QUESTION 111
What type of attack consists of injecting traffic that is marked with the DSCP value of EF into the network?
A. brute-force attack
B. QoS marking attack
C. DHCP starvation attack
D. SYN flood attack
Answer: B
QUESTION 112
Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?
A. The global access list is matched first before the interface access lists.
B. Both the interface and global access lists can be applied in the input or output direction.
C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing “global” as the interface will apply the access list entry globally.
D. NAT control is enabled by default.
E. The static CLI command is used to configure static NAT translation rules.
Answer: A
QUESTION 113
Which three multicast features are supported on the Cisco ASA? (Choose three.)
A. PIM sparse mode
B. IGMP forwarding
C. Auto-RP
D. NAT of multicast traffic
Answer: ABD
QUESTION 114
Which three configuration tasks are required for VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco ASA? (Choose three.)
A. The redirect-fqdn command must be entered under the vpn load-balancing sub-configuration.
B. Each ASA in the VPN cluster must be able to resolve the IP of all DNS hostnames that are used in the cluster.
C. The identification and CA certificates for the master FQDN hostname must be imported into each VPN cluster-member device.
D. The remote-access IP pools must be configured the same on each VPN cluster-member interface.
Answer: ABC
QUESTION 115
Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.)
A. TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types.
B. IPv6 object nesting is supported.
C. Network objects support IPv4 and IPv6 addresses.
D. Objects are not supported in transparent mode.
E. Objects are supported in single- and multiple-context firewall modes.
Answer: ACE
QUESTION 116
policy-map type inspect ipv6 IPv6-map
match header routing-type range 0 255
drop
class-map outside-class
match any
policy-map outside-policy
class outside-class
inspect ipv6 IPv6-map
service-policy outside-policy interface outside
Refer to the exhibit. Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?
A. policy-map type inspect ipv6 IPv6-map
match ipv6 header
count > 3
B. policy-map outside-policy
class outside-class
inspect ipv6 header count gt 3
C. class-map outside-class
match ipv6 header count greater 3
D. policy-map type inspect ipv6 IPv6-map
match header count gt 3
drop
Answer: D
QUESTION 117
Which command is used to replicate HTTP connections from the Active to the Standby Cisco ASA appliance in failover?
A. monitor-interface http
B. failover link fover replicate http
C. failover replication http
D. interface fover replicate http standby
E. No command is needed, as this is the default behavior.
Answer: C
QUESTION 118
Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?
A. class-map type inspect
B. parameter-map type inspect
C. service-policy type inspect
D. policy-map type inspect tcp
E. inspect-map type tcp
Answer: B
QUESTION 119
Which three NAT types support bidirectional traffic initiation? (Choose three.)
A. static NAT
B. NAT exemption
C. policy NAT with nat/global
D. static PAT
E. identity NAT
Answer: ABD
QUESTION 120
Which IPS module can be installed on the Cisco ASA 5520 appliance?
A. IPS-AIM
B. AIP-SSM
C. AIP-SSC
D. NME-IPS-K9
E. IDSM-2
Answer: B
DownloadLatest 2013 350-018 Pass4sure Free Tests , help you to pass exam 100%.
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF