QUESTION 241
What mechanism does SSL use to provide confidentiality of user data?
A. symmetric encryption
B. asymmetric encryption
C. RSA public-key encryption
D. Diffie-Hellman exchange
Answer: A
QUESTION 242
What action does a RADIUS server take when it cannot authenticate the credentials of a user?
A. An Access-Reject message is sent.
B. An Access-Challenge message is sent, and the user is prompted to re-enter credentials.
C. A Reject message is sent.
D. A RADIUS start-stop message is sent via the accounting service to disconnect the session.
Answer: A
QUESTION 243
Which transport mechanism is used between a RADIUS authenticator and a RADIUS authentication server?
A. UDP, with only the password in the Access-Request packet encrypted
B. UDP, with the whole packet body encrypted
C. TCP, with only the password in the Access-Request packet encrypted
D. EAPOL, with TLS encrypting the entire packet
E. UDP RADIUS encapsulated in the EAP mode enforced by the authentication server.
Answer: A
QUESTION 244
Which three statements about the TACACS protocol are correct? (Choose three.)
A. TACACS+ is an IETF standard protocol.
B. TACACS+ uses TCP port 47 by default.
C. TACACS+ is considered to be more secure than the RADIUS protocol.
D. TACACS+ can support authorization and accountingwhile having another separateauthentication solution.
E. TACACS+ only encrypts the password of the user for security.
F. TACACS+ supports per-user or per-group for authorization of router commands.
Answer: CDF
QUESTION 245
Which three EAP methods require a server-side certificate? (Choose three.)
A. PEAP with MS-CHAPv2
B. EAP-TLS
C. EAP-FAST
D. EAP-TTLS
E. EAP-GTP
Answer: ABD
QUESTION 246
Which statement is true about EAP-FAST?
A. It supports Windows single sign-on.
B. It is a proprietary protocol.
C. It requires a certificate only on the server side.
D. It does not support an LDAP database.
Answer: A
QUESTION 247
Which four attributes are identified in an X.509v3 basic certificate field? (Choose four.)
A. key usage
B. certificate serial number
C. issuer
D. subject name
E. signature algorithm identifier
F. CRL distribution points
G. subject alt name
Answer: BCDE
QUESTION 248
What is the purpose of the OCSP protocol?
A. checks the revocation status of a digital certificate
B. submits a certificate signing request
C. verifies a signature of a digital certificate
D. protects a digital certificate with its private key
Answer: A
QUESTION 249
What are two reasons for a certificate to appear in a CRL? (Choose two.)
A. CA key compromise
B. cessation of operation
C. validity expiration
D. key length incompatibility
E. certification path invalidity
Answer: AB
QUESTION 250
Which transport method is used by the IEEE 802.1X protocol?
A. EAPOL frames
B. 802.3 frames
C. UDP RADIUS datagrams
D. PPPoE frames
Answer: A
If you want to pass the Cisco 350-018 Exam sucessfully, recommend to read latest Cisco 350-018 Dumpfull version.