Free Download Pass4sure Cisco 350-018 Exam Questions And Answers (131-140)

QUESTION 131
The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.

A.    policy-map type inspect ipv6 IPv6_PMAP
match header routing-type eq 0
drop log
B.    policy-map type inspect icmpv6 ICMPv6_PMAP
match header routing-type eq 0
drop log
C.    policy-map type inspect ipv6-header HEADER_PMAP
match header routing-type eq 0
drop log
D.    policy-map type inspect http HEADER_PMAP
match routing-header 0
drop log
E.    policy-map type inspect ipv6 IPv6_PMAP
match header type 0
drop log
F.    policy-map type inspect ipv6-header HEADER_PMAP
match header type 0
drop log

Answer: A

QUESTION 132
Refer to the exhibit. With the client protected by the firewall, an HTTP connection from the client to the server on TCP port 80 will be subject to which action?

1321

A.    inspection action by the HTTP_CMAP
B.    inspection action by the TCP_CMAP
C.    drop action by the default class
D.    inspection action by both the HTTP_CMAP and TCP_CMAP
E.    pass action by the HTTP_CMAP
F.    drop action due to class-map misclassification

Answer: B

QUESTION 133
Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)

A.    manually configured
B.    automatic 6to4
C.    ISATAP
D.    GRE

Answer: AD

QUESTION 134
Refer to the exhibit. Which route will be advertised by the Cisco ASA to its OSPF neighbors?

1341

A.    10.39.23.0/24
B.    10.40.29.0/24
C.    10.66.42.215/32
D.    10.40.29.0/24

Answer: A

QUESTION 135
Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)

A.    range of IP addresses
B.    subnet of IP addresses
C.    destination IP NAT translation
D.    source IP NAT translation
E.    source and destination FQDNs
F.    port and protocol ranges

Answer: ABD

QUESTION 136
Regarding VSAs, which statement is true?

A.    VSAs may be implemented on any RADIUS server.
B.    VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor.
For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.
C.    VSAs do not apply to RADIUS; they are a TACACS attribute.
D.    Each VSA is defined in an RFC and is considered to be a standard.

Answer: A

QUESTION 137
Refer to the exhibit. Which statement best describes the problem?

1371

A.    Context vpn1 is not inservice.
B.    There is no gateway that is configured under context vpn1.
C.    The config has not been properly updated for context vpn1.
D.    The gateway that is configured under context vpn1 is not inservice.

Answer: A

QUESTION 138
Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)

A.    Microsoft Windows registry keys
B.    the existence of specific processes in memory
C.    the UUID of an Apple iPad or iPhone
D.    if a service is started on a Windows host
E.    the HTTP User-Agent string of a device
F.    if an Apple iPad or iPhone has been “jail-broken”
G.    if an antivirus application is installed on an Apple MacBook

Answer: ABDG

QUESTION 139
Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)

A.    The firewall is not a routed hop.
B.    The firewall can connect to the same Layer 3 network on its inside and outside interfaces.
C.    Static routes are supported.
D.    PAT and NAT are not supported.
E.    Only one global address per device is supported for management.
F.    SSL VPN is supported for management.

Answer: ABC

QUESTION 140
Which three statements about Cisco IOS RRI are correct? (Choose three.)

A.    RRI is not supported with ipsec-profiles.
B.    Routes are created from ACL entries when they are applied to a static crypto map.
C.    Routes are created from source proxy IDs by the receiver with dynamic crypto maps.
D.    VRF-based routes are supported.
E.    RRI must be configured with DMVPN.

Answer: BCD

Free Download Pass4sure Cisco 350-018 Exam Questions And Answers