[Free] 2018(May) EnsurePass Passguide Cisco 350-018 Dumps with VCE and PDF 391-400

Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 350-018
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 391 – (Topic 4)

A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes 20 B of IP header, which statement is true?

  1. The first three packets will have a packet payload size of 1400.

  2. The last packet will have a payload size of 560.

  3. The first three packets will have a packet payload size of 1480.

  4. The last packet will have a payload size of 20.

Answer: C

Question No: 392 – (Topic 4)

Which encryption mechanism is used in WEP?

  1. RC4

  2. RC5

  3. DES

  4. AES

Answer: A

Question No: 393 – (Topic 4)

Which statement about the PVLAN is true?

  1. Promiscuous ports can only communicate with other promiscuous ports.

  2. Isolated ports cannot communicate with the other promiscuous ports.

  3. Community ports can communicate with the other promiscuous ports but not with the other community ports.

  4. Isolated ports can communicate with the other isolated ports only.

  5. Promiscuous ports can communicate with all the other type of ports.

  6. Community ports can communicate with the other community ports but not with promiscuous ports.

Answer: E

Question No: 394 – (Topic 4)

Which statement about DH group is true?

  1. The DH group does not provide data authentication.

  2. The DH group is used to provide data confidentiality.

  3. The DH group is used to establish a shared key over a secured medium.

  4. The DH group is negotiated in IPsec phase-2.

Answer: A

Question No: 395 – (Topic 4)

Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?

  1. SNMP

  2. TACACS

  3. RADIUS

  4. EAP over LAN

  5. PPPoE

Answer: D

Question No: 396 – (Topic 4)

Which two options represent definitions that are found in the syslog protocol (RFC 5426)? (Choose two.)

  1. Syslog message transport is reliable.

  2. Each syslog datagram must contain only one message.

  3. IPv6 syslog receivers must be able to receive datagrams of up to 1180 bytes.

  4. Syslog messages must be prioritized with an IP precedence of 7.

  5. Syslog servers must use NTP for the accurate time stamping of message arrival.

Answer: B,C

Question No: 397 – (Topic 4)

Which item is not encrypted by ESP?

  1. ESP header

  2. ESP trailer

  3. IP header

  4. Data

  5. TCP-UDP header

Answer: A

Question No: 398 – (Topic 4)

DNSSEC was designed to overcome which security limitation of DNS?

  1. DNS man-in-the-middle attacks

  2. DNS flood attacks

  3. DNS fragmentation attacks

  4. DNS hash attacks

  5. DNS replay attacks

  6. DNS violation attacks

Answer: A

Question No: 399 – (Topic 4)

Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)

  1. Create the security zones and security zone pairs.

  2. Create the self zone.

  3. Create the default global inspection policy.

  4. Create the type inspect class maps and policy maps.

  5. Assign a security level to each security zone.

  6. Assign each router interface to a security zone.

  7. Apply a type inspect policy map to each zone pair.

Answer: A,D,F,G

Question No: 400 – (Topic 4)

Which additional configuration component is required to implement a MACSec Key

Agreement policy on user-facing Cisco Catalyst switch ports?

  1. PKI

  2. TACACS

  3. multi-auth host mode

  4. port security

E. 802.1x

Answer: E

100% Ensurepass Free Download!
Download Free Demo:350-018 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 350-018 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply