[Free] 2018(Mar) EnsurePass Examcollection Cisco 350-018 Dumps with VCE and PDF 131-140

Author: April 17, 2018

350-018 Latest Exam (Mar 2018)

,

Ensurepass.com : Ensure you pass the IT Exams
2018 Mar Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/350-018.html

CCIE Security Exam (v4.1)

Question No: 131 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Why does the EasyVPN session fail to establish between the client and server?

  1. incomplete ISAKMP profile configuration on the server

  2. incorrect ACL in the ISAKMP client group configuration

  3. incorrect IPsec phase 2 configuration on the server

  4. incorrect group configuration on the client

  5. ISAKMP key mismatch

Answer: A

Question No: 132 – (Topic 2)

Which set of encryption algorithms is used by WPA and WPA2?

  1. Blowfish and AES

  2. CAST and RC6

  3. TKIP and RC6

  4. TKIP and AES

Answer: D

Question No: 133 – (Topic 2)

Which two are characteristics of WPA? (Choose two.)

  1. implements a key mixing function before passing the initialization vector to the RC4 algorithm

  2. uses a 40-bit key with 24-bit initialization vector

  3. introduces a 64-bit MIC mechanism

  4. WPA does not allow Pre-Shared key mode

  5. makes the use of AES mandatory

Answer: A,C Explanation:

On October 31, 2002, the Wi-Fi Alliance endorsed TKIP under the name Wi-Fi Protected Access (WPA).

TKIP and the related WPA standard implement three new security features to address security problems encountered in WEP protected networks. First, TKIP implements a key mixing function that combines the secret root key with the initialization vector before

passing it to the RC4 initialization. WEP, in comparison, merely concatenated the initialization vector to the root key, and passed this value to the RC4 routine. This permitted the vast majority of the RC4 based WEP related key attacks. Second, WPA implements a sequence counter to protect against replay attacks. Packets received out of order will be rejected by the access point. Finally, TKIP implements a 64-bit Message Integrity Check (MIC).

Reference: https://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol

Question No: 134 – (Topic 2)

Which two statements about NEAT are true? (Choose two.)

  1. NEAT supports standard ACLs on the switch port.

  2. NEAT is not supported on an EtherChannel port.

  3. NEAT should be deployed only with autoconfiguration.

  4. NEAT uses CISP (Client Information Signaling Protocol) to propagate client IP address.

  5. NEAT is supported on an EtherChannel port.

Answer: B,C Explanation:

Restrictions for Network Edge Authentication Topology

->NEAT is not supported on an EtherChannel port.

->It is recommended that NEAT is only deployed with auto-configuration.

->This feature does not support standard ACLs on the switch port.

Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15- 2mt/sec-ieee-neat.html

Question No: 135 – (Topic 2)

Which statement about the Cisco ASA operation running versions 8.3 is true?

  1. The interface and global access lists both can be applied in the input or output direction.

  2. NAT control is enabled by default.

  3. The interface access list is matched first before the global access lists.

  4. The static CLI command is used to configure static NAT translation rules.

Answer: C

Question No: 136 – (Topic 2)

What is the unit of measurement of the average rate of a token bucket?

  1. kilobytes per second

  2. bytes per second

  3. kilobits per second

  4. bits per second

Answer: D Explanation:

A token bucket is a formal definition of a rate of transfer. It has three components: a burst size, a mean rate, and a time interval (Tc). Although the mean rate is generally represented as bits per second, any two values may be derived from the third by the relation shown as follows:

mean rate = burst size / time interval Reference:

http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/qos/configuration/guide/2_xe/qos_xe_book

/polcing_shping_oview_xe.html

Question No: 137 – (Topic 2)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which configuration prevents R2 from becoming a PIM neighbor with R1?

A. access-list 10 permit 192.168.1.2 0.0.0.0

!

Interface gi0/0

ip pim neighbor-filter 10

B. access-list 10 deny 192.168.1.2 0.0.0.0

!

Interface gi0/0

ip pim neighbor-filter 1

C. access-list 10 deny 192.168.1.2 0.0.0.0

!

Interface gi0/0

ip pim neighbor-filter 10

D. access-list 10 deny 192.168.1.2 0.0.0.0

!

Interface gi0/0

ip igmp access-group 10

Answer: C

Question No: 138 – (Topic 2)

Which two statements about attacks against IPV4 and IPv6 network are true? (Choose two)

  1. Man-in-the-middle attacks are more common against IPv4 and IPv6

  2. The multicast DHCPv6 replies on IPv6 network are easier to protect from attacks

  3. Rogue devices provide more risk to IPv4 networks than IPv6 networks

  4. It is easier to scan an IPv4 network than an IPv6 networks.

  5. Data can be captured in transit across both network types.

  6. Attacks performed at the application layer can compromise both types

Answer: A,F

Question No: 139 – (Topic 2)

When a client attempts to authenticate to an access point with the RADIUS server, the server returns the error message “Invalid message authenticator in EAP request.” Which action can you take to correct the problem?

  1. Add the user profile to ACS.

  2. Synchronize the shared password between AP and ACS.

  3. Configure the required privileges for the authentication service.

  4. Enable the external database account.

Answer: B Explanation:

Verify that shared secret passwords are synchronized between the access point and the authentication server. Otherwise, you can receive this error message:

Invalid message authenticator in EAP request

->From the CLI, check the line radius-server host x.x.x.x auth-port x acct-port x key

lt;shared_secretgt;.

->From the GUI, on the Server Manager page, re-enter the shared secret for the appropriate server in the box labelled quot;Shared Secret.quot;

The shared secret entry for the access point on the RADIUS server must contain the same shared secret password as those previously mentioned.

Reference: http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series/44844- leapserver.html

Question No: 140 – (Topic 2)

When attempting to use basic HTTP authentication to authenticate a client, which type of HTTP message should the server use?

  1. HTTP 302 with an Authenticate header

  2. HTTP 401 with a WWW-Authenticate header

  3. HTTP 407

  4. HTTP 200 with a WWW-Authenticate header

Answer: B

100% Ensurepass Free Download!
Download Free Demo:350-018 Demo PDF
100% Ensurepass Free Guaranteed!
350-018 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No