New Updated Cisco CCIE Security 350-018 Real Exam Download 211-220

Ensurepass

QUESTION 211

Refer to the exhibit. Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.

 

clip_image002

 

A.      stateful failover using active-active for multi-context

B.      stateful failover using active-standby for multi-context

C.      stateful failover using active-standby for single-context

D.      stateless failover using interface-level failover for multi-context

 

Correct Answer: A

 

 

QUESTION 212

When you are configuring QoS on the Cisco ASA appliance, which four are valid traffic selection criteria? (Choose four.)

 

A.      VPN group

B.      tunnel group

C.      IP precedence

D.      DSCP

E.       default-inspection-traffic

F.       qos-group

 

Correct Answer: BCDE

 

 

QUESTION 213

You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

 

1.         You need two customer contexts, named contextA and contextB.

2.         Allocate interfaces G0/0 and G0/1 to contextA.

3.         Allocate interfaces G0/0 and G0/2 to contextB.

4.         The physical interface name for G0/1 within contextA should be “inside”.

5.         All other context interfaces must be viewable via their physical interface names.

 

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

 

A.        context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/2 visible

 

B.        context contexta

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside

context contextb

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/2 visible

C.        context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 invisible

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 invisible

allocate-interface GigabitEthernet0/2 invisible

 

D.        context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/2

 

E.         context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside

context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible

allocate-interface GigabitEthernet0/2 visible

 

Correct Answer: A

 

 

QUESTION 214

Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)

 

A.      Create the security zones and security zone pairs.

B.      Create the self-zone.

C.      Create the default global inspection policy.

D.      Create the type inspect class maps and policy maps.

E.       Assign a security level to each security zone.

F.       Assign each router interface to a security zone.

G.      Apply a type inspect policy map to each zone pair.

 

Correct Answer: ADFG

 

 

QUESTION 215

Refer to the exhibit. The client is protected by a firewall. An IPv6 SMTP connection from the client to the server on TCP port 25 will be subject to which action?

clip_image003

A.      pass action by the HTTP_CMAP

B.      inspection action by the TCP_CMAP

C.      inspection action by the SMTP_CMAP

D.      drop action by the default class

E.       pass action by the HTTP_CMAP

 

Correct Answer: B

 

 

QUESTION 216

Which Cisco IPS appliance signature engine defines events that occur in a related manner, within a sliding time interval, as components of a combined signature?

 

A.      Service engine

B.      Sweep engine

C.      Multistring engine

D.      Meta engine

 

Correct Answer: D

 

 

QUESTION 217

Which three options are the types of zones that are defined for anomaly detection on the Cisco IPS Sensor? (Choose three.)

 

A.      inside

B.      outside

C.      internal

D.      external

E.       illegal

F.       baseline

 

Correct Answer: CDE

 

 

QUESTION 218

Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

 

A.      It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.

B.      It defines a wide variety of authorization actions, including “reauthenticate”.

C.      It defines the format for a Change of Authorization packet.

D.      It defines a DM.

E.       It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

 

Correct Answer: ACD

 

 

QUESTION 219

Which three statements are true regarding Security Group Tags? (Choose three.)

 

A.      When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.

B.      When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.

C.      Security Group Tags are a supported network authorization result using Cisco ACS 5.x.

D.      Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.

E.       A Security Group Tag is a variable length string that is returned as an authorization result.

 

Correct Answer: ACD

 

 

QUESTION 220

Refer to the exhibit. What is the cause of the issue that is reported in this debug output?

 

clip_image004

 

A.      The identity of the peer is not acceptable.

B.      There is an esp transform mismatch.

C.      There are mismatched ACLs on remote and local peers.

D.      The SA lifetimes are set to 0.

 

Correct Answer: C

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com