Free Chinacertify Samples and Demo Questions Download
Microsoft exams Microsoft
Cisco exams Cisco
CompTIA exams CompTIA
HP exams HP
IBM exams IBM
Oracle exams Oracle
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
BICSI exams BICSI
BlackBerry exams BlackBerry
Brocade exams Brocade
CA Technologies exams CA Technologies
CheckPoint exams Check Point
Citrix exams Citrix
CIW exams CIW
Cloudera exams Cloudera
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
FileMaker exams FileMaker
Fortinet exams Fortinet
GIAC exams GIAC
HRCI exams HRCI
ISACA exams ISACA
ISC2 exams ISC2
ISEB exams ISEB
iSQI exams iSQI
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Network Appliance exams NetApp
Pegasystems exams Pegasystems
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
SAS exams SAS
SOA exams SOA
Symantec exams Symantec
Tibco exams Tibco
VMware exams VMware
All certification exams

Cisco 350-018 Exam - ChinaCertify.com

Free 350-018 Sample Questions:

1. How do TCP SYN attacks take advantage of TCP to prevent new connections from being established to a host under attack?
A. These attacks send multiple FIN segments forcing TCP connection release.
B. These attacks fill up a hosts' listen queue by failing to ACK partially opened TCP connections.
C. These attacks take advantage of the hosts transmit backoff algorithm by sending jam signals to the host.
D. These attacks increment the ISN of each segment by a random number causing constant TCP retransmissions.
E. These attacks send TCP RST segments in response to connection SYN+ACK segments forcing SYN retransmissions.
Answer: B

2. What are two key characteristics of VTP? (Choose 2)
A. VTP messages are sent out all switch­switch connections.
B. VTP L2 messages are communicated to neighbors using CDP.
C. VTP manages addition, deletion, and renaming of VLANs 1 to 4094. D. VTP pruning restricts flooded traffic, increasing available bandwidth.
E. VTP V2 can only be used in a domain consisting of V2 capable switches.
F. VTP V2 performs consistency checks on all sources of VLAN information.
Answer: D, E

3. Whenever a failover takes place on the ASA running in failover mode, all active connections are dropped and clients must re­establish their connections unless
A. the ASA is configured for Active­Standby failover.
B. the ASA is configured for Active­Active failover.
C. the ASA is configured for Active­Active failover and a state failover link has been configured.
D. the ASA is configured for Active­Standby failover and a state failover link has been configured.
E. the ASA is configured to use a serial cable as the failover link. F. the ASA is configured for LAN­Based failover.
Answer: C, D

4. What are two important guidelines to follow when implementing VTP? (Choose 2)
A. CDP must be enabled on all switches in the VTP management domain.
B. All switches in the VTP domain must run the same version of VTP.
C. When using secure mode VTP, only configure management domain passwords on VTP servers.
D. Enabling VTP pruning on a server will enable the feature for the entire management domain. E. Use of the VTP multi­domain feature should be restricted to migration and temporary implementation.
Answer: B, D

5. What two things must you do on the router before generating an SSH key with the "crypto key generate rsa" IOS command?
A. Configure the SSH version that the router will use
B. Configure the host name of the router
C. Enable AAA Authentication
D. Configure the default IP domain name that the router will use
E. Enable SSH transport support on the vty lines
Answer: B, D

6. When applying MD5 route authentication on routers running RIP or EIGRP, what two important key chain considerations should be accounted for?
A. The lifetimes of the keys in the chain should overlap.
B. No more than three keys should be configured in any single chain.
C. Routers should be configured for NTP to synchronize their clocks.
D. Key 0 of all key chains must match for all routers in the autonomous system.
E. Link compression techniques should be disabled on links transporting any MD5 "hash".
Answer: A, C

7. Which algorithms did TKIP add to the 802.11 specification? (Choose 3)
A. key mixing
B. AES­based encryption
C. anti­replay sequence counter
D. message integrity check
E. cyclic redundancy check
Answer: A, C, D

8. According to RFC 3180, what is the correct GLOP address for AS 456?
A. 224.0.4.86
B. 224.4.86.0
C. 233.1.200.0
D. 239.2.213.0
E. 239.4.5.6
Answer: C

9. A network administrator is using a LAN analyzer to troubleshoot OSPF router exchange messages sent to ALL OSPF ROUTERS. To what MAC address are these messages sent?
A. 00­00­1C­EF­00­00
B. 01­00­5E­00­00­05
C. 01­00­5E­EF­00­00
D. EF­FF­FF­00­00­05
E. EF­00­00­FF­FF­FF
F. FF­FF­FF­FF­FF­FF
Answer: B

10. Which two IP multicast addresses belong to the group represented by the MAC address of 0x01­00­5E­15­6A­2C?
A. 224.21.106.44
B. 224.25.106.44
C. 233.149.106.44
D. 236.25.106.44
E. 239.153.106.44
Answer: A, C

11. How is the Cisco sensor software version 5.0 different from the version 4.0 release?
A. The monitoring system pulls events from the sensor
B. The sensor supports intrusion prevention functinality
C. The sensor pushes events to the monitoring system
D. The sensor uses RDEP E. The sensor software calculates a Risk Rating for alerts to reduce false positives
Answer: B, E

12. What is SDEE?
A. A Cisco proprietary protocol to transfer IDS events across the network
B. A protocol used by multiple vendors to transmit IDS events across the network
C. A queuing mechanism to store alerts
D. A mechanism to securely encode intrusion events in an event store E. A multi­purpose encryption engine to symmetrically encrpt data across the network
Answer: B

13. Whenever a failover takes place on the ASA (configured for failover), all active connections are dropped and clients must re­establish their connections unless: (Choose 2)
A. The ASA is configured for Active­Standby failover. B. The ASA is configured for Active­Active failover.
C. The ASA is configured for Active­Active failover and a state failover link has been configured.
D. The ASA is configured for Active­Standby failover and a state failover link has been configured.
E. The ASA is configured to use a serial cable as the failover link. F. The ASA is configured for LAN­Based failover
Answer: C, D

14. What is true about a Pre­Block ACL configured when setting up your sensor to perform IP Blocking?
A. The Pre­Block ACL is overwritten when a blocking action is initiatied by the sensor
B. The blocking ACL entries generated by the sensor override the Pre­Block ACL entries
C. The Pre­Block ACL entries override the blocking ACL entries generated by the sensor
D. The Pre­Block ACL is replaced by the Post­Block ACL when a blocking action is initiated by the sensor
E. You can not configure a Pre­Block ACL when configuring IP Blocking on your sensor
Answer: C

15. Which of the following is true about the Cisco IOS­IPS functionality? (Choose 2)
A. The signatures available are built into the IOS code.
B. To update signatures you need to install a new IOS image
C. To activate new signatures you download a new Signature Defiition File (SDF) from Cisco's web site
D. Loading and enabling selected IPS signatures is user configurable
E. Cisco IOS only provides Intrusion Detection functionality
F. Cisco IOS­IPS requires a network module installed in your router running sensor software
Answer: C, D

16. What is the main reason for using the "ip ips deny­action ips­interface" IOS command?
A. To selectively apply drop actions to specific interfaces
B. To enable IOS to drop traffic for signatures configured with the Drop action
C. To support load­balancing configurations in which traffic can arrive via multiple interfaces
D. This is not a valid IOS command
Answer: C

17. By default, to perform IPS deny actions, where is the ACL applied when using IOS­IPS?
A. To the ingress interface of the offending packet
B. To the ingress interface on which IOS­IPS is configured
C. To the egress interface on which IOS­IPS is configured
D. To the egress interface of the offending packet
E. To the ingress interface of the offending packet and the ingress interface on which IOS­IPS is configured
Answer: A