20% OFF Passleader 350-018 Study Materials Ensure 100% PASS (211-220)

QUESTION 211
When you are configuring QoS on the Cisco ASA appliance, which four are valid traffic selection criteria? (Choose four.)

A.    VPN group
B.    tunnel group
C.    IP precedence
D.    DSCP
E.    default-inspection-traffic
F.    qos-group

Answer: BCDE

QUESTION 212
Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly?

A.    dynamic-filter inspect tcp/80
B.    dynamic-filter whitelist
C.    inspect botnet
D.    inspect dns dynamic-filter-snoop

Answer: D

QUESTION 213
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB.
(B) Allocate interfaces G0/0 and G0/1 to contextA.
(C) Allocate interfaces G0/0 and G0/2 to contextB.
(D) The physical interface name for G0/1 within contextA should be “inside”.
(E) All other context interfaces must be viewable via their physical interface names.

A.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
B.    context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
C.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/2 invisible
D.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/2
E.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible
allocate-interface GigabitEthernet0/2 visible

Answer: A

QUESTION 214
Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)

A.    Create the security zones and security zone pairs.
B.    Create the self zone.
C.    Create the default global inspection policy.
D.    Create the type inspect class maps and policy maps.
E.    Assign a security level to each security zone.
F.    Assign each router interface to a security zone.
G.    Apply a type inspect policy map to each zone pair.

Answer: ADFG

QUESTION 215
Refer to the exhibit. The client is protected by a firewall. An IPv6 SMTP connection from the client to the server on TCP port 25 will be subject to which action?

2151

A.    pass action by the HTTP_CMAP
B.    inspection action by the TCP_CMAP
C.    inspection action by the SMTP_CMAP
D.    drop action by the default class
E.    pass action by the HTTP_CMAP

Answer: B

QUESTION 216
Which Cisco IPS appliance signature engine defines events that occur in a related manner, within a sliding time interval, as components of a combined signature?

A.    Service engine
B.    Sweep engine
C.    Multistring engine
D.    Meta engine

Answer: D

QUESTION 217
Which three options are the types of zones that are defined for anomaly detection on the Cisco IPS Sensor? (Choose three.)

A.    inside
B.    outside
C.    internal
D.    external
E.    illegal
F.    baseline

Answer: CDE

QUESTION 218
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A.    It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B.    It defines a wide variety of authorization actions, including “reauthenticate.”
C.    It defines the format for a Change of Authorization packet.
D.    It defines a DM.
E.    It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: ACD

QUESTION 219
Which three statements are true regarding Security Group Tags? (Choose three.)

A.    When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization
result.
B.    When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard
authorization profile.
C.    Security Group Tags are a supported network authorization result using Cisco ACS 5.x.
D.    Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication
Bypass, and WebAuth methods of authentication.
E.    A Security Group Tag is a variable length string that is returned as an authorization result.

Answer: ACD

QUESTION 220
Refer to the exhibit. What is the cause of the issue that is reported in this debug output?

2201

A.    The identity of the peer is not acceptable.
B.    There is an esp transform mismatch.
C.    There are mismatched ACLs on remote and local peers.
D.    The SA lifetimes are set to 0.

Answer: C

20% OFF Passleader 350-018 Study Materials Ensure 100% PASS