1. How do TCP SYN attacks take advantage of TCP to prevent new connections from being established to a host
under attack?
A. These attacks send multiple FIN segments forcing TCP connection release.
B. These attacks fill up a hosts' listen queue by failing to ACK partially opened TCP connections.
C. These attacks take advantage of the hosts transmit backoff algorithm by sending jam signals to the host.
D. These attacks increment the ISN of each segment by a random number causing constant TCP retransmissions.
E. These attacks send TCP RST segments in response to connection SYN+ACK segments forcing SYN
retransmissions.
Answer: B
2. What are two key characteristics of VTP? (Choose 2)
A. VTP messages are sent out all switch-switch connections.
B. VTP L2 messages are communicated to neighbors using CDP.
C. VTP manages addition, deletion, and renaming of VLANs 1 to 4094.
D. VTP pruning restricts flooded traffic, increasing available bandwidth.
E. VTP V2 can only be used in a domain consisting of V2 capable switches.
F. VTP V2 performs consistency checks on all sources of VLAN information.
Answer: DE
3. Refer to the Exhibit. Switch SW2 has just been added to FastEthernet 0/23 on SW1. After a few seconds,
interface Fa0/23 on SW1 is placed in the error-disabled state. SW2 is removed from port 0/23 and inserted into
SW1 port Fa0/22 with the same result. What is the most likely cause of this problem?
TestInside 350-018
A. The spanning-tree portfast feature has been configured on SW1.
B. BPDU filtering has been enabled either globally or on the interfaces of SW1.
C. The BPDU guard feature has been enabled on the FastEthernet interfaces of SW1.
D. The FastEthernet interfaces of SW1 are unable to auto-negotiate speed and duplex with SW2.
E. PAgP is unable to correctly negotiate VLAN trunk characteristics on the link between SW1 and SW2.
Answer: C
4. What are two important guidelines to follow when implementing VTP? (Choose 2)
A. CDP must be enabled on all switches in the VTP management domain.
B. All switches in the VTP domain must run the same version of VTP.
C. When using secure mode VTP, only configure management domain passwords on VTP servers.
D. Enabling VTP pruning on a server will enable the feature for the entire management domain.
E. Use of the VTP multi-domain feature should be restricted to migration and temporary implementation.
Answer: BD
5. Refer to the Exhibit. The Cisco IOS-based switches are configured with VTP and VLANs as shown. The
network administrator wants to quickly add the VLANs defined on SW1 to SW2's configuration and so he copies
the vlan.dat file from the flash on SW1 to the flash of SW2. After the file is copied to SW2, it is rebooted. What is
the VLAN status of SW2 after the reboot?
A. The VLAN information on SW2 will remain the same since it has been configured for transparent VTP mode.
B. SW2 will clear the vlan.dat file and load its VLAN information from the configuration file stored in NVRAM.
C. A VTP mode mismatch will occur causing the VLANS in the startup config to be ignored and all VLANs above
1005 to be erased.
D. The VLANs in the vlan.dat file will be copied to the running config and merged with the extended VLANs
defined in the startup config.
E. All VLANs will be erased and all ports will be moved into the default VLAN 1.
Answer: C
TestInside 350-018
6. Refer to the Exhibit. A Cisco security appliance has been inserted between routers R1 and R2 for security
reasons. Unfortunately, BGP stopped working after the appliance was inserted in the network. What three
configuration tasks must be completed to restore BGP connectivity? (Choose 3)
A. Configure BGP on the security appliance as an iBGP peer to R1 and R2 in AS 65500.
B. Configure a static NAT translation to allow inbound TCP connections from R2 to R1.
C. Configure an ACL on the security appliance allowing TCP, port 179 between R1 and R2.
D. Configure a static routes on R1 and R2 using the appliance inside and outside interfaces as gateways.
E. Configure the BGP fixup feature on the security appliance to permit BGP TCP connections between R1 and R2.
Answer: BCD
7. Refer to the Exhibit. A Cisco security appliance has been correctly configured and inserted between routers R1
and R2. The security appliance allows iBGP connectivity between R1 and R2 and BGP is fully functional. To
increase security, MD5 neighbor authentication is correctly configured on R1 and R2. Unfortunately, BGP stops
working after the MD5 configuration is added. What configuration task must be completed on the security
appliance to restore BGP connectivity?
A. Configure authentication-proxy on the security appliance.
B. Configure the MD5 authentication key on the security appliance.
C. Add the MD5 key to the security appliance BGP fixup configuration.
D. Add norandomseq to the static NAT translation on the security appliance.
TestInside 350-018
E. Configure a GRE tunnel to allow authenticated BGP connections to traverse the security appliance.
Answer: D
8. According to RFC 3180, what is the correct GLOP address for AS 456?
A. 224.0.4.86
B. 224.4.86.0
C. 233.1.200.0
D. 239.2.213.0
E. 239.4.5.6
Answer: C
9. A network administrator is using a LAN analyzer to troubleshoot OSPF router exchange messages sent to ALL
OSPF ROUTERS. To what MAC address are these messages sent?
A. 00-00-1C-EF-00-00
B. 01-00-5E-00-00-05
C. 01-00-5E-EF-00-00
D. EF-FF-FF-00-00-05
E. EF-00-00-FF-FF-FF
F. FF-FF-FF-FF-FF-FF
Answer: B
10.Which two IP multicast addresses belong to the group represented by the MAC address of
0x01-00-5E-15-6A-2C?
A. 224.21.106.44
B. 224.25.106.44
C. 233.149.106.44
D. 236.25.106.44
E. 239.153.106.44
Answer: AC
11. Refer to the Exhibit. A Cisco security appliance has been inserted between a multicast source and its receiver,
TestInside 350-018
preventing multicast traffic between them. What is the best solution to address this problem?
A. Configure the security appliance as an IGMP multicast client.
B. Configure a GRE tunnel to allow the multicast traffic to bypass the security appliance.
C. Configure the security appliance as the rendezvous point of the multicast network so that all (*,G) trees
traverse it.
D. Create a static route on the multicast source and receiver pointing to the outside and inside interfaces of the
security appliance respectively.
E. Configure SMR so the security appliance becomes an IGMP proxy agent, forwarding IGMP messages from
hosts to the upstream multicast router.
Answer: E
12. Refer to the Exhibit. Which of the following R1 router configurations will correctly prevent R3 from
becoming a PIM neighbor with rendezvous point R1?
A.
TestInside 350-018
B.
C.
D.
E.
Answer: A
13. How is the Cisco sensor software version 5.0 different from the version 4.0 release?
A. The monitoring system pulls events from the sensor
B. The sensor supports intrusion prevention functinality
C. The sensor pushes events to the monitoring system
D. The sensor uses RDEP
E. The sensor software calculates a Risk Rating for alerts to reduce false positives
Answer: BE
14. What is SDEE?
A. A Cisco proprietary protocol to transfer IDS events across the network
B. A protocol used by multiple vendors to transmit IDS events across the network
C. A queuing mechanism to store alerts
D. A mechanism to securely encode intrusion events in an event store
E. A multi-purpose encryption engine to symmetrically encrpt data across the network
Answer: B
TestInside 350-018
15. Refer to the Exhibit. Under normal conditions, SW1 is spanning tree root and the link between SW2 and SW3
is in the blocking state. This network transports large amounts of traffic and is heavily loaded. After a software
upgrade to these switches, users are complaining about slow performance. To troubleshoot, the commands shown
in the exhibit are entered. What two are the most likely causes of this issue?
A. Lack of BPDUs from high priority bridge SW1 causes SW3 to unblock Fa1/1.
B. Duplex mismatch on the link between SW1 and SW3 causing high rate of collisions.
C. The Max Age timers on SW1 and SW2 have been changed and no longer match the MAX Age timer on SW3.
D. UDLD has not been configured between SW1 and SW3 so SW3 errantly sees its link to SW1 as up and
operational.
E. The bridge priority of SW1 was changed to be greater than 32768 allowing SW2 to become the new root of the
TestInside 350-018
spanning tree.
Answer: AB
16. What is true about a Pre-Block ACL configured when setting up your sensor to perform IP Blocking?
A. The Pre-Block ACL is overwritten when a blocking action is initiatied by the sensor
B. The blocking ACL entries generated by the sensor override the Pre-Block ACL entries
C. The Pre-Block ACL entries override the blocking ACL entries generated by the sensor
D. The Pre-Block ACL is replaced by the Post-Block ACL when a blocking action is initiated by the sensor
E. You can not configure a Pre-Block ACL when configuring IP Blocking on your sensor
Answer: C
17. Which of the following is true about the Cisco IOS-IPS functionality? (Choose 2)
A. The signatures available are built into the IOS code.
B. To update signatures you need to install a new IOS image
C. To activate new signatures you download a new Signature Defiition File (SDF) from Cisco's web site
D. Loading and enabling selected IPS signatures is user configurable
E. Cisco IOS only provides Intrusion Detection functionality
F. Cisco IOS-IPS requires a network module installed in your router running sensor software
Answer: CD
18. What is the main reason for using the "ip ips deny-action ips-interface" IOS command?
A. To selectively apply drop actions to specific interfaces
B. To enable IOS to drop traffic for signatures configured with the Drop action
C. To support load-balancing configurations in which traffic can arrive via multiple interfaces
D. This is not a valid IOS command
Answer: C
19. By default, to perform IPS deny actions, where is the ACL applied when using IOS-IPS?
A. To the ingress interface of the offending packet
B. To the ingress interface on which IOS-IPS is configured
C. To the egress interface on which IOS-IPS is configured
TestInside 350-018
D. To the egress interface of the offending packet
E. To the ingress interface of the offending packet and the ingress interface on which IOS-IPS is configured
Answer: A
20. Refer to the Exhibit. Router R1 is stuck in 2-WAY state with neighbors R2 and R3. As a result R1 has an
incomplete routing table. To troubleshoot the issue, the show and debug commands in the exhibit are entered on
R1. Based on the output of these commands what is the most likely cause of this problem?
A. The hello timers on the segment between these routers do not match.
B. All the routers on the Ethernet segment have been configured with "ip ospf priority 0".
C. R1 can not form an adjacency with R2 or R3 because it does not have a matching authentication key.
D. The Ethernet 0/0 interfaces on these routers are missing the "ip ospf network broadcast" command.
E. The Ethernet 0/0 interface on R1 has been configured with the command, "ip ospf network non-broadcast".
Answer: B
TestInside 350-018
21. What two things must you do on the router before generating an SSH key with the "crypto key generate rsa"
IOS command?
A. Configure the SSH version that the router will use
B. Configure the host name of the router
C. Enable AAA Authentication
D. Configure the default IP domain name that the router will use
E. Enable SSH transport support on the vty lines
Answer: BD
22. Refer to the Exhibit. What as-path access-list regular expression should be applied on R2 as a neighbor
filter-list to only allow updates with an origin of AS65503?
A. 65503
B. _65503_
C. ^65503$
D. _65503$
E. ^65503 .*
F. _65503.?$
Answer: E
23. Refer to the Exhibit. A router running EIGRP with the "no ip classless" command contains the routing table as
TestInside 350-018
shown in the exhibit. What will happen to a packet destined for 172.16.254.1?
A. The packet is forwarded to 192.168.1.1.
B. The packet is forwarded to 192.168.1.2.
C. The packet is forwarded to 192.168.1.3.
D. The packet is dropped.
Answer: D
24. Refer to the Exhibit. What as-path access-list regular expression should be applied on R2 to only allow
updates originated from AS65501 or autonomous systems directly attached to AS65501?
A. _65501_.*
B. _65501_*$
C. ^65501_*$
D. _65501+[0.9]$
E. ^65501_[0-9]*$
F. \[0-9]*+65501_+\[0-9]$
Answer: E
TestInside 350-018
25. Refer to the Exhibit. What is the correct configuration on R1 to enable message digest authentication between
routers R1 and R2?
A.
B.
C.
D.
E.
TestInside 350-018
Answer: A
26. When applying MD5 route authentication on routers running RIP or EIGRP, what two important key chain
considerations should be accounted for?
A. The lifetimes of the keys in the chain should overlap.
B. No more than three keys should be configured in any single chain.
C. Routers should be configured for NTP to synchronize their clocks.
D. Key 0 of all key chains must match for all routers in the autonomous system.
E. Link compression techniques should be disabled on links transporting any MD5 "hash".
Answer: AC
27. Whenever a failover takes place on the ASA running in failover mode, all active connections are dropped and
clients must re-establish their connections unless
A. the ASA is configured for Active-Standby failover.
B. the ASA is configured for Active-Active failover.
C. the ASA is configured for Active-Active failover and a state failover link has been configured.
D. the ASA is configured for Active-Standby failover and a state failover link has been configured.
E. the ASA is configured to use a serial cable as the failover link.
F. the ASA is configured for LAN-Based failover.
Answer: CD
28. Which of the following is true with respect to active-active failover on the ASA?
A. Active-active failover is available only for systems running in single context mode
B. Active-active failover is available only for systems running in transparent mode
C. Active-active failover is available only for systems running in routed mode
D. Active-active failover is available only for systems running in multiple context mode
E. Active-active failover is available for systems running in multiple or single context mode
Answer: D
TestInside 350-018
29. Whenever a failover takes place on the ASA (configured for failover), all active connections are dropped and
clients must re-establish their connections unless: (Choose 2)
A. The ASA is configured for Active-Standby failover.
B. The ASA is configured for Active-Active failover.
C. The ASA is configured for Active-Active failover and a state failover link has been configured.
D. The ASA is configured for Active-Standby failover and a state failover link has been configured.
E. The ASA is configured to use a serial cable as the failover link.
F. The ASA is configured for LAN-Based failover
Answer: CD
30. Which algorithms did TKIP add to the 802.11 specification? (Choose 3)
A. key mixing
B. AES-based encryption
C. anti-replay sequence counter
D. message integrity check
E. cyclic redundancy check
Answer: ACD
31. The key lengths for DES and 3DES, respectively, are:
A. 128 bits and 256 bits
B. 128 bits and 384 bits
C. 1024 bits and 3072 bits
D. 64 bits and 192 bits
E. 56 bits and 168 bits
F. 128 bytes and 384 bytes
Answer: E
32. Which of the following statements are true? (Choose 3)
A. AES is faster to compute than 3DES.
B. AES is not subject to Known Plaintext attacks, while DES is.
C. AES is a block cipher while 3DES and DES are stream ciphers.
TestInside 350-018
D. AES can be used with longer keys than 3DES.
E. AES is an open standard, while 3DES and DES are proprietary.
Answer: ABD
33. Which three statements regarding Cisco ASA multicast routing support are correct? (Choose three)
A. ASA supports both stub multicast routing and PIM multicast routing. However, you cannot configure both
concurrently on a single security appliance
B. When configured for stub multicast routing, the ASA can act as the Rendezvous Point (RP)
C. If the ASA detects IGMP version 1 routers, the ASA will automatically switch to IGMP version 1 operations.
D. The ASA supports both PIM-SM and bi-directional PIM
E. Enabling multicast routing globally on the ASA automatically enables PIM and IGMP on all interfaces
F. The ASA can be configured for IGMP snooping to constrain the flooding of multicast traffic by dynamically
configuring the multicast traffic to be forwarded only those interfaces associated with hosts requesting the
multicast group
Answer: ADE
34. Referring to the SDM screens shown, which two statements are true about the IOS Easy VPN Server
configuration? (Choose two).
A. Digital Certificate is used to authenticate the remote VPN client.
B. Split tunneling is enabled where traffic that matches ACL 100 will not be encrypted.
TestInside 350-018
C. Split tunneling is disabled because no protected subnets have been defined.
D. To connect, the remote VPN client will use a groupname of "test."
E. The remote VPN client will be assigned an internal IP address from the SDM_POOL_1 IP address pool.
F. Pre-shared key (PSK) authentication will be used during the X-Auth phase
Answer: DE
35. Referring to partial IOS router configuration shown in the exhibit, which statement is true?
A. Traffic from subnet 172.16.4.0/24 to the 172.16.3.0/24 subnet will be protected by IPSec and will go through
NAT.
B. Traffic from subnet 172.16.4.0/24 to any destinations will be protected by IPSec and will bypass NAT.
C. ACL 104 is the crypto ACL defining traffic that should be protected by IPSec.
D. All IPSec protected traffic will bypass NAT.
E. All traffic from subnet 172.16.4.0/24 to the 172.16.3.0/24 subnet will go through NAT.
Answer: D
TestInside 350-018
36. When implementing WLAN security, what are three benefits of using the Temporal Key Integrity Protocol
(TKIP) instead of WEP? (Choose three)
A. TKIP uses an advanced encryption scheme based on AES
B. TKIP provides authentication and integrity checking using Cipher Block Chaining Message Authentication
Code (CBC-MAC)
C. TKIP provides per-packet keying and a rekeying mechanism
D. TKIP provides message integrity check
E. TKIP reduces WEP's vulnerabilities by using different hardware encryption chipset
F. TKIP uses a 48 bit Initialization Vector
Answer: CDF
37. Based on the following partial configuration shown, which statement is true?
A. vlan 10, the guest vlan is also known as the restricted vlan
B. client without an 802.1x supplicant connecting to port fa0/1 will be assigned to the vlan 10
C. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan 10
D. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan
100
E. EAP over LAN frames will flow over VLAN 10
Answer: B
38. With the Cisco's IOS Authentication Proxy feature, users can initiate network access via which three protocols?
(Choose three)
A. IPSec
B. HTTP/HTTPS
C. L2TP
D. FTP
TestInside 350-018
E. TELNET
F. SSH
Answer: BDE
39. Cisco IOS IPS sends IPS alert messages using which two protocols? (Choose two)
A. SDEE
B. LDAP
C. SYSLOG
D. FTP
E. SNMP
F. SMTP
Answer: AC
40. Which best represents a typical attack that takes advantage of RFC 792, ICMP Type 3 messages?
A. Blind connection-reset
B. Large packet echo request
C. Packet fragmentation offset
D. Broadcast-based echo request
E. Excessive bandwidth consumption
Answer: A
41. Which type of attacks can be monitored and mitigated by CS-MARS using NetFlow data?
A. Man-in-the middle attack
B. Spoof attack
C. Land.C attack
D. Buffer Overflow
E. Day zero attack
F. Trojan Horse
Answer: E
42. What is the net effect of using ICMP Type 4 messages to attack RFC 1122 compliant hosts?
TestInside 350-018
A. Hosts will perform a "soft" TCP reset and restart the connection.
B. Hosts will perform a "hard" TCP reset and tear down the connection.
C. Hosts will reduce the rate at which they inject traffic into the network.
D. Hosts will redirect packets to the IP address indicated in the ICMP type 4 message.
E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message.
Answer: C
43. Referring to the partial IOS configuration shown in the exhibit, which two statements are true? (Choose three)
A. Ethernet0 is the trusted interface and Ethernet1 is the untrusted interface
B. All outbound ICMP traffic will be inspected by the IOS Firewall
C. CBAC will create dynamic entries in ACL 101 to permit the return traffic
D. ACL 101 needs to have at least one permit statement in it or it will not work properly
E. Ethernet0 needs an inbound access-list to make the configuration work
F. Ethernet0 needs an outbound access-list to make the configuration work
Answer: ABC
44. An attacker is attempting to Telnet to a specific host secured behind a firewall rule that only allows inbound
connections on TCP port 25. What aspect of RFC 791 (Internet Protocol) can the attacker exploit to perform this
TestInside 350-018
attack?
A. Send a SYN/ACK to the host on TCP port 23 indicating a response to a SYN request from the host on the
secure side of the firewall.
B. Set the TOS bits to 1111 1100 indicating a network control packet that should be forwarded to the host with
high reliability (no discard).
C. Send packets destined for TCP port 23 with the DF and MF bits clear and the fragment offset to 0 since many
firewalls will pass IP fragments with a 0 offset.
D. Send two packets, the first packet with the DF bit clear and the MF bit set, and the second packet with a
fragmentation offset of 1 and a destination port of TCP 23.
E. Send packets with a fragmentation offset of 20 and a TCP destination port 25. All subsequent packets will
overwrite the IP header allowing a new IP header to be inserted.
Answer: D
45. Which of the following is the most effective technique to prevent source IP Address spoofing?
A. policy based routing (PBR)
B. unicast reverse path forwarding (uRPF)
C. lock and key ACL
D. RFC 1918 filtering
E. IP source routing
Answer: B
46. To increase security, MD5 authentication is added to an OSPF virtual link. Company security policies dictate
that all passwords must be changed after 90 days. What will be the effect on the OSPF network of changing the
MD5 key?
A. A second MD5-authenticated virtual link should be created. Once that is operational, the old virtual link can be
removed.
B. If a new MD5 key is configured using the same key-id, it automatically replaces the existing one with no effect
on OSPF.
C. If a second MD5 key is configured OSPF will authenticate both keys allowing the first key to be removed with
no effect on OSPF.
D. A new MD5 key can be configured after removing the old one. This will momentarily disable MD5
TestInside 350-018
authentication until the new key is learned in updated LSAs.
E. Once a MD5 key is configured a hash is created. For security purposes, this hash can only be removed by
clearing the MD5 configuration and resetting the OSPF adjacency.
Answer: C
47. Referring to the network diagram and the R1 router configurations shown in the exhibit, why remote users
using their Cisco VPN software client are not able to reach the 172.16.0.0 networks behind R1 once they
successfully VPN into R1?
A. The Cisco VPN software client does not support DH group 2
B. Reverse Route Injection (RRI) is not enabled on R1
C. The R1 configuration is missing the crypto ACL
D. The dynamic crypto map on R1 is misconfigured
E. The ACL 100 on R1 is misconfigured
Answer: E
TestInside 350-018
48. Asymmetric and symmetric ciphers differ in which of the following way(s)? (Choose 2)
A. Asymmetric ciphers use pre-shared keys
B. Symmetric ciphers are faster to compute
C. Asymmetric ciphers are faster to compute
D. Asymmetric ciphers use public and private keys
Answer: BD
49. What does qos pre-classify provides in regard to implementing QoS over GRE/IPSec VPN tunnels?
A. enables IOS to copy the ToS field from the inner (original) IP header to the outer tunnel IP header
B. enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption,
based on fields in the inner IP header.
C. enables IOS to classify packets based on the ToS field in the inner (original) IP header
D. enables IOS to classify packets based on the ToS field in the outer tunnel IP header
E. enables the IOS classification engine to only see a single encrypted and tunneled flow to reduce classification
complexity
Answer: B
50. Referring to the debug output shown below, what is causing the IKE Main Mode failure?
A. The IPSec transform set on the peers do not match.
B. The Crypto ACL is not a mirror image of the peer.
C. The pre-shared keys on the peers do not match.
D. The IKE Phase I policy does not match on both sides.
E. The received IPsec packet specifies a Security Parameters Index (SPI) that does not exist in the security
associations database (SADB).
Answer: D
51. Which three steps are required to enable SSH Server on an IOS router? (Choose three)
TestInside 350-018
A. Configure a host name
B. Configure a domain name
C. Configure the Crypto PKI trustpoint (CA)
D. Specifies a fingerprint that can be matched against the fingerprint of a CA certificate during authentication
E. Import the SSH client fingerprint
F. Generate an RSA key pair
Answer: ABF
52. Which of the following best describes a hash function?
A. An irreversible fast encryption method
B. A reversible fast encryption method
C. A reversible value computed from a piece of data and used to detect modifications
D. An irreversible value computed from a piece of data and used to detect modifications
E. A table in which values are stored for efficient retrieval.
Answer: D
53. Referring to the partial debug output shown in the exhibit, what values are contained inside the brackets [4] in
line 1?
A. The RADIUS Identifier Field Value
B. The Radius Attribute Type Value
C. The Radius VSA Number
D. The Radius VSA length
E. The Vendor ID
Answer: B
TestInside 350-018
54. Which two steps does a receiver perform to validate a message using HMAC? (Choose two)
A. decrypts the received MAC using a secret key
B. compares the computed MAC vs. the MAC received
C. authenticate the received message using the sender's public key
D. look up the sender's public key
E. extracts the MAC from the received message then encrypts the received message with a secret key to produce
the MAC
F. Computes the MAC using the received message and a secret key as inputs to the hash function
Answer: BF
55. Which of the following lines is incorrect in the following IOS IKE configuration?
A. crypto isakmp policy 7
B. encryption aes
C. hash sha1
D. authentication rsa-sig
E. group 2
F. lifetime 86400
Answer: C
56. RFC 2827 ingress filtering is used to help prevent which type of attacks?
A. Syn Flood
B. Source IP address spoofing
C. Overlapping IP Fragments
D. Tiny IP Fragments
E. Land.C
TestInside 350-018
F. Network Reconnaissance
Answer: B
57. Referring to the network diagram and the partial router's configuration shown, which packet will be permitted
by ACL 101?
A. Any TCP packets with the initial SYN or ACK bit set destined to a host on the 10.2.1.0/24 subnet.
B. A HTTP packet with the SYN bit set destined to a host on the 10.2.1.0/24 subnet
C. A TFTP packet with the RST bit set destined to a host on the 10.2.1.0/24 subnet
D. An ICMP echo-reply packet destined to a host on the 10.2.1.0/24 subnet
E. Any TCP packet with the ACK bit set destined to a host on the 10.2.1.0/24 subnet.
F. Any TCP return traffic destined to a host on the 10.2.1.0/24 subnet that matches a corresponding outgoing TCP
connection in the router's firewall state table
Answer: E
58. Which of the following is the correct diagram for an IPsec Authentication Header?
A.
B.
TestInside 350-018
C.
D.
E.
Answer: C
59. ARP cache poisoning can be best prevented by using which two Catalyst security features? (Choose two)
A. Dynamic ARP Inspection (DAI)
B. Port Security
TestInside 350-018
C. MAC Address Notification
D. DHCP Snooping
E. Port Fast
F. 802.1x Authentication
Answer: AD