New Updated Cisco CCIE Security 350-018 Real Exam Download 241-250

Ensurepass

QUESTION 241

Which two current RFCs discuss special use IP addresses that may be used as a checklist of invalid routing prefixes for IPv4 and IPv6 addresses? (Choose two.)

 

A.      RFC 5156

B.      RFC 5735

C.      RFC 3330

D.      RFC 1918

E.       RFC 2827

 

Correct Answer: AB

 

 

QUESTION 242

Which four options could be flagged as potential issues by a network security risk assessment? (Choose four.)

 

A.      router hostname and IP addressing scheme

B.      router filtering rules

C.      route optimization

D.      database connectivity and RTT

E.       weak authentication mechanisms

F.       improperly configured email servers

G.      potential web server exploits

 

Correct Answer: BEFG

 

 

QUESTION 243

Which three of these situations warrant engagement of a Security Incident Response team? (Choose three.)

 

A.      loss of data confidentiality/integrity

B.      damage to computer/network resources

C.      denial of service (DoS)

D.      computer or network misuse/abuse

E.       pornographic blogs/websites

 

Correct Answer: ACD

 

 

QUESTION 244

If an administrator is unable to connect to a Cisco ASA adaptive security appliance via Cisco ASDM, all of these would be useful for the administrator to check except which one?

 

A.        The HTTP server is enabled.

B.        The administrator IP is permitted in the interface ACL.

C.        The administrator IP is permitted in the HTTP statement.

D.        The ASDM file resides on flash memory.

E.         The asdm image command exists in the configuration.

 

Correct Answer: B

 

 

QUESTION 245

A Cisco ASA adaptive security appliance configured in multiple context mode supports which three of these features? (Choose three.)

 

A.        VPN

B.        NAT

C.        IPv6 traffic filtering

D.        multicast

E.         failover

 

Correct Answer: BCE

 

 

QUESTION 246

Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?

 

A.        ASA syn protection

B.        ASA ICMP application inspection

C.        CSA quarantine lists

D.        IPS syn attack signatures

E.         Cisco Guard

 

Correct Answer: C

 

 

QUESTION 247

Which three statements regarding Cisco ASA multicast routing support are correct? (Choose three.)

 

A.        The ASA supports both PIM-SM and bi-directional PIM.

B.        When configured for stub multicast routing, the ASA can act as the Rendezvous Point (RP)

C.        The ASA can be configured for IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring the multicast traffic to be forwarded only those interfaces associated with hosts requesting the multicast group.

D.        Enabling multicast routing globally on the ASA automatically enables PIM and IGMP on all interfaces.

E.         ASA supports both stub multicast routing and PIM multicast routing. However, you cannot configure both concurrently on a single security appliance.

F.         If the ASA detects IGMP version 1 routers, the ASA will automatically switch to IGMP version 1 operation.

 

Correct Answer: ADE

 

 

QUESTION 248

Whenever a failover takes place on the ASA running in failover mode, all active connections are dropped and clients must re-establish their connections unless: (Choose two.)

 

A.        the ASA is configured for Active-Active failover

B.        the ASA is configured for LAN-Based failover

C.        the ASA is configured to use a serial cable as the failover link

D.        the ASA is configured for Active-Standby failover and a state failover link has been configured

E.         the ASA is configured for Active-Active failover and a state failover link has been configured

F.         the ASA is configured for Active-Standby failover

 

Correct Answer: DE

 

 

QUESTION 249

You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?

 

A.        ipv6 port-map port telnet 223

B.        ipv6 port-map port 23 port 23223

C.        ipv6 port-map telnet port 23 233

D.        ipv6 port-map telnet port 223

 

Correct Answer: D

 

 

QUESTION 250

Which statement in reference to IPv6 multicast is true?

 

A.        PIM dense mode is not part of IPv6 multicast.

B.        The first 12 bits of an IPv6 multicast address are always FF.

C.        IPv6 multicast uses Multicast Listener Discovery (MLD).

D.        IPv6 multicast requires Multicast Source Discovery Protocol (MSDP).

 

Correct Answer: C

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.