[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 131-140

EnsurepassQUESTION 131 Which three statements regarding VLANs are true? (Choose three.)   A. To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID and VLAN type must all be specifically configured by the administrator. B. A VLAN is a broadcast domain. C. Each VLAN must have an SVI configured on the Cisco Catalyst switch for it to be operational. D. The native VLAN is used for untagged traffic on an 802.1Q trunk. E. VLANs can be connected across wide-area networks. Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 121-130

EnsurepassQUESTION 121 If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)   A. Configure the Call Station ID Type to bE. “IP Address”. B. Configure the Call Station ID Type to bE. “System MAC Address”. C. Configure the Call Station ID Type to bE. “MAC and IP Address”. D. Enable DHCP Proxy. E. Disable DHCP Proxy.   Correct Answer: BE   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 111-120

EnsurepassQUESTION 111 Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?   A. The global access list is matched first before the interface access lists. B. Both the interface and global access lists can be applied in the input or output direction. C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing “global” as the interface will apply the access list entry globally. D. NAT control is enabled by Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 101-110

EnsurepassQUESTION 101 When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose three.)   A. a message integrity check B. AES-based encryption C. avoidance of weak Initialization vectors D. longer RC4 keys E. a rekeying mechanism   Correct Answer: ACE     QUESTION 102 Which option shows the correct sequence of the DHCP packets that are involved in IP address assignment between the DHCP client and the server?   A. REQUEST, OFFER, Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 91-100

EnsurepassQUESTION 91 An IPv6 multicast receiver joins an IPv6 multicast group using which mechanism?   A. IGMPv3 report B. IGMPv3 join C. MLD report D. general query E. PIM join   Correct Answer: C & nbsp;   QUESTION 92 Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?   A. ! ipv6 access-list test deny ipv6 FF05::/16 any deny ipv6 any FF05::/16 Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 81-90

EnsurepassQUESTION 81 Aggregate global IPv6 addresses begin with which bit pattern in the first 16-bit group?   A. 000/3 B. 001/3 C. 010/2 D. 011/2   Correct Answer: B     QUESTION 82 Which layer of the OSI reference model typically deals with the physical addressing of interface cards?   A. physical layer B. data-link layer C. network layer D. host layer   Correct Answer: B     QUESTION 83 Which statement best describes a key difference Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 51-60

EnsurepassQUESTION 51 Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?   A. HTTP inspection B. static entries in the botnet blacklist and whitelist C. global ACL D. NetFlow E. DNS inspection and DNS snooping   Correct Answer: E     QUESTION 52 The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.   A. policy-map type inspect ipv6 IPv6_PMAP Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 61-70

EnsurepassQUESTION 61 Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)   A. The firewall is not a routed hop. B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces. C. Static routes are supported. D. PAT and NAT are not supported. E. Only one global address per device is supported for management. F. SSL VPN is supported for management.   Correct Answer: ABC     QUESTION Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 71-80

EnsurepassQUESTION 71 Which four techniques can you use for IP management plane security? (Choose four.)   A. Management Plane Protection B. uRPF C. strong passwords D. RBAC E. SNMP security measures F. MD5 authent ication   Correct Answer: ACDE     QUESTION 72 Which three statements about remotely triggered black hole filtering are true? (Choose three.)   A. It filters undesirable traffic. B. It uses BGP or OSPF to trigger a network-wide remotely Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 41-50

EnsurepassQUESTION 41 An attacker configures an access point to broadcast the same SSID that is used at a public hot-spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker. In addition to the deauthentication attack, what attack has been launched?   A. man-in-the-middle B. MAC spoofing C. Layer 1 DoS D. disassociation attack   Correct Answer: A   Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 31-40

EnsurepassQUESTION 31 Which three security features were introduced with the SNMPv3 protocol? (Choose three.)   A. Message integrity, which ensures that a packet has not been tampered with in-transit B. DoS prevention, which ensures that the device cannot be impacted by SNMP buffer overflow C. Authentication, which ensures that the message is from a valid source D. Authorization, which allows access to certain data sections for certain authorized users E. Digital certificates, Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 21-30

EnsurepassQUESTION 21 DNSSEC was designed to overcome which security limitation of DNS?   A. DNS man-in-the-middle attacks B. DNS flood attacks C. DNS fragmentation attacks D. DNS hash attacks E. DNS replay attacks F. DNS violation attacks   Correct Answer: A     QUESTION 22 Which three statements are true about MACsec? (Choose three.)   A. It supports GCM modes of AES and 3DES. B. It is defined under IEEE 802.1AE. C. It provides hop-by-hop Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 11-20

EnsurepassQUESTION 11 Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.)   A. static NAT B. dynamic NAT C. dynamic NAT with overloading D. PAT E. VAT   Correct Answer: CD     QUESTION 12 Which authentication mechanism is available to OSPFv3?   A. simple passwords B. MD5 C. null D. IKEv2 E. IPsec AH/ESP   Correct Answer: E             Read more […]

[Free] Download New Updated (October 2016) Cisco 350-018 Real Exam 1-10

EnsurepassQUESTION 1 In order to reassemble IP fragments into a complete IP datagram, which three IP header fields are referenced by the receiver? (Choose three.)   A. don’t fragment flag B. packet is fragmented flag C. IP identification field D. more fragment flag E. number of fragments field F. fragment offset field   Correct Answer: CDF     QUESTION 2 Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN configuration Read more […]

[Free] Download New Updated (April 2016) Cisco 350-018 Actual Tests 441-450

EnsurepassQUESTION 441 Which three statements about Dynamic ARP Inspection on Cisco Switches are true? (Choose three.)   A. Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports. B. Dynamic ARP inspection is only supported on access ports. C. Dynamic ARP inspection checks ARP packets against the trusted database. D. The trusted database can be manually configured using the CLI. E. Dynamic ARP inspection does not perform ingress security checking. F. Read more […]

[Free] Download New Updated (April 2016) Cisco 350-018 Actual Tests 431-440

EnsurepassQUESTION 431 Which option is an example of network reconnaissance attack?   A. botnets B. ping of death C. SYN flooding D. inverse mapping   Correct Answer: D     QUESTION 432 Which statement about Cisco IPS signatures is true?   A. All of the built-in signatures are enabled by default. B. Tuned signatures are built-in signatures whose parameters cannot be adjusted. C. Once the signature is removed from the sensing engine it cannot be restored. Read more […]

[Free] Download New Updated (April 2016) Cisco 350-018 Actual Tests 421-430

EnsurepassQUESTION 421 Which statement about layer-2 VLAN is true?   A. VLAN cannot be routed. B. VLANs 1006 through 4094 are not propagated by VTP version 3. C. VLAN1 is a Cisco default VLAN that can be deleted. D. The extended-range VLANs cannot be configured in global configuration mode.   Correct Answer: A     QUESTION 422 Which two statements abou t the OSPF authentication configuration are true? (Choose two.)   A. OSPF authentication is required in Read more […]

[Free] Download New Updated (April 2016) Cisco 350-018 Actual Tests 401-410

EnsurepassQUESTION 401 Which two statements about PCI DSS are true? (Choose two.)   A. PCI DSS is a US government standard that defines ISP security compliance. B. PCI DSS is a proprietary security standard that defines a framework for credit, debit, and ATM cardholder information. C. PCI DSS is a criminal act of cardholder information fraud. D. One of the PCI DSS objectives is to restrict physical access to credit, debit, and ATM cardholder information. E. PCI DSS is an IETF Read more […]