[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 471-480

Ensurepass

QUESTION 471

Which two statements apply to the method that ASA uses for tunnel-group lookup for LAN-to-LAN IPSec connections when using PSK-based authentication? (Choose two.)

 

A.

If the configuration does not contain the tunnel-group with the IKE ID or peer IP address DefaultRAGroup, DefaultL2LGroup is used instead.

B.

DefaultL2LGroup is used only if the PSK check in DefaultRAGroup fails.

C.

DefaultRAGroup is used only if the PSK check in DefaultL2LGroup fails.

D.

You can delete and create new default tunnels groups as needed.

 

Correct Answer: AB

 

 

QUESTION 472

You are trying to set up a site-to-site IPsec tunnel between two Cisco ASA adaptive security appliances, but you are not able to pass traffic. You try to troubleshoot the issue by enabling debug crypto isakmp and see the following messages:

 

CiscoASA# debug crypto isakmp

 

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Tunnel RejecteD. Conflicting protocols specified by tunnel-group and group-policy

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, QM FSM error (P2 struct &0xb0cf31e8, mess id 0x97d965e5)!

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Removing peer from correlator table failed, no match!

 

What could be the potential problem?

A.

The policy group mapped to the site-to-site tunnel group is configured to use both IPsec and SSL VPN tunnels.

B.

The policy group mapped to the site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec tunnels.

C.

The policy group mapped to the site-to-site tunnel group is configured to just use the SSL VPN tunnel.

D.

The site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec tunnels.

E.

The site-to-site tunnel group is configured to just use the SSL VPN tunnel.

 

Correct Answer: C

 

 

QUESTION 473

Which record statement is part of the NetFlow monitor configuration that is used to collect MPLS traffic with an IPv6 payload?

 

A.

record mpls IPv6-fields labels 3

B.

record mpls IPv4-fields labels 3

C.

record mpls labels 3

D.

record mpls ipv6-fields labels

 

Correct Answer: A

 

 

 

 

QUESTION 474

Refer to the exhibit. Which configuration is required to enable the exporter?

 

clip_image002

 

A.

Source Loopback0

B.

Cache timeout active 60

C.

Cache timeout inactive 60

D.

Next-hop address

 

Correct Answer: A

 

 

QUESTION 475

Hierarchical priority queuing is used on the interfaces on which you enable a traffic-shaping queue. Which two statements about hierarchical priority queuing are true? (Choose two.)

 

A.

Priority packets are never dropped from the shape queue unless the sustained rate of priority traffic exceeds the shape rate.

B.

For IPsec-encrypted packets, you can match traffic based only on the DSCP or precedence setting.

C.

IPsec over TCP is not supported for priority traffic classification.

D.

For IPsec-encrypted packets, you cannot match traffic based on the DSCP or precedence setting.

E.

IPsec over TCP is supported for priority traffic classification.

 

Correct Answer: BC

 

 

QUESTION 476

Which two MAC authentication methods are supported on WLCs? (Choose two.)

 

A.

local MAC authentication

B.

MAC authentication using a RADIUS server

C.

MAC authentication using tokens

D.

MAC authentication using a PIN

 

Correct Answer: AB

 

 

QUESTION 477

Client MFP supplements rather than replaces infrastructure MFP. Which three are client MFP components? (Choose three.)

 

A.

key generation and distribution

B.

protection and validation of management frames

C.

error reports

D.

error generation

E.

non-management messages protection

 

Correct Answer: ABC

 

 

QUESTION 478

When you work on a change-management process, you generally identify potential change, review the change request, implement change, then review the change and close the process. In which step should the stakeholder be involved?

 

A.

Identifying potential change

B.

Reviewing the change request

C.

Implementation

D.

Reviewing and closing

E.

Depends on the stakeholder request

 

Correct Answer: E

 

 

QUESTION 479

Many guidelines can be used to identify the areas that security policies should cover. In which four areas is coverage most important? (Choose four.)

 

A.

Physical

B.

Host

C.

User

D.

Document

E.

Incident handling and response

F.

Security awareness training

Correct Answer: ABCD

 

 

QUESTION 480

IANA is responsible for which three IP resources? (Choose three.)

 

A.

IP address allocation

B.

Detection of spoofed address

C.

Criminal prosecution of hackers

D.

Autonomous system number allocation

E.

Root zone management in DNS

F.

BGP protocol vulnerabilities

 

Correct Answer: ADE

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …