2014 Latest Cisco 350-018 Dump Free Download(181-190)!

QUESTION 181
Which action is performed first on the Cisco ASA appliance when it receives an incoming packet on its outside interface?

A.    check if the packet is permitted or denied by the inbound ACL applied to the outside interface
B.    check if the packet is permitted or denied by the global ACL
C.    check if the packet matches an existing connection in the connection table
D.    check if the packet matches an inspection policy
E.    check if the packet matches a NAT rule
F.    check if the packet needs to be passed to the Cisco ASA AIP-SSM for inspections

Answer: C

QUESTION 182
If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next?

A.    drop the packet
B.    check the outside interface inbound ACL to determine if the packet is permitted or denied
C.    perform NAT operations on the packet if required
D.    check the MPF policy to determine if the packet should be passed to the SSM
E.    perform stateful packet inspection based on the MPF policy

Answer: B

QUESTION 183
When you are configuring QoS on the Cisco ASA appliance, which four are valid traffic selection criteria? (Choose four.)

A.    VPN group
B.    tunnel group
C.    IP precedence
D.    DSCP
E.    default-inspection-traffic
F.    qos-group

Answer: BCDE

QUESTION 184
Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly?

A.    dynamic-filter inspect tcp/80
B.    dynamic-filter whitelist
C.    inspect botnet
D.    inspect dns dynamic-filter-snoop

Answer: D

QUESTION 185
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB.
(B) Allocate interfaces G0/0 and G0/1 to contextA.
(C) Allocate interfaces G0/0 and G0/2 to contextB.
(D) The physical interface name for G0/1 within contextA should be “inside”.
(E) All other context interfaces must be viewable via their physical interface names.

A.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
B.    context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
C.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/2 invisible
D.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/2
E.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible
allocate-interface GigabitEthernet0/2 visible

Answer: A

QUESTION 186
Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)

A.    Create the security zones and security zone pairs.
B.    Create the self zone.
C.    Create the default global inspection policy.
D.    Create the type inspect class maps and policy maps.
E.    Assign a security level to each security zone.
F.    Assign each router interface to a security zone.
G.    Apply a type inspect policy map to each zone pair.

Answer: ADFG

QUESTION 187
Which Cisco IPS appliance signature engine defines events that occur in a related manner, within a sliding time interval, as components of a combined signature?

A.    Service engine
B.    Sweep engine
C.    Multistring engine
D.    Meta engine

Answer: D

QUESTION 188
Which three options are the types of zones that are defined for anomaly detection on the Cisco IPS Sensor? (Choose three.)

A.    inside
B.    outside
C.    internal
D.    external
E.    illegal
F.    baseline

Answer: CDE

QUESTION 189
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A.    It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B.    It defines a wide variety of authorization actions, including “reauthenticate.”
C.    It defines the format for a Change of Authorization packet.
D.    It defines a DM.
E.    It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: ACD

QUESTION 190
Which three statements are true regarding Security Group Tags? (Choose three.)

A.    When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization
result.
B.    When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard
authorization profile.
C.    Security Group Tags are a supported network authorization result using Cisco ACS 5.x.
D.    Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication
Bypass, and WebAuth methods of authentication.
E.    A Security Group Tag is a variable length string that is returned as an authorization result.

Answer: ACD

If you want to pass the Cisco 350-018 Exam sucessfully, recommend to read latest Cisco 350-018 Dumpfull version.

clip_image001