New Updated Cisco CCIE Security 350-018 Real Exam Download 51-60



Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant are able to authenticate, but clients without the supplicant are not able to use web authentication. Which configuration option will correct this issue?


A.      switch(config)# aaa accounting auth-proxy default start-stop group radius

B.      switch(config-if)# authentication host-mode multi-auth

C.      switch(config-if)# webauth

D.      switch(config)# ip http server

E.       switch(config-if)# authentication priority webauth dot1x


Correct Answer: D



Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?


A.      HTTP inspection

B.      static entries in the botnet blacklist and whitelist

C.      global ACL

D.      NetFlow

E.       DNS inspection and DNS snooping


Correct Answer: E




Refer to the exhibit. Which statement about this Cisco Catalyst switch 802.1X configuration is true?




A.      If an IP phone behind the switch port has an 802.1X supplicant, MAC address bypass will still be used to authenticate the IP Phone.

B.      If an IP phone behind the switch port has an 802.1X supplicant, 802.1X authentication will be used to authenticate the IP phone.

C.      The authentication host-mode multi-domain command enables the PC connected behind the IP phone to bypass 802.1X authentication.

D.      Using the authentication host-mode multi-domain command will allow up to eight PCs connected behind the IP phone via a hub to be individually authentication using 802.1X.


Correct Answer: B




Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable web application identified by the “/runscript.php” URI is run?


A.      AIC HTTP

B.      Service HTTP

C.      String TCP

D.      Atomic IP

E.       META

F.       Multi-String


Correct Answer: B




The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.


A.      policy-map type inspect ipv6 IPv6_PMAP

match header routing-type eq 0

drop log

B.      policy-map type inspect icmpv6 ICMPv6_PMAP

match header routing-type eq 0

drop log

C.      policy-map type inspect ipv6-header HEADER_PMAP

match header routing-type eq 0

drop log

D.      policy-map type inspect http HEADER_PMAP

match routing-header 0

drop log

E.       policy-map type inspect ipv6 IPv6_PMAP

match header type 0

drop log

F.       policy-map type inspect ipv6-header HEADER_PMAP

match header type 0

drop log


Correct Answer: A




Refer to the exhibit. With the client protected by the firewall, an HTTP connection from the client to the server on TCP port 80 will be subject to which action?



A.      inspection action by the HTTP_CMAP

B.      inspection action by the TCP_CMAP

C.      drop action by the default class

D.      inspection action by both the HTTP_CMAP and TCP_CMAP

E.       pass action by the HTTP_CMAP

F.       drop action due to class-map misclassification


Correct Answer: B




Refer to the exhibit. Which route will be advertised by the Cisco ASA to its OSPF neighbors?









Correct Answer: A




Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)


A.      range of IP addresses

B.      subnet of IP addresses

C.      destination IP NAT translation

D.      source IP NAT translation

E.       source and destination FQDNs

F.       port and protocol ranges


Correct Answer: ABD




Regarding VSAs, which statement is true?


A.      VSAs may be implemented on any RADIUS server.

B.      VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor. For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.

C.      VSAs do not apply to RADIUS; they are a TACACS attribute.

D.      Each VSA is defined in an RFC and is considered to be a standard.


Correct Answer: A




Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)


A.      Microsoft Windows registry keys

B.      the existence of specific processes in memory

C.      the UUID of an Apple iPad or iPhone

D.      if a service is started on a Windows host

E.       the HTTP User-Agent string of a device

F.       if an Apple iPad or iPhone has been “jail-broken”

G.      if an antivirus application is installed on an Apple MacBook


Correct Answer: ABDG


Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers


You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by