Ensurepass

QUESTION 121

Which two options best describe the authorization process as it relates to network access? (Choose two.)

 

A.

the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store

B.

the process of providing network access to the end user

C.

applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user

D.

the process of validating the provided credentials

 

Correct Answer: BC

 

 

QUESTION 122

If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)

 

A.

Configure the Call Station ID Type to bE. “IP Address”.

B.

Configure the Call Station ID Type to bE. “System MAC Address”.

C.

Configure the Call Station ID Type to bE. “MAC and IP Address”.

D.

Enable DHCP Proxy.

E.

Disable DHCP Proxy.

 

Correct Answer: BE

 

 

 

 

QUESTION 123

Refer to the exhibit. To configure the Cisco ASA, what should you enter in the Name field, under the Group Authentication option for the IPSec VPN client?

 

clip_image002

 

A.

group policy name

B.

crypto map name

C.

isakmp policy name

D.

crypto ipsec transform-set name

E.

tunnel group name

 

Correct Answer: E

 

 

QUESTION 124

Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)

 

A.

Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription

B.

Cisco ISR G2 Router with SECK9 and ScanSafe subscription

C.

Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers

D.

Cisco Web Security Appliance with ScanSafe subscription

 

Correct Answer: BC

 

 

 

QUESTION 125

Refer to the exhibit. On R1, encrypt counters are incrementing. On R2, packets are decrypted, but the encrypt counter is not being incremented. What is the most likely cause of this issue?

 

clip_image003

 

A.

a routing problem on R1

B.

a routing problem on R2

C.

incomplete IPsec SA establishment

D.

crypto engine failure on R2

E.

IPsec rekeying is occurring

 

Correct Answer: B

 

 

QUESTION 126

Which four statements about SeND for IPv6 are correct? (Choose four.)

 

A.

It protects against rogue RAs.

B.

NDP exchanges are protected by IPsec SAs and provide for anti-replay.

C.

It defines secure extensions for NDP.

D.

It authorizes routers to advertise certain prefixes.

E.

It provides a method for secure default router election on hosts.

F.

Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange.

G.

It is facilitated by the Certification Path Request and Certification Path Response ND messages.

 

Correct Answer: ACDE

 

 

QUESTION 127

What is the recommended network MACSec policy mode for high security deployments?

 

A.

should-secure

B.

must-not-secure

C.

must-secure

D.

monitor-only

E.

high-impact

 

Correct Answer: C

 

 

QUESTION 128

Which three statements about NetFlow version 9 are correct? (Choose three.)

 

A.

It is backward-compatible with versions 8 and 5.

B.

Version 9 is dependent on the underlying transport; only UDP is supported.

C.

A version 9 export packet consists of a packet header and flow sets.

D.

Generating and maintaining valid template flow sets requires additional processing.

E.

NetFlow version 9 does not access the NetFlow cache entry directly.

 

Correct Answer: CDE

 

 

QUESTION 129

Which three statements about VXLANs are true? (
Choose three.)

 

A.

It requires that IP protocol 8472 be opened to allow traffic through a firewall.

B.

Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.

C.

A VXLAN gateway maps VXLAN IDs to VLAN IDs.

D.

IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.

E.

A VXLAN ID is a 32-bit value.

 

Correct Answer: BCD

 

 

QUESTION 130

Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)

 

A.

IKE ID_KEY_ID

B.

OU field in a certificate that is presented by a client

C.

XAUTH username

D.

hash of the OTP that is sent during XAUTH challenge/response

E.

IKE ID_IPV4_ADDR

 

Correct Answer: AB

 

Free VCE & PDF File for Cisco 350-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.