QUESTION 181
Which action is performed first on the Cisco ASA appliance when it receives an incoming packet on its outside interface?
A. check if the packet is permitted or denied by the inbound ACL applied to the outside interface
B. check if the packet is permitted or denied by the global ACL
C. check if the packet matches an existing connection in the connection table
D. check if the packet matches an inspection policy
E. check if the packet matches a NAT rule
F. check if the packet needs to be passed to the Cisco ASA AIP-SSM for inspections
Answer: C
QUESTION 182
If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next?
A. drop the packet
B. check the outside interface inbound ACL to determine if the packet is permitted or denied
C. perform NAT operations on the packet if required
D. check the MPF policy to determine if the packet should be passed to the SSM
E. perform stateful packet inspection based on the MPF policy
Answer: B
QUESTION 183
When you are configuring QoS on the Cisco ASA appliance, which four are valid traffic selection criteria? (Choose four.)
A. VPN group
B. tunnel group
C. IP precedence
D. DSCP
E. default-inspection-traffic
F. qos-group
Answer: BCDE
QUESTION 184
Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly?
A. dynamic-filter inspect tcp/80
B. dynamic-filter whitelist
C. inspect botnet
D. inspect dns dynamic-filter-snoop
Answer: D
QUESTION 185
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB.
(B) Allocate interfaces G0/0 and G0/1 to contextA.
(C) Allocate interfaces G0/0 and G0/2 to contextB.
(D) The physical interface name for G0/1 within contextA should be “inside”.
(E) All other context interfaces must be viewable via their physical interface names.
A. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
B. context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
C. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/2 invisible
D. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/2
E. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible
allocate-interface GigabitEthernet0/2 visible
Answer: A
QUESTION 186
Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)
A. Create the security zones and security zone pairs.
B. Create the self zone.
C. Create the default global inspection policy.
D. Create the type inspect class maps and policy maps.
E. Assign a security level to each security zone.
F. Assign each router interface to a security zone.
G. Apply a type inspect policy map to each zone pair.
Answer: ADFG
QUESTION 187
Which Cisco IPS appliance signature engine defines events that occur in a related manner, within a sliding time interval, as components of a combined signature?
A. Service engine
B. Sweep engine
C. Multistring engine
D. Meta engine
Answer: D
QUESTION 188
Which three options are the types of zones that are defined for anomaly detection on the Cisco IPS Sensor? (Choose three.)
A. inside
B. outside
C. internal
D. external
E. illegal
F. baseline
Answer: CDE
QUESTION 189
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including “reauthenticate.”
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
Answer: ACD
QUESTION 190
Which three statements are true regarding Security Group Tags? (Choose three.)
A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization
result.
B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard
authorization profile.
C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.
D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication
Bypass, and WebAuth methods of authentication.
E. A Security Group Tag is a variable length string that is returned as an authorization result.
Answer: ACD
If you want to pass the Cisco 350-018 Exam sucessfully, recommend to read latest Cisco 350-018 Dumpfull version.