Easily Pass Cisco 350-030 Exam With Latest Cisco 350-030 VCE And PDF

New Dumps! Want to pass the Cisco 350-030 exam in the first time? Worry about the new changed questions,just try the newest Cisco 350-030 exam dumps from Flydumps,also we offer the latest Cisco 350-030 PDF and VCE dumps with New Version VCE Player for free download, and the new Cisco 350-030 practice tests ensure your exam easily pass.

Exam A QUESTION 1
Network topology exhibit:

Host Certkiller A and Host Certkiller B are on Ethernet LANs in different buildings. A serial line is installed between two Cisco routers using Cisco HDLC serial line encapsulation. Routers Certkiller 1 and Certkiller 2 are configured to route IP traffic. Host Certkiller A sends a packet to Host Certkiller B. A line hit on the serial line cause an error in the packet. When this is detected, the retransmission is sent by:
A. Host Certkiller A
B. Host Certkiller B
C. Router Certkiller 1
D. Router Certkiller 2
E. Protocol analyzer

Correct Answer: A
QUESTION 2
The BGP backdoor command:
A. Changes the distance of an iBGP route to 20
B. Changes the distance of an eBGP route to 200
C. Changes the distance of an IGP route to 200
D. Changes the distance of an IGP route to 20
E. Does not change the distance of the route

Correct Answer: B
QUESTION 3
A POP3 client contacts the POP3 server:
A. To send mail
B. To receive mail
C. to send and receive mail
D. to get the address to send mail to
E. initiate a UDP SMTP connection to read mail
Correct Answer: B

QUESTION 4
What are the main drawbacks for anti-virus software?
A. AV software is difficult to keep up to the current revisions.
B. AV software can detect viruses but can take no action.
C. AV software is signature driven so new wxploits are not detected.
D. It’s relatively easy for an attacker to change the anatomy of an attack to bypass AV systems
E. AV software isn’t available on all major operating systems platforms.
F. AV software is very machine (hardware) dependent.

Correct Answer: C
QUESTION 5
TACACS + and RADIUS authentication can be used on the same router if:
A. The tacacs extended command is used.
B. Multilink PPP is setup cottectly.
C. Different list names are used and applied to different interfaces.
D. The login tacacs command is used on some interfaces and the login radius command is used on the remaining interfaces.
E. The radius mulitsecurity command is used.

Correct Answer: C
QUESTION 6
In network architecture, which components should be considered security devices?
A. Routers
B. Switches
C. Firewalls
D. Intrustion detection Applicances
E. VPN Concentrators
F. All of the above

Correct Answer: F
QUESTION 7
What RADIUS AV pair is NOT vendor specific?
A. Icp:callback-dialstring=3179721407
B. Ip:callback-rotary=1
C. Icp:nocallback-verify=1
D. Farmed-Compression913)=(integer)
Correct Answer: D

QUESTION 8
The purpose of RADIUS “check items” is:
A. To define the attributes to be sent to the NAS
B. To define the attributes required for authentication
C. To provide an optional list of attributes that the NAS may choose to enforce or ignore
D. To define CRC values to aid in packet integrity cheeks
E. To flag interesting items for accounting purposes
Correct Answer: B

QUESTION 9
What statement about RADIUS is true?
A. User can only be authorized if they have been authenticated first.
B. Users can only be authenticated if they have been authorized first.
C. Users can only be authenticated if they have been authorized first.
D. Accounting can only be run on users that have been authenticated./
E. Accounting can only be run on users that have been athorized.

Correct Answer: A
QUESTION 10
In order to send vendor-specific information about callback from a RADIUS server to a Cisco router, a network administrator would use:
A. Check item 26, vendor code 9, lcp:callback-dialstring=3175551407
B. Check item 9, vendor code 26, lcp:callback-dialstring=3175551407
C. Check item 9, reply attribute 26, lcp:callback-dialstring=3175551407
D. Reply attribute 9, vendor code 26 lcp:callback-dialstring=3175551407
E. Reply attribute 26, vendor code 9, lcp:callback-dialstring=3175551407

Correct Answer: E
QUESTION 11
Which of the following statements regarding the RADIUS authentication protocol is valid? (Choose all that apply.)
A. UDP 1812 is specified in RFC 2138.
B. UDP 1645 is commonly used by many vendors.
C. UDP 1647 is specified in RFC 2139.
D. UDP 48 is commonly used by many vendors.

Correct Answer: AB
QUESTION 12
What is the function of the RADIUS attribute represented by the value 26?
A. It specifies accounting data specific to a particular vendor service.
B. It specifies the vendor name of the NAS.
C. It allows vendors to define out-of-band RADIUS timeouts.
D. It transmits vendor-specific attributes.

Correct Answer: D
QUESTION 13
Which of the following statements regarding the DLCI field in the Frame Relay header is valid?
A. It consists of two portions, namely source and destination, which map data to a logical channel.
B. It usually only has significance between the local switch and the DTE device.
C. It is an optional field in the ITU-T specification.
D. It is only present in data frames that are sent through the network.

Correct Answer: B
QUESTION 14
What information will be received from the ISP authentication server when a user dials into the ISP router of a VPDN network as ‘[email protected]’ and the router is using TACACS+ or RADIUS authentication and authorization?
A. The tunnel-id and IP address of the Home Gateway (HGW) router based on domain abc.xzy.
B. An access-accept or access-reject (if RADIUS) or a PASS or FAIL (if TACACS) for userid [email protected].
C. The tunnel-id, IP address of the HGW router, and the IP address of outgoing ISP router interface based on domain abc.xzy.
D. The IP address of the HGW router and IP address of the outgoing ISP router interface based on domain abc.xzy.

Correct Answer: B
QUESTION 15
The newly appointed Certkiller trainee technician wants to know what are the only two part found in a RADIUS user profile. What will your reply be?
A. Reply attributes, check attributes
B. Check items, reply attributes
C. Check attributes, reply items
D. Reply items, check items

Correct Answer: B
QUESTION 16
Which of the following is never included in a RADIUS Access-Accept response?
A. The type of service
B. An Access-Challenge
C. An IP Addres
D. The MTU
E. The user’s encrypted password, using the shared secret key as an MD5 hash key.

Correct Answer: E
QUESTION 17
The Certkiller network administrator was requested to design a dial-in solution that will allows both scripted login for dial in clients and pure PPP login for packet mode connections. The network administrator must configure the NAS to authenticate both types of users with RADIUS.
Assuming the lines and interfaces are configured correctly, which of the following represents the correct AAA authentication configuration?
A. aaa new-model aaa authentication login default radius aaa authentication ppp default-if-needed radius
B. aaa new-model aaa authentication default radius
C. aaa new-model aaa authentication slip default radius aaa authentication ppp default radius
D. aaa new-model aaa authentication radius default
E. aaa new-model aaa authentication login default radius aaa authentication ppp default radius

Correct Answer: A
QUESTION 18
What are the reasons for the differences in convergence for Link State protocols and Distance Vector protocols in general? (Choose all that apply.)
A. Poison reverse updates are sent by link state protocols.
B. The Designated Router handles route calculation centrally and updates all routers.
C. Link state updates are sent to all routers through “flooding”.
D. Periodical partial updates from all routers can be processed more quickly than regular full updates from neighbors.

Correct Answer: BD
QUESTION 19
With regard to the CERT/CC, which of the following isd true.
A. It is a clearinghouse for security and vulnerability information.
B. It maintains Secure Computing standards.
C. It provides Certificates of Authority services for the public.
D. It coordinates orchestrated attacks on political network targets.
E. It is in charge of issuing new TLAs for new technologies.

Correct Answer: A
QUESTION 20
You are the network administraot at Certkiller . Certkiller has a CiscoSecure UNIX. Your newly appointed Certkiller trainee technician wants to know how RADIUS debugging turned on for the CiscoSecure UNIX.
What will your reply be?
A. Set the server value to debug in the advanced GUI, and modify the syslog.conf and CSU.cfg files.
B. Modify the syslogd.conf and CSU.cfg files.
C. Modify the CSU.cfg file.
D. Issue the debug radius command.
E. Issue the debug UNIX command.

Correct Answer: A
QUESTION 21
Cisco’s RADIUS implementation supports one vendor-specific option using which of the following formats?
A. Vendor-ID 26, and the supported option has vendor-type 1, which is named “cisco-avpair”.
B. Vendor-ID 9, and the supported option has vendor-type 26, which is named “cisco-avpair”.
C. Vendor-ID 9, and the supported option has vendor-type 1, which is named “cisco-avpair”.
D. Vendor-ID 1, and the supported option has vendor-type 9, which is named “cisco-avpair”.
E. Vendor-ID 1, and the supported option has vendor-type 9, which is named extened “cisco-avpair”.
F. All of the above.

Correct Answer: C
QUESTION 22
Why would you advice the new Certkiller trainee technician to configure a “clients” file on a RADIUS server?
A. To define a list of remote node devices that users may use for connectivity to the network.
B. To define a list of IP hosts that are granted permissions to administer the RADIUS database.
C. To define a list of users and their access profiles.
D. To define a list of NASs the RADIUS server for communcation purposes.
E. All of the above.

Correct Answer: D
QUESTION 23
Exhibit: CA Certificate Status: Available Certificate Serial Number: 68690A1A21B65B343679274B37E7BB Key Usage: Signature CN = Version CertServer OU = user O = user L = User City ST = CA C = US EA =<16> [email protected] Validity Date: start stae: 14.32.48 PST Mar 17 2000 end date: 14:41:28 PST Mar 17 2002 You are the network administrator at Certkiller . You are experiencing problems getting two IPSec routers to authenticate using RSA-sig as an authentication method. The output of the IOS command show crypto ca cert yields the above output.
What is the most probable reason for this authentication failure?
A. The certificate has a leading one in the serial number field which violated the x.509 certificate standard.
B. The router has not yet obtained an identity certificate from the root CA.
C. The current data of the router is out of the range of the certificate’s validity date.
D. The root CA has rejected the other routers attempt to authenticate.
E. None of the above.
Correct Answer: C
QUESTION 24
Exhibit:

The Certkiller Network Administrator can view user traffic reaching the router. However, the administrator also wants to see the return traffic from the server as well.
What other commands is necessary to be configured to enable viewing both the outgoing and return traffic, without overwhelming the router?
A. config t int ethernet1 no ip route-cache end
B. config t int ethernet0 no ip route-cache end debug ip packet detail any 10.1.1.0 0.0.0.255
C. config t int ethernet0 no ip route-cache access-list 1 permit 10.1.1.0 255.255.255.0 end debug ip packet detail 1
D. config t int ethernet1 no ip route-cache no access-list 1 access-list 101 permit ip 10.1.1.0 0.0.0.255 any access-list 101 permit ip any 10.1.1.0 0.0.0.255 end debug ip packet detail 101
E. config t int ethernet1 no ip route-cache access-list 101 permit ip 10.1.1.0 0.0.0.255 any access-list 101 permit ip any 10.1.1.0 0.0.0.255 end debug ip packet detail 101

Correct Answer: E
QUESTION 25
What would the Certkiller network administrator use in order to send vendor-specific information about callback from a RADIUS server to a Cisco router?
A. Check item 26, vendor code 9, lcp:callback-dialstring=3175551407
B. Check item 9, reply attribute 26, lcp:callback-dialstring=3175551407
C. Reply attribute 9, vendor code 26, lcp:callback-dialstring=3175551407
D. Check item 9, vendor code 26, lcp:callback-dialstring=3175551407
E. Reply attribute 26, vendor code 9, lcp:callback-dialstring=3175551407
Correct Answer: E
QUESTION 26
Exhibit:

If a route running IOS is configured as shown and the TACACS server is down, what will happen when someone telnets into the router?
A. Using the local username, the us4r will pass authentication but fail authorization.
B. The user will be able to gain access using the local username and password, since list vty will be checked.
C. Suing the local username, the user will bypass authentication and authorization since the server is down.
D. The user will receive a massage saying “The TACACS+ server is down, please try again later.”

Correct Answer: A
QUESTION 27
What answer describes a network service that would be flagged as high risk and disabled by SDM?
A. SNMP
B. FTP
C. SSH
D. TELNET

Correct Answer: A
QUESTION 28
Which statements about TACACS+ are true? (Select three)
A. If more than one TCACS+ server is configured and the first one does not respond within a given timeout period, the next TACACS+ server in the list will be contacted.
B. The TACACS+ server’s connection to the NAS encrypts the entire packet, if a key is used at both ends.
C. The TACACS+ server must use TCP for its connection to the NAS.
D. The TACACS+ server must use UDP for its connection to the NAS.
E. The TACACS+ server may be configured to use TCP of UDP for its connection to the NAS<

Correct Answer: ABC
QUESTION 29
What is the best explanation for the command aaa authentication ppp default if-needed tacacs+?
A. If authentication has been enabled on an interface, use TACACS+ to perform authentication.
B. It the user requests authentication, use TACACS+ to perform authentication.
C. If the user has already been authenticated by some other method, do not urn PPP authentication.
D. If the user is not configured to run PPP authentication, do not run PPP authentication.
E. If the user knows the enable password, do not run PPP authentication.
Correct Answer: C

QUESTION 30
Which of the following statements regarding TACACS+ is valid? (Choose all that apply.)
A. Whenever more than one TACACS+ server is configured and the first one does not respond within a given timeout period, the next TACACS+ server in the list will be contacted.
B. If a key is used at both ends, the TACACS+ server’s connection to the NAS encrypts the entire packet.
C. UDP must be used by the TACACS+ server for its connection to the NAS.
D. TCP or UDP for the NAS connection must be configured on the TACACS+ server.
E. TCP must be used by the TACACS+ server for its connection to the NAS.
Correct Answer: ABE

Cisco 350-030 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 350-030 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 350-030 review questions help you assess your knowledge and reinforce key concepts.Cisco 350-030 exercises help you think about exam objectives in real-world situations, thus increasing recall during exam time.

You may also like...