New Updated Cisco CCIE Security 350-018 Real Exam Download 331-340

Ensurepass

QUESTION 331

Which statement is true about the TFTP protocol?

 

A.      The client is unable to get a directory listing from the server.

B.      The client is unable to create a new file on a server.

C.      The client needs to log in with a username and password.

D.      The client needs to log in using “anonymous” as a username and specifying an email address as a password.

 

Correct Answer: A

 

 

QUESTION 332

Which NTP stratum level means that the clock is unsynchronized?

 

A.      0

B.      1

C.      8

D.      16

 

Correct Answer: D

 

 

QUESTION 333

Which statement is true about an NTP server?

 

A.      It answers using UTC time.

B.      It uses the local time of the server with its time zone indication.

C.      It uses the local time of the server and does not indicate its time zone.

D.      It answers using the time zone of the client.

 

Correct Answer: A

 

 

QUESTION 334

Which statement is true about an SNMPv2 communication?

 

A.      The whole communication is not encrypted.

B.      Only the community field is encrypted.

C.      Only the query packets are encrypted.

D.      The whole communication is encrypted.

 

Correct Answer: A

 

 

QUESTION 335

Refer to the exhibit. What is this configuration designed to prevent?

 

clip_image002

 

A.      Man in the Middle Attacks

B.      DNS Inspection

C.      Backdoor control channels for infected hosts

D.      Dynamic payload inspection

 

Correct Answer: C

 

 

QUESTION 336

Refer to the exhibit. What does this configuration prevent?

 

clip_image004

 

A.      HTTP downloads of files with the “.bat” extension on all interfaces.

B.      HTTP downloads of files with the “.batch” extension on the inside interface.

C.      FTP commands of GET or PUT for files with the “.bat” extension on all interfaces.

D.      FTP commands of GET or PUT for files with the “.batch” extension on the inside interface.

 

Correct Answer: C

 

 

QUESTION 337

Which four functionalities are built into the ISE? (Choose four.)

 

A.      Profiling Server

B.      Profiling Collector

C.      RADIUS AAA for Device Administration

D.      RADIUS AAA for Network Access

E.       TACACS+ for Device Administration

F.       TACACS+ for Network Access

G.      Guest Lifecycle Management

 

Correct Answer: ABDG

 

 

QUESTION 338

Which statement is correct about the Cisco IOS Control Plane Protection feature?

 

A.      Control Plane Protection is restricted to the IPv4 or IPv6 input path.

B.      Traffic that is destined to the router with IP options will be redirected to the host control plane.

C.      Disabling CEF will remove all active control-plane protection policies. Aggregate control-plane policies will continue to operate.

D.      The open-port option of a port-filtering policy allows access to all TCP/UDP based services that are configured on the router.

 

Correct Answer: C

 

 

QUESTION 339

Which Category to Protocol mapping for NBAR is correct?

 

A.        Category: Enterprise Applications

Protocol: Citrix ICA, PCAnywhere, SAP, IMAP

 

B.        Category: Internet

Protocol: FTP, HTTP, TFTP

 

C.        Category: Network Management

Protocol: ICMP, SNMP, SSH, Telnet

 

D.        Category: Network Mail Services

Protocol: MAPI, POP3, SMTP

 

Correct Answer: B

 

 

QUESTION 340

Which two options correctly describe Remote Triggered Black Hole Filtering (RFC 5635)?

(Choose two.)

 

A.      RTBH destination based filtering can drop traffic destined to a host based on triggered entries in the FIB.

B.      RTBH source based filtering will drop traffic from a source destined to a host based on triggered entries in the RIB.

C.      Loose uRPF must be used in conjunction with RTBH destination based filtering.

D.      Strict uRPF must be used in conjunction with RTBH source based filtering.

E.       RTBH uses a discard route on the edge devices of the network and a route server to send triggered route updates.

F.       When setting the BGP community attribute in a route-map for RTBH use the no export community unless BGP confederations are used then use local-as to advertise to subas confederations.

 

Correct Answer: AE

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.