Ensurepass

QUESTION 311

Which statement about the above configuration is true?

 

crypto gdoi group gdoi_group

identity number 1234

server local

sa receive-only

sa ipsec 1

profile gdoi-p

match address ipv4 120

 

A.

The key server instructs the DMVPN spoke to install SAs outbound only.

B.

The key server instructs the GDOI group to install SAs inbound only.

C.

The key server instructs the DMVPN hub to install SAs outbound only.

D.

The key server instructs the GDOI spoke to install SAs inbound only.

 

Correct Answer: B

 

 

QUESTION 312

The above NBAR configuration matches RTP traffic with which payload types?

 

class-map nbar_rtp

match protocol rtp payload-type “0, 1, 4 – 0x10, 10001b – 10010b, 64”

 

A.

0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 64

B.

0, 1, 4, 5, 6, 7, 8, 9, 10

C.

0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 64

D.

0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 64

 

Correct Answer: A

 

 

QUESTION 313

Which standard prescribes a risk assessment to identify whether each control is required to decrease risks and if so, to which extent it should be applied?

 

A.

ISO 27001

B.

ISO 27002

C.

ISO 17799

D.

HIPPA

E.

ISO 9000

 

Correct Answer: A

 

 

QUESTION 314

Which two are valid SMTP commands, according to RFC 821? (Choose two.)

 

A.

EHLO

B.

HELO

C.

RCPT

D.

AUTH

Correct Answer: BC

 

 

QUESTION 315

Refer to the exhibit. According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server?

 

clip_image002

 

A.

ciaddr

B.

yiaddr

C.

siaddr

D.

giaddr

 

Correct Answer: D

 

 

 

 

 

QUESTION 316

EAP-MD5 provides one-way client authentication. The server sends the client a random challenge. The client proves its identity by hashing the challenge and its password with MD5. What is the problem with EAP-MD5?

 

A.

EAP-MD5 is vulnerable to dictionary attack over an open medium and to spoofing because there is no server authentication.

B.

EAP-MD5 communication must happen over an encrypted medium, which makes it operationally expensive.

C.

EAP-MD5 is CPU-intensive on the devices.

D.

EAP-MD5 not used by RADIUS protocol.

 

Correct Answer: A

 

 

QUESTION 317

Above error is received when generating RSA keys for SSH access on a router using the crypto key generate rsa command. What are the reasons for this error? (Choose two.)

 

error: % Invalid input detected at ‘^’ marker.

 

A.

The hostname must be configured before generating RSA keys.

B.

The image that is used on the router does not support the crypto key generate rsa command.

C.

The command has be
en used with incorrect syntax.

D.

The crypto key generate rsa command is used to configure SSHv2, which is not supported on Cisco IOS devices.

 

Correct Answer: BC

 

 

QUESTION 318

Which statements apply to the above configuration? (Choose two.)

 

crypto isakmp profile vpn1

vrf vpn1

keyring vpn1

match identity address 172.16.1.1 255.255.255.255

crypto map crypmap 1 ipsec-isakmp

set peer 172.16.1.1

set transform-set vpn1

set isakmp-profile vpn1

match address 101

!

interface Ethernet1/2

crypto map crypmap

 

A.

This configuration shows the VRF-Aware IPsec feature that is used to map the crypto ISAKMP profile to a specific VRF.

B.

VRF and ISAKMP profiles are mutually exclusive, so the configuration is invalid.

C.

An IPsec tunnel can be mapped to a VRF instance.

D.

Peer command under the crypto map is redundant and not required.

 

Correct Answer: AC

 

QUESTION 319

MACsec, which is defined in 802.1AE, provides MAC-layer encryption over wired networks. Which two statements about MACsec are true? (Choose two.)

 

A.

Only links between network access devices and endpoint devices can be secured by using MACsec.

B.

MACsec is designed to support communications between network devices only.

C.

MACsec manages the encryption keys that the MKA protocol uses.

D.

A switch that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy that is associated with the client.

 

Correct Answer: AD

 

 

QUESTION 320

With ASM, sources can launch attacks by sending traffic to any groups that are supported by an active RP. Such traffic might not reach a receiver but will reach at least the first-hop router in the path, as well as the RP, allowing limited attacks. However, if the attacking source knows a group to which a target receiver is listening and there are no appropriate filters in place, then the attacking source can send traffic to that group. This traffic is received as long as the attacking source is listening to the group. Based on the above description, which type of security threat is involved?

 

A.

DoS

B.

man-in-the-middle

C.

compromised key

D.

data modification

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 350-018 Practice Tests

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.