Cisco 350-030 Study Guide, Most Accurate Cisco 350-030 Exam Questions UP To 50% Off

Are you struggling for the Cisco 350-030 exam? Good news,Just try Flydumps Cisco 350-030 exam dumps,it will help you a lot.In Flydumps new Cisco 350-030 vce or pdf dump file,you can get all the Cisco 350-030 new questions and answers,we ensure high pass rate and money back guarantee.

QUESTION 21
Cisco’s RADIUS implementation supports one vendor-specific option using which of the following formats?
A. Vendor-ID 26, and the supported option has vendor-type 1, which is named “cisco-avpair”.
B. Vendor-ID 9, and the supported option has vendor-type 26, which is named “cisco-avpair”.
C. Vendor-ID 9, and the supported option has vendor-type 1, which is named “cisco-avpair”.
D. Vendor-ID 1, and the supported option has vendor-type 9, which is named “cisco-avpair”.
E. Vendor-ID 1, and the supported option has vendor-type 9, which is named extened “cisco-avpair”.
F. All of the above.

Correct Answer: C
QUESTION 22
Why would you advice the new Certkiller trainee technician to configure a “clients” file on a RADIUS server?
A. To define a list of remote node devices that users may use for connectivity to the network.
B. To define a list of IP hosts that are granted permissions to administer the RADIUS database.
C. To define a list of users and their access profiles.
D. To define a list of NASs the RADIUS server for communcation purposes.
E. All of the above.

Correct Answer: D
QUESTION 23
Exhibit: CA Certificate Status: Available Certificate Serial Number: 68690A1A21B65B343679274B37E7BB Key Usage: Signature CN = Version CertServer OU = user O = user L = User City ST = CA C = US EA =<16> [email protected] Validity Date: start stae: 14.32.48 PST Mar 17 2000 end date: 14:41:28 PST Mar 17 2002 You are the network administrator at Certkiller . You are experiencing problems getting two IPSec routers to authenticate using RSA-sig as an authentication method. The output of the IOS command show crypto ca cert yields the above output.
What is the most probable reason for this authentication failure?
A. The certificate has a leading one in the serial number field which violated the x.509 certificate standard.
B. The router has not yet obtained an identity certificate from the root CA.
C. The current data of the router is out of the range of the certificate’s validity date.
D. The root CA has rejected the other routers attempt to authenticate.
E. None of the above.
Correct Answer: C
QUESTION 24
Exhibit:

The Certkiller Network Administrator can view user traffic reaching the router. However, the administrator also wants to see the return traffic from the server as well.
What other commands is necessary to be configured to enable viewing both the outgoing and return traffic, without overwhelming the router?
A. config t int ethernet1 no ip route-cache end
B. config t int ethernet0 no ip route-cache end debug ip packet detail any 10.1.1.0 0.0.0.255
C. config t int ethernet0 no ip route-cache access-list 1 permit 10.1.1.0 255.255.255.0 end debug ip packet detail 1
D. config t int ethernet1 no ip route-cache no access-list 1 access-list 101 permit ip 10.1.1.0 0.0.0.255 any access-list 101 permit ip any 10.1.1.0 0.0.0.255 end debug ip packet detail 101
E. config t int ethernet1 no ip route-cache access-list 101 permit ip 10.1.1.0 0.0.0.255 any access-list 101 permit ip any 10.1.1.0 0.0.0.255 end debug ip packet detail 101

Correct Answer: E
QUESTION 25
What would the Certkiller network administrator use in order to send vendor-specific information about callback from a RADIUS server to a Cisco router?
A. Check item 26, vendor code 9, lcp:callback-dialstring=3175551407
B. Check item 9, reply attribute 26, lcp:callback-dialstring=3175551407
C. Reply attribute 9, vendor code 26, lcp:callback-dialstring=3175551407
D. Check item 9, vendor code 26, lcp:callback-dialstring=3175551407
E. Reply attribute 26, vendor code 9, lcp:callback-dialstring=3175551407
Correct Answer: E
QUESTION 26
Exhibit:

If a route running IOS is configured as shown and the TACACS server is down, what will happen when someone telnets into the router?
A. Using the local username, the us4r will pass authentication but fail authorization.
B. The user will be able to gain access using the local username and password, since list vty will be checked.
C. Suing the local username, the user will bypass authentication and authorization since the server is down.
D. The user will receive a massage saying “The TACACS+ server is down, please try again later.”

Correct Answer: A
QUESTION 27
What answer describes a network service that would be flagged as high risk and disabled by SDM?
A. SNMP
B. FTP
C. SSH
D. TELNET

Correct Answer: A
QUESTION 28
Which statements about TACACS+ are true? (Select three)
A. If more than one TCACS+ server is configured and the first one does not respond within a given timeout period, the next TACACS+ server in the list will be contacted.
B. The TACACS+ server’s connection to the NAS encrypts the entire packet, if a key is used at both ends.
C. The TACACS+ server must use TCP for its connection to the NAS.
D. The TACACS+ server must use UDP for its connection to the NAS.
E. The TACACS+ server may be configured to use TCP of UDP for its connection to the NAS<

Correct Answer: ABC
QUESTION 29
What is the best explanation for the command aaa authentication ppp default if-needed tacacs+?
A. If authentication has been enabled on an interface, use TACACS+ to perform authentication.
B. It the user requests authentication, use TACACS+ to perform authentication.
C. If the user has already been authenticated by some other method, do not urn PPP authentication.
D. If the user is not configured to run PPP authentication, do not run PPP authentication.
E. If the user knows the enable password, do not run PPP authentication.
Correct Answer: C

QUESTION 30
Which of the following statements regarding TACACS+ is valid? (Choose all that apply.)
A. Whenever more than one TACACS+ server is configured and the first one does not respond within a given timeout period, the next TACACS+ server in the list will be contacted.
B. If a key is used at both ends, the TACACS+ server’s connection to the NAS encrypts the entire packet.
C. UDP must be used by the TACACS+ server for its connection to the NAS.
D. TCP or UDP for the NAS connection must be configured on the TACACS+ server.
E. TCP must be used by the TACACS+ server for its connection to the NAS.
Correct Answer: ABE

QUESTION 31
In which way is data between a router and a TACACS+ server encrypted?
A. CHAP Challenge responses
B. DES encryption, if defined
C. MD5 has using secret matching keys
D. PGP with public keys

Correct Answer: C
QUESTION 32
What is the function of gratuitous ARP? (Choose all that apply.)
A. ARP refreshes other devices’ ARP caches after reboot.
B. ARP will look for duplicate IP addresses.
C. ARP refreshes the originating server’s cache every 20 minutes.
D. ARP will identify stations without MAC addresses.
E. ARP will prevent proxy ARP from becoming promiscuous.

Correct Answer: AB
QUESTION 33
minutes. Could be answer but the test wants only 2 Gratuitous ARP [23] is an ARP packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache. A gratuitous ARP MAY use either an ARP Request or an ARP Reply packet. In either case, the ARP Sender Protocol Address and ARP Target Protocol Address are both set to the IP address of the cache entry to be updated, and the ARP Sender Hardware Address is set to the link-layer address to which this cache entry should be updated. When using an ARP Reply packet, the Target Hardware Address is also set to the link-layer address to which this cache entry should be updated (this field is not used in an ARP Request packet).
Most hosts on a network will send out a Gratuitous ARP when they are initialising their IP stack. This Gratuitous ARP is an ARP request for their own IP address and is used to check for a duplicate IP address. If there is a duplicate address then the stack does not complete initialisation.
A.
B.
C.
D.
Correct Answer:

QUESTION 34
To what does “message repudiation” refer to what concept in the realm of email security?
A. Message repudiation means a user can validate which mail server or servers a message was passed through.
B. Message repudiation means a user can claim damages for a mail message that damaged their reputation.
C. Message repudiation means a recipient can be sure that a message was sent from a particular person.
D. Message repudiation means a recipient can be sure that a message was sent from a certain host.
E. Message repudiation means a sender can claim they did not actually send a particular message.
Correct Answer: E

QUESTION 35
What is the finction of a RARP?
A. A RARP is sent to map a hostname to an IP address.
B. A RARP is sent to map an IP address to a hostname.
C. A RARP is sent to map an MAC address to an IP address.
D. A RARP is sent to map a MAC address to a hostname.
E. A RARP is sent to map and IP address to a MAC address.

Correct Answer: C
QUESTION 36
What is the sequence number in the TACACS+ protocol? (Select two.)
A. It is an identical number contained in every packet.
B. The sequence number is a number that must start with 1 (for the fist packet in the session) and increment each time a request or response is sent.
C. The sequence number is always an odd number when sent by the client.
D. The sequence number is always an even number when sent by the client and odd when sent by the daemon.

Correct Answer: BC
QUESTION 37
In the IPSec protocol suit, transport mode & tunnel mode describe:
A. AH header and datagram layouts
B. Diffie-Hellman keying
C. SHA security algorithm
D. ESP header and datagram layouts

Correct Answer: AD
QUESTION 38
Which methods can be used to encrypt all communication between a client and a Cisco router (Multiple answer):
A. RADIUS
B. Secure-shell
C. Kerberized telnet
D. TACACS+
E. XTACACS

Correct Answer: BC
QUESTION 39
In which of the following ways does a Hash (such as MD5) differs from an Encryption (such as DES)?
A. A hash is easier to break.
B. Encryption cannot be broken.
C. A hash, such as MD5, has a final fixed length.
D. A hash is reversible.
E. Encryption has a final fixed length.
F. None of the above.
Correct Answer: C

QUESTION 40
What is the maximum number of combinations of a key is possible with a 56-bit key?
A. 1056
B. 228
C. 256
D. 56
E. 56000

Correct Answer: C
QUESTION 41
Which of the following ports are commonly used for Kerberos communication:
A. TCP Port 534
B. TCP/UDP Port 634
C. TCP/UDP Port 88
D. UDP Port 527
E. None of the above.

Correct Answer: C
QUESTION 42
Which three protocols are typically required to tunnel IPSec Traffic, including Multicast? (Seelct three)
A. ESP
B. NTP
C. SCEP
D. ISAKMP
E. ICMP
F. GRE
G. CEP

Correct Answer: ADF
QUESTION 43
What type of ICMP unreachable packet is using in conjunction with IPSec to allow normal operations of PMTU discovery?
A. ICMP type 3 code 4
B. ICMP type 3 code 3
C. ICMP type 3 code 2
D. ICMP type 3 code 1

Correct Answer: A
QUESTION 44
In the IPSec suite of protocols, which are two of the main fields of the Security Association? (Multiple answer)
A. SPI
B. Connection ID
C. Proxy IP addresses
D. BIA (Burned in Address)
E. MAC address
Correct Answer: AB

QUESTION 45
What is NOT an example of supported ISAKMP credentials?
A. Pre-shared
B. RSA
C. Certificate authority
D. Perfect Forward Secrecy

Correct Answer: D QUESTION 46
What strategy best describes hot to pass EIGRP update through an IPSec tunnel?
A. Define the IPSec tunnel as an interface on the router and specify that interface in the EIGRP configuration
B. Define the IPSec proxy to allow and accept broadcast traffic
C. Define the IPSec proxy to allow only EIGrp traffic through the tunnel
D. Define a GRE tunnel, send the EIGRP updates through the GRE and encrypt all GRE traffic

Correct Answer: D QUESTION 47
Cipher text can be defined as:
A. The key used to encrypt a message
B. The public key that has been exchanged with a peer and is used to determine the original message
C. The post-encrypted message that travels on the wire
D. The key used for a one way hash in an IPSec Phase Tow exchange
E. The result of a message after it has been decrypted on the receiving and

Correct Answer: C QUESTION 48
Network topology exhibit

The client Certkiller A can ping through the GRE runnel to the Certkiller B server and receive small files just fine, but large web page download and file transfer will fail. “debug ip icmp” on router 2 shows “frag. Needed and DF set unreachable” messages sent to the server. Which are possible solutions to this problem?
A. If the physical link between Router Certkiller 1 and Router Certkiller 2 can support a MTU size greater than 1524 bytes, then increase the interfaces MTU between the tunnel and points to greater than 1524 bytes, then
B. Decrease the physical interface MTU between the tunnel and points to less than 1476 bytes.
C. Increase the IP MTU on the tunnel interfaces to 1500
D. Enable “ip unreachables” on all interfaces on Router Certkiller 2
E. Check to see if there is a filtering device between Router Certkiller 2 and the server that’s blocking ICMP messges. If so, change the filter rule to allow ICMP

Correct Answer: A
QUESTION 49
What would the recommended way to secure a credit card number on a public server?
A. Encrypt the credit card number with a key known only by the admin or root account
B. Encrypt the credit card number with a key derived by a combination of identity and password information entered by the user when they log onto the server
C. Encrypt the credit card number with a randomly generated key hash under control of the admin or root account
D. Encrypt the credit card number with a fixed key but regenerate the key on a frequent basis

Correct Answer: B
QUESTION 50
What IPSec component is used to ensure the integrity of the in an IP packet?
A. ESP-DES
B. AH
C. IPSH
D. TTL

Correct Answer: B
QUESTION 51
What built-in feature of the IPSec header is used to protect against replay attacks?
A. Initialization vector
B. Redundancy tag
C. Resend cookie
D. Header CRC
E. Sequence number

Correct Answer: E
QUESTION 52
Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data? (Select one)
A. Spoof Attack
B. Smurf Attack
C. Man in the Middle Attack
D. Trojan Horse Attack
E. Back Orifice Attack
Correct Answer: C
QUESTION 53
Network topology exhibit.

In the shown debugs from the router 192.1.1.1. why are are outbound IPSec packets in the debugs not seen? IP: s=200.1.1.2(Ethernet0), d=192.1.1.1(Ethernet0), len 136, rcvd3, proto=50 IP: s=10.1.2.2 (Ethernet0), d=10.1.1.10 (Ethenet1), g=10.1.1.10, len 84, forward ICMP type=8, code=0 IP: s=10.1.1.10 (Ethernet1), d=10.1.2.2 (Loopback0), g=10.0.0.2, len 84, forward ICMP type=0, code=0
A. Router debugging works by displaying the packet in the outbound direction before IPSec is applied to the outbound packet.
B. IPSec proxies do not match at either end.
C. There would be no debugs because the return pings would not go through the IPSec tunnel.
D. The crypto map is not correctly applied to the outbound interface 192.1.1.1.

Correct Answer: A
QUESTION 54
What statement is FALSE about Simple Certificate Enrollment Protocol (SCEP)?
A. SCEP is used to obtain the CA’s certificate.
B. SCEP uses HTTP as a transport mechanism.
C. SCEP is used to obtain CRLs.
D. SCEP is used for router to router communication to check the peer’s enrollment certificate.

Correct Answer: D
QUESTION 55
A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)
A. Invalid Username
B. Invalid Password
C. Authentication Failure
D. Login Attempt Failed
E. Access Denied
Correct Answer: AB

QUESTION 56
Which are the correct port numbers use for IPSec communication?
A. IP Protocol 51 for ESP, IP Protocol 50 for AH
B. IP Protocol 50 for ESP, IP Protocol 51 for AH
C. IP Protocol 51 for ESP, IP Protocol 500 for AH
D. TCP 51 for ESP, TCP 50 for AH
E. TCP 50 for ESP, TCP 51 for AH

Correct Answer: B QUESTION 57
Exhibit:

A network Admin is having problems getting two IPSec routers t o authenticate using RSA-sig as an authentication method. The output of the IOS command show crypto ca cert yields the following output.
What is the likely reason for the authentication failure?
A. The current date of the router is out of the range of the certificate’s validity date.
B. The certificate has a leading one in the serial number field which violated the x.509 certificate standard.
C. The router has not yet obtained an identity certificate form the root. CA.
D. The root CA has rejected the other routers attempt to authenticate.

Correct Answer: A QUESTION 58
Exhibit:

The security Manager has configured two router with the IPSec access lists shown. What behavior is expected if a telnet is launched form 20.1.1.20, destined for 10.1.1.10?
A. Traffic from 10.1.1.0/24 from Router Certkiller 1 will be encrypted when going to addesses 20.1.1.0/24 on Router.
B. Telnet traffic to and from 20.1.1.10 will be encrypted.
C. Phase Two negotiation will fail with invalid proxies and traffic will not flow.
D. Phase Two will pass, but traffic will to be encrypted.

Correct Answer: C
QUESTION 59
The Certkiller Network Administrator is trying to configure IPSec with a remote system. When a tunnel is initiated from the remote end, the security associations (SAs) come up without errors. However, the
administrator received a report that encrypted traffic is never successfully sent between the two endpoints.
What is a possible cause?
A. NAT could be running between the two IPSec endpoints.
B. A mismatched transform set between the two IPSec endpoints.
C. There is a NAT overload running between the two IPSec endpoints.
D. Mismatched IPSec proxy between the two IPSec endpoints.

Correct Answer: C

Each Answers in Cisco 350-030 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.