QUESTION 111
A router has four interfaces addressed as 10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, and 10.1.4.1/24. What is the smallest summary route that can be advertised covering these four subnets?
A. 10.1.2.0/22
B. 10.1.0.0/22
C. 10.1.0.0/21
D. 10.1.0.0/16
Answer: C
QUESTION 112
Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.)
A. static NAT
B. dynamic NAT
C. dynamic NAT with overloading
D. PAT
E. VAT
Answer: CD
QUESTION 113
Which authentication mechanism is available to OSPFv3?
A. simple passwords
B. MD5
C. null
D. IKEv2
E. IPsec AH/ESP
Answer: E
QUESTION 114
The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.
A. policy-map type inspect ipv6 IPv6_PMAP
match header routing-type eq 0
drop log
B. policy-map type inspect icmpv6 ICMPv6_PMAP
match header routing-type eq 0
drop log
C. policy-map type inspect ipv6-header HEADER_PMAP
match header routing-type eq 0
drop log
D. policy-map type inspect http HEADER_PMAP
match routing-header 0
drop log
E. policy-map type inspect ipv6 IPv6_PMAP
match header type 0
drop log
F. policy-map type inspect ipv6-header HEADER_PMAP
match header type 0
drop log
Answer: A
QUESTION 115
Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)
A. manually configured
B. automatic 6to4
C. ISATAP
D. GRE
Answer: AD
QUESTION 116
Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)
A. range of IP addresses
B. subnet of IP addresses
C. destination IP NAT translation
D. source IP NAT translation
E. source and destination FQDNs
F. port and protocol ranges
Answer: ABD
QUESTION 117
Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)
A. Microsoft Windows registry keys
B. the existence of specific processes in memory
C. the UUID of an Apple iPad or iPhone
D. if a service is started on a Windows host
E. the HTTP User-Agent string of a device
F. if an Apple iPad or iPhone has been “jail-broken”
G. if an antivirus application is installed on an Apple MacBook
Answer: ABDG
QUESTION 118
Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)
A. The firewall is not a routed hop.
B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces.
C. Static routes are supported.
D. PAT and NAT are not supported.
E. Only one global address per device is supported for management.
F. SSL VPN is supported for management.
Answer: ABC
QUESTION 119
Which three statements about Cisco IOS RRI are correct? (Choose three.)
A. RRI is not supported with ipsec-profiles.
B. Routes are created from ACL entries when they are applied to a static crypto map.
C. Routes are created from source proxy IDs by the receiver with dynamic crypto maps.
D. VRF-based routes are supported.
E. RRI must be configured with DMVPN.
Answer: BCD
QUESTION 120
Which of the following describes the DHCP “starvation” attack?
A. Exhaust the address space available on the DHCP servers so that an attacker can inject their
own DHCP server for malicious reasons.
B. Saturate the network with DHCP requests to prevent other network services from working.
C. Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned
host names.
D. Send DHCP response packets for the purpose of overloading CAM tables.
Answer: A
If you want to pass the Cisco 350-018 Exam sucessfully, recommend to read latest Cisco 350-018 Dumpfull version.