

A.

By default, Cisco AnyConnect attempts to re-establish a VPN connection when you lose connectivity to the secure gateway.

B.

With respect to VPN load balancing and Cisco AnyConnect reconnect, the client reconnects to the cluster member with the highest priority.

C.

Cisco AnyConnect reconnects when the network interface changes, whether the IP of the NIC changes or whether connectivity switches from one NIC to another; for example, wireless to wired or vice versa.

D.

With respect to VPN load balancing and Cisco AnyConnect reconnect, the client reconnects directly to the cluster member to which it was previously connected.

E.

By default, Cisco AnyConnect attempts to re-establish a VPN connection following a system resume.

 

Correct Answer: ACD

 

 

QUESTION 470

Which two statements about the Cisco AnyConnect client Trusted Network Detection feature are true? (Choose two.)

 

A.

The feature relies only on the DNS server list to detect whether the client machine is in a trusted or untrusted network.

B.


An attacker can theoretically host a malicious DHCP server and return data that triggers the client to believe that it resides in a trusted network.

C.

If an attacker knows the DNS server value that is configured in the Cisco AnyConnect profile and provisions the DHCP server to return both a real and spoofed value, then Cisco AnyConnect considers the endpoint to be in an untrusted network.

D.

The feature does not provide AnyConnect ability to automatically establish VPN connection when the user is outside the trusted network.

 

Correct Answer: BC

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …