New Updated Cisco CCIE Security 350-018 Real Exam Download 41-50

Ensurepass

QUESTION 41

Which Cisco ASA feature can be used to update non-compliant antivirus/antispyware definition files on an AnyConnect client?

 

A.      dynamic access policies

B.      dynamic access policies with Host Scan and advanced endpoint assessment

C.      Cisco Secure Desktop

D.      advanced endpoint assessment

 

Correct Answer: B

 

 

QUESTION 42

Refer to the exhibit. When configuring a Cisco IPS custom signature, what type of signature engine must you use to block podcast clients from accessing the network?

 

clip_image001

 

A.      service HTTP

B.      service TCP

C.      string TCP

D.      fixed TCP

E.       service GENERIC

 

Correct Answer: A

 

 

QUESTION 43

An attacker configures an access point to broadcast the same SSID that is used at a public hotspot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker. In addition to the deauthentication attack, what attack has been launched?

 

A.      man-in-the-middle

B.      MAC spoofing

C.      Layer 1 DoS

D.      disassociation attack

 

Correct Answer: A

 

 

QUESTION 44

Which statement best describes the concepts of rootkits and privilege escalation?

 

A.      Rootkits propagate themselves.

B.      Privilege escalation is the result of a rootkit.

C.      Rootkits are a result of a privilege escalation.

D.      Both of these require a TCP port to gain access.

 

Correct Answer: B

 

 

QUESTION 45

Refer to the exhibit. Which message of the ISAKMP exchange is failing?

 

clip_image002

 

A.      main mode 1

B.      main mode 3

C.      aggressive mode 1

D.      main mode 5

E.       aggressive mode 2

 

Correct Answer: B

 

 

QUESTION 46

Which multicast capability is not supported by the Cisco ASA appliance?

 

A.      ASA configured as a rendezvous point

B.      sending multicast traffic across a VPN tunnel

C.      NAT of multicast traffic

D.      IGMP forwarding (stub) mode

 

Correct Answer: B

 

 

QUESTION 47

Refer to the exhibit. What type of attack is being mitigated on the Cisco ASA appliance?

clip_image003

 

A.      HTTPS certificate man-in-the-middle attack

B.      HTTP distributed denial of service attack

C.      HTTP Shockwave Flash exploit

D.      HTTP SQL injection attack

 

Correct Answer: D

 

 

QUESTION 48

Which method of output queuing is supported on the Cisco ASA appliance?

 

A.      CBWFQ

B.      priority queuing

C.      MDRR

D.      WFQ

E.       custom queuing

 

Correct Answer: B

 

 

QUESTION 49

Which four values can be used by the Cisco IPS appliance in the risk rating calculation? (Choose four.)

 

A.      attack severity rating

B.      target value rating

C.      signature fidelity rating

D.      promiscuous delta

E.       threat rating

F.       alert rating

 

Correct Answer: ABCD

 

 

QUESTION 50

Which three authentication methods does the Cisco IBNS Flexible Authentication feature support? (Choose three.)

 

A.      cut-through proxy

B.      dot1x

C.      MAB

D.      SSO

E.       web authentication

 

Correct Answer: BCE

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply