Free Download Pass4sure Cisco 350-018 Exam Questions And Answers (101-110)

QUESTION 101
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A.    The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B.    The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C.    The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement
intelligence in the network infrastructure.
D.    The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.

Answer: CD

QUESTION 102
Which option is the correct definition for MAB?

A.    MAB is the process of checking the mac-address-table on the local switch for the sticky address.
If the mac-address of the device attempting to access the network matches the configured sticky address, it will be permitted to bypass 802.1X authentication.
B.    MAB is a process where the switch will send an authentication request on behalf of the endpoint that is attempting to access the network, using the mac-address of the device as the credentials.
The authentication server evaluates that MAC address against a list of devices permitted to access
  the network without a stronger authentication.
C.    MAB is a process where the switch will check a local list of MAC addresses to identify systems that
are permitted network access without using 802.1X.
D.    MAB is a process where the supplicant on the endpoint is configured to send the MAC address of
the endpoint as its credentials.

Answer: B

QUESTION 103
Which three statements are true about the Cisco NAC Appliance solution? (Choose three.)

A.    In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured
as the untrusted IP address of the Cisco NAC Appliance Server.
B.    In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco router using
the “NAC discovery-host” global configuration command.
C.    In a VRF-style OOB deployment of the Cisco NAC Appliance, the discovery host may be the IP address
that is on the trusted side of the Cisco NAC Appliance Server.
D.    In a Layer 3 IB deployment of the Cisco NAC Appliance, the discovery host may be configured as the
IP address of the Cisco NAC Appliance Manager.

Answer: ACD

QUESTION 104
Refer to the exhibit, which shows a partial output of the show command. Which statement best describes the problem?
1041
A.    Context vpn1 is not inservice.
B.    There is no gateway that is configured under context vpn1.
C.    The config has not been properly updated for context vpn1.
D.    The gateway that is configured under context vpn1 is not inservice.

Answer: A

QUESTION 105
Review the exhibit. Which three statements about the Cisco IPS sensor are true? (Choose three.)

1051

A.    A
B.    B
C.    C
D.    D
E.    E

Answer: ACE

QUESTION 106
Refer to the exhibit. Which three command sets are required to complete this IPv6 IPsec site-to-site VTI? (Choose three.)

1061

A.    interface Tunnel0
tunnel mode ipsec ipv6
B.    crypto isakmp-profile
match identity address ipv6 any
C.    interface Tunnel0
ipv6 enable
D.    ipv6 unicast-routing
E.    interface Tunnel0
ipv6 enable-ipsec

Answer: ACD

QUESTION 107
An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?

A.    NAT overload
B.    NAT extendable
C.    NAT TCP load balancing
D.    NAT service-type DNS
E.    NAT port-to-application mapping

Answer: B

QUESTION 108
Refer to the exhibit. Which option correctly identifies the point on the exhibit where Control Plane Policing (input) is applied to incoming packets?

1081

A.    point 6
B.    point 7
C.    point 4
D.    point 1
E.    points 5 and 6

Answer: A

QUESTION 109
Which QoS marking is only locally significant on a Cisco router?

A.    MPLS EXP
B.    DSCP
C.    QoS group
D.    IP precedence
E.    traffic class
F.    flow label

Answer: C

QUESTION 110
Which three control plane subinterfaces are available when implementing Cisco IOS Control Plane Protection? (Choose three.)

A.    CPU
B.    host
C.    fast-cache
D.    transit
E.    CEF-exception
F.    management

Answer: BDE

Free Download Pass4sure Cisco 350-018 Exam Questions And Answers