[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 311-320

EnsurepassQUESTION 311 Refer to the exhibit. According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server?     A. ciaddr B. yiaddr C. siaddr D. giaddr   Correct Answer: D                 QUESTION 312 Which statements apply to the above configuration? (Choose two.)   crypto isakmp profile vpn1 vrf vpn1 keyring vpn1 Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 301-310

EnsurepassQUESTION 301 Which configuration is the correct way to change a GET VPN Key Encryption Key lifetime to 10800 seconds on the key server?   A. crypto isakmp policy 1 lifetime 10800 B. crypto ipsec security-association lifetime seconds 10800 C. crypto ipsec profile getvpn-profile set security-association lifetime seconds 10800 ! crypto gdoi group GET-Group identity number 1234 server local sa ipsec 1 profile getvpn-profile D. crypto gdoi group GET-Group identity number 1234 Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 291-300

EnsurepassQUESTION 291 Which NTP stratum level means that the clock is unsynchronized?   A. 0 B. 1 C. 8 D. 16   Correct Answer: D     QUESTION 292 Which statement is true about an NTP server?   A. It answers using UTC time. B. It uses the local time of the server with its time zone indication. C. It uses the local time of the server and does not indicate its time zone. D. It answers using the time zone of the client.   Correct Answer: A   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 281-290

EnsurepassQUESTION 281 What is a primary function of the SXP protocol?   A. to extend a TrustSec domain on switches that do not support packet tagging with SGTs B. to map the SGT tag to VLAN information C. to allow the SGT tagged packets to be transmitted on trunks D. to exchange the SGT information between different TrustSec domains   Correct Answer: A     QUESTION 282 In RFC 4034, DNSSEC introduced which four new resource record types? (Choose four.)   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 271-280

EnsurepassQUESTION 271 Which three statements about the TACACS protocol are correct? (Choose three.)   A. TACACS+ is an IETF standard protocol. B. TACACS+ uses TCP port 47 by default. C. TACACS+ is considered to be more secure than the RADIUS protocol. D. TACACS+ can support authorization and accounting while having another separate authentication solution. E. TACACS+ only encrypts the password of the user for security. F. TACACS+ supports per-user or per-group for authorization Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 261-270

EnsurepassQUESTION 261 Which protocol is superseded by AES?   A. DES B. RSA C. RC4 D. MD5   Correct Answer: A     QUESTION 262 What is the purpose of the SPI field in an IPsec packet? < b>  A. identifies a transmission channel B. provides anti-replay protection C. ensures data integrity D. contains a shared session key   Correct Answer: A     QUESTION 263 Which IPsec protocol provides data integrity but no data encryption?   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 251-260

EnsurepassQUESTION 251 Beacons, probe request, and association request frames are associated with which category?   A. management B. control C. data D. request   Correct Answer: A     QUESTION 252 Which feature can be implemented to avoid any MPLS packet loss?   A. IP TTL propagation B. LDP IGP sync C. label advertisement sync D. conditional label advertisement E. PHP   Correct Answer: B     QUESTION 253 Which four types of VPN Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 241-250

EnsurepassQUESTION 241 Which MPLS label is the signaled value to activate PHP (penultimate hop popping)?   A. 0x00 B. php C. swap D. push E. imp-null Correct Answer: E     QUESTION 242 What action will be taken by a Cisco IOS router if a TCP packet, with the DF bit set, is larger than the egress interface MTU?   A. Split the packet into two packets, so that neither packet exceeds the egress interface MTU, and forward them out. B. Respond to the sender Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 231-240

EnsurepassQUESTION 231 Which three traffic conditions can be matched when configuring single rate, dual token bucket traffic policing on Cisco routers? (Choose three.)   A. conform B. normal C. violate D. peak E. exceed F. average   Correct Answer: ACE     QUESTION 232 A frame relay PVC at router HQ has a CIR of 768 kb/s and the frame relay PVC at router branch office has a CIR of 384 kb/s. Which QoS mechanism can best be used to ease the data congestion and Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 211-220

EnsurepassQUESTION 211 Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)   A. Create the security zones and security zone pairs. B. Create the self zone. C. Create the default global inspection policy. D. Create the type inspect class maps and policy maps. E. Assign a security level to each security zone. F. Assign each router interface to a security zone. G. Apply a type inspect policy Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 221-230

EnsurepassQUESTION 221 In order to implement CGA on a Cisco IOS router for SeND, which three configuration steps are required? (Choose three.)   A. Generate an RSA key pair. B. Define a site-wide pre-shared key. C. Define a hash algorithm that is used to generate the CGA. D. Generate the CGA modifier. E. Assign a CGA link-local or globally unique address to the interface. F. Define an encryption algorithm that is used to generate the CGA.   Correct Answer: ADE   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 201-210

EnsurepassQUESTION 201 In an 802.11 wireless network, what would an attacker have to spoof to initiate a deauthentication attack against connected clients?   A. the BSSID of the AP where the clients are currently connected B. the SSID of the wireless network C. the MAC address of the target client machine D. the broadcast address of the wireless network   Correct Answer: A       QUESTION 202 What is the commonly known name for the process of generating and gathering Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 191-200

EnsurepassQUESTION 191 Which three statements are true about TLS? (Choose three.)   A. TLS protocol uses a MAC to protect the message integrity. B. TLS data encryption is provided by the use of asymmetric cryptography. C. The identity of a TLS peer can be authenticated using public key or asymmetric cryptography. D. TLS protocol is originally based on the SSL 3.0 protocol specification. E. TLS provides support for confidentiality, authentication, and nonrepudiation.   Correct Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 181-190

EnsurepassQUESTION 181 Which spanning-tree mode supports a separate spanning-tree instance for each VLAN and also supports the 802.1w standard that has a faster convergence than 802.1D?   A. PVST+ B. PVRST+ C. PVST D. CST E. MST F. RST   Correct Answer: B     QUESTION 182 Which three LSA types are used by OSPFv3? (Choose three.)   A. Link LSA B. Intra-Area Prefix LSA C. Interarea-prefix LSA for ASBRs D. Autonomous system external LSA E. Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 161-170

EnsurepassQUESTION 161 An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?   A. NAT overload B. NAT extendable C. NAT TCP load balancing D. NAT service-type DNS E. NAT port-to-application mapping   Correct Answer: B     QUESTION 162 Which QoS marking is only locally significant Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 171-180

EnsurepassQUESTION 171 Which current RFC made RFCs 2409, 2407, and 2408 obsolete?   A. RFC 4306 B. RFC 2401 C. RFC 5996 D. RFC 4301 E. RFC 1825 Correct Answer: A     QUESTION 172 Which of these is a core function of the risk assessment process? (Choose one.)   A. performing regular network upgrades B. performing network optimization C. performing network posture validation D. establishing network baselines E. prioritizing network roll-outs   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 151-160

EnsurepassQUESTION 151 Which Cisco IPS appliance feature can automatically adjust the risk rating of IPS events based on the reputation of the attacker?   A. botnet traffic filter B. event action rules C. anomaly detection D. reputation filtering E. global correlation inspection   Correct Answer: E     QUESTION 152 Which mode of operation must be enabled on CSM to support roles such as Network Administrator, Approver, Network Operator, and Help Desk?   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 141-150

EnsurepassQUESTION 141 Which two EAP methods may be susceptible to offline dictionary attacks? (Choose two.)   A. EAP-MD5 B. LEAP C. PEAP with MS-CHAPv2 D. EAP-FAST   Correct Answer: AB     QUESTION 142 Which PKCS is invoked during IKE MM5 and MM6 when digital certificates are used as the authentication method?   A. PKCS#7 B. PKCS#10 C. PKCS#13 D. PKCS#11 E. PKCS#3   Correct Answer: A     QUESTION 143 Which three features describe Read more […]