Cisco 350-030 New Questions, New Release Cisco 350-030 Exam UP To 50% Off

Most accurate Cisco 350-030 practice test for you to free download.csci-scrc is also an authenticated IT certifications site that offer all the new questions and answers timely.Visit the site Flydumps.com to get free Cisco 350-030 VCE test engine and PDF.

QUESTION 61
What is the consequence that one can expect when an IPSec authentication header (AH) is used in conjunction with NAT on the same IPSec endpoint?
A. NAT has no impact on the authentication header.
B. IPSec communication will fail due to AH creating a hash on the entire IP packet before NAT.
C. Only IKE will fail due to AH using only IKE negotiation.
D. AH is no a factor when used in conjunction with NAT, unless Triple DES is included in the transform set.

Correct Answer: B
QUESTION 62
Which of the following statements regarding SNMP v1 community strings is valid?
A. SNMP v1 community strings are encrypted across the wire.
B. SNMP v1 community strings can be used to gain unauthorized access into a device if the read-write string is known.
C. SNMP v1 community strings are always the same for reading & writing data.
D. SNMP v1 community strings are used to define the community of devices in a single VLAN.

Correct Answer: B
QUESTION 63
How many IPSec security associations should be active on the system under normal circumstances, after a single IPSec tunnel has been established?
A. One per protocol (ESP and AH)
B. Two per protocol (ESP and AH)
C. Three per protocol (ESP and AH)
D. Four per protocol (ESP and AH)
E. Five total (either ESP or AH)
Correct Answer: B
QUESTION 64
Which of the following does NOT qualify to be an example of a supported ISAKMP keying mechanism?
A. Pre-shared
B. Perfect Forward Secrecy
C. RSA
D. Certificate authority

Correct Answer: B
QUESTION 65
What does the transport mode & tunnel mode in the IPSec protocol suite describe?
A. It describes AH header and datagram layouts.
B. It describes Diffie-Hellman keying.
C. It describes SHA security algorithm.
D. It describes ESP header and datagram layouts.

Correct Answer: D
QUESTION 66
Exhibit: /etc/hosts.equiv:
2.2.2.2 /etc/passwd: user_B:x:1003:1:User B:/export/home/user_B:/bin/ksh user_C:x:1004:1:User C:/export/home/user_C:/bin/ksh with host_B having the ip 2.2.2.2 & host C having the ip 3.3.3.3 Given the files shown in the exhibit, which policy would be enforced?
A. Allow user_B on Host_B to access host_A via rlogin, rsh, rcp, & rcmd without a password.
B. Allow users to telnet from host_B to host_A but prevent users from telnetting from unlisted hosts including host_C
C. Allow users on host_A to telnet to host_B but not to unlisted hosts including host_C
D. Allow user_B to access host_A via rlogin, rsh, rcp, & rcmd with a password but to prevent access from unlisted hosts including host_C

Correct Answer: A
QUESTION 67
Given the situation where two routers have their SA lifetime configured for 86399 seconds and 2 million kilobytes. What will happen after 24 hours have passed and 500 KB of traffic have been tunneled?
A. If pre-shared keys are being used, traffic will stop until new keys are manually obtained and inputted.
B. The SA will be renegotiated.
C. The SA will not be renegotiated until 2 MB of traffic have been tunneled.
D. Unencrypted traffic will be sent.

Correct Answer: B
QUESTION 68
The Certkiller Security Manager needs to configure an IPSec connection using ISAKMP with routers from mixed vendors. Which information would be superfluous when configuring the local security device to communicate with the remote machine?
A. Remote peer address.
B. Main mode attributes.
C. Peer gateway subnet.
D. Quick mode attributes.
E. Addresses that need to be encrypted.
F. Encryption authentication method.

Correct Answer: C QUESTION 69
Why is an ISAKMP NOTIFY message used between IPSec endpoints?
A. ISAKMP NOTIFY message informs the other side of failures that occurred.
B. ISAKMP NOTIFY message informs the other side of the status of an attempted IPSec transaction.
C. ISAKMP NOTIFY message informs the other side when a physical link with an applied SA has been torn down.
D. ISAKMP NOTIFY message informs the other side when an SA has been bought up on an unstable physical connection; potential circuit flapping can cause problems for SPI continuity.

Correct Answer: B QUESTION 70
Exhibit:

What could be the most likely reason why Host 1 cannot ping Host 2 and Host 2 cannot ping Host 1?
A. Split horizon issue.
B. Default gateway on hosts.
C. Routing problem with RIP.
D. All of the above.

Correct Answer: B
QUESTION 71
Which of the following statements regarding the Diffie-Hellman key exchange is invalid?
A. The local secret key is combined with known prime numbers n and g in each router for the purposes of generating a Public key.
B. Each router uses the received random integer to generate a local secret (private) crypto key.
C. Each router combines the private key received from the opposite router with its own public key in the creation of a shared secret key.
D. The two routers involved in the key swap generate large random integers (i), which are exchanged covertly.

Correct Answer: A
QUESTION 72
Exhibit: Configuration of Router A: crypto map tag 1 ipsec-isakmp set security-association lifetime seconds 240 set security-association lifetime kilobytes 10000 Configuration of Peer Host Router B: crypto map tag 1 ipsec-isakmp set security-association lifetime seconds 120 set security-association lifetime kilobytes 20000 Router A is configured as shown. What situation will you encounter after 110 seconds and 1500 kilobytes of traffic?
A. There will be no communication between Router A and Router B because the security association lifetimes were misconfigured; they should be the same.
B. The security association will not be renegotiated until 20000 kilobytes of traffic have traversed the link, because the interval will be the greater of 2 parameters – time and kilobytes.
C. Security association renegotiation will have started by default
D. The present security associations will continue until almost 240 seconds have elapsed, assuming the same traffic pattern and rate.

Correct Answer: C
QUESTION 73
The newly appointed Certkiller trainee technician wants to know which encryption algorithm is used for Microsoft Point-to-Point Encryption. What will your reply be?
A. DES CBC
B. RSA RC4
C. RSA CBC
D. DES RC4

Correct Answer: B
QUESTION 74
What type of crypto maps and keying mechanism would advice the new Certkiller trainee technician to be the most secure for a router connecting to a dial PC IPSec client?
A. Static crypto maps with pre-shared keys.
B. Static crypto maps with RSA.
C. Dynamic crypto maps with CA.
D. Dynamic crypto maps with pre-shared keys.

Correct Answer: C
QUESTION 75
You are the Certkiller network administrator. The Certkiller network is using Certificate Authorizes (CA) for ISAKMP negotiation. You want to configure ISAKMP.
Which of the following will work? (Select one)
A. crypto isakmp policy 4 authentication cert-rsa
B. crypto isakmp policy 4 authentication ca
C. cpto isakmp policy 4
authentication cert-sig
D. crypto isakmp policy 4 authentication rsa-sig
E. cryptp isakmp policy 4 authentication rsa-enc

Correct Answer: D
QUESTION 76
You are the network administrator at Certkiller . A workstation on the Certkiller network has been the victim of a program that invokes a land.c attack.
The newly appointed Certkiller trainee technician wants to know what this program does. What will your reply be?
A. It sends a stimules stream of ICMP echo requests (“pings”) to the broadcast address of the reflector subnet, the source addresses of these packets are falsified to be the address of the ultimate target.
B. It sends a stimulus stream of UDP echo requests to the broadcast address of the reflector subnet, the source addresses of these packets are falsified to be the address of the ultimate target.
C. It sends an IP datagram with the protocol field of the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset *8)+ (IP data length) 65535; in other words, the IP offser (which represents the starting position of this fragment in the original packet, and which is in 8 byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
D. It sends a TCP SYN packet (a connection initiation), giving the target host’s address as both source and destination, and using the same port on the target host as both source and destination.

Correct Answer: D
QUESTION 77
You are the network administrator at Certkiller . You want to pass RIP updates through an IPSec tunnel.
What should you do?
A. Define the IPSec tunnel as an interface on the router and specify that interface in the RIP configuration.
B. Define the IPSec proxy to allow and accept broadcast traffic.
C. Define the IPSec proxy to allow only RIP traffic through the tunnel.
D. Define a GRE tunnel, send the RIP updates through the GRE and encrypt all GRE traffic.
Correct Answer: D
QUESTION 78
Which off the following lists the correct port numbers required for IPSec communication?
A. UDP 500 ISAKMP, IP Protocol 51 for ESP, IP Protocol 50 for AH
B. UDP 500 ISAKMP, IP Protocol 50 for ESP, IP Protocol 51 for AH
C. UDP 500 ISAKMP, IP Protocol 51 for ESP, IP Protocol 500 for AH
D. UDP 500 ISAKMP, TCP 51 for ESP, TCP 50 for AH
E. UDP 500 ISAKMP, TCP 50 for ESP, TCP 51 for AH
Correct Answer: B
QUESTION 79
How can a Denial of Service (DoS) attack to a Firewall device be carried out?
A. By flooding the device through sending excessive mail messages to it..
B. Sending excessive UDP packets to it.
C. By sending more packets to the device that it can process.
D. Sending ICMP pings with very large data lenghts to it.
E. All of the above.

Correct Answer: E QUESTION 80
Which of the following IPSec components can be used to ensure the integrity of the data in an IP packet?
A. ESP
B. IPSH
C. AH
D. TTL
E. None of the above.

Correct Answer: C QUESTION 81
How would you characterize the source and type in a denial of service attack on a router?
A. By performing a show ip interface to see the type and source of the attack based upon the access-list matches.
B. By performing a show interface to see the transmitted load (txload) and receive load (rxload); if the interface utilization is not maxed out, there is no attack underway.
C. By setting up an access-list to permit all ICMP, TCP, & UDP traffic with the log or log-input commands, then use the show access-list and show log commands to determine the type and source of attack.
D. By applying an access-list to all incoming & outgoing interfaces, turn off route-cache on all interfaces, then, when telnetted into the router perform a debug ip packet detail.

Correct Answer: C QUESTION 82
The Certkiller Network Administrator makes use of manual keys in her IPSec implementation. However, when data is sent across the tunnel, an error is generated that indicates malformed packets.
What is the most probable reason for this error?
A. Unmatching cipher keys on both sides.
B. Incomplete Phase One negotiation.
C. Corrupted packets due to invalid key exchanges.
D. Mismatched ISAKMP pre-shared keys on both sides.

Correct Answer: D QUESTION 83
IKE Phase 1 policy negotiation can include:
A. Main Mode
B. Neither Main Mode or Quick Mode
C. Either Aggressive Mode or Main Mode
D. Quick Mode only
E. IPSec mode
F. Aggressive mode

Correct Answer: C QUESTION 84
IKE Phase 1 policy does not include negotiation of the:
A. Encryption algorithm
B. Authentication method
C. Diffie-Hellman group
D. Lifetime
E. Crypto-map access-lists

Correct Answer: E
QUESTION 85
IKE Phase 1 policy negotiation includes:
A. Main mode
B. Aggressive mode
C. Either Main mode or Aggressive mode
D. Neither Main mode nor Aggressive mode

Correct Answer: C
QUESTION 86
Network Topology Exhibit:

Given the shown Ipsec example and IPSec with IKE, when a user attempts to telnet form network 1.1.1.X to network 3.3.3.X:
A. The telnet will succeed but the traffic will not be encrypted.
B. The telnet will fail because the access lists are asymmetric
C. The telnet will succeed and the traffic will be bidirectionally encrypted
D. The telnet will fail because access-list 101 should have been applied to router A’s interface 1.1.1.2

Correct Answer: B QUESTION 87
RPF is an acronym for which of the following: A. Reverse Path Flooding
B. Router Protocol Filter
C. Routing Protocol File
D. Reverse Path Forwarding
E. None of the above.

Correct Answer: D
QUESTION 88
Which negotiation is excluded from IKE Phase 1 policy?
A. Encryption algorithm
B. Authentication method.
C. Crypto-map access-list
D. Diffie-Hellman group.
E. Lifetime
F. All of the above.

Correct Answer: C
QUESTION 89
PPTP:
A. Shares TPC and UDP ports 137, 128, & 139 with NetBIOS traffic.
B. Is a modified version of GRE.
C. Uses TCP ports 1030, 1031, & 1032.
D. Used UDP ports 1030, 1031, & 1032.

Correct Answer: B
QUESTION 90
You are the network technician at Certkiller . You are implementing a firewall on the Certkiller network.
You need to ensure that PPTP can pass through the firewall. Which of the following should you permit?
A. IP Protocol 47 and UDP 1723
B. IP Protocol 47 and TCP 47.
C. IP Protocol 47 and TCP 1723.
D. IP Protocol 1723 and TCP 47.
E. TCP and UDP 1723.
Correct Answer: C
QUESTION 91
802.1x is initiated by which actions?
A. A machine that is plugged into a switch activates it’s Ethernet port
B. A switch or router sends an EOL start message
C. A certificate being passed to an authentication server
D. A radius authentication server request from a client
Correct Answer: A
QUESTION 92
What would be the best reason for selecting L2TP as a tunnel protocol for a VPN Client?
A. L2TP uses TCP as a lower level protocol so the transmission are connection oriented, resulting in more
reliable delivery.
B. L2TP uses PPP so address allocation and authentication is built into the protocol instead of relying on IPSec extended functions, like mode config and x-auth.
C. L2TP does not allow the use of wildcard pre-shred keys, which is not as secure as some other methods.
D. L2TP has less overhead than GRE.

Correct Answer: B
QUESTION 93
A Security Manager needs to allow L2TP traffic through the firewall into the Internet network.
What ports generally need to be opened to allow this traffic to pass?
A. TCP/UDP 1207
B. TCP/UDP 500
C. IP 50, IP 51
D. TCP 49
E. UDP 1701
F. TCP 1072

Correct Answer: E
QUESTION 94
What process will normally occur if an active Main Mode generated Phase One security association times out?
A. Only Quick mode security associations will be regenerated.
B. Main mdoe and Quick mode security associations must be regenerated.
C. Aggressive mode will regenerate new security associations.
D. Only Phase One security associations must be regenerated.
E. No security associations will be regenerated.

Correct Answer: B
QUESTION 95
A Security Manager needs to allow L2TP traffic through the firewall into the Internet network.
What ports generally need to be opended to allow this traffic to pass?
A. TCP/UDP 1207
B. TCP/UDP 500
C. IP 50, IP 51
D. TCP 49
E. UDP 1701
F. TCP 1072
Correct Answer: E
QUESTION 96
Identify the two types of access hardware involved in an L2TP connection: (Multiple answer)
A. L2TP Access Concentrator (LAC)
B. Remote Access Concentrator (RAC)
C. Layer 2 Forwarding Device (L2FD)
D. L2TP Network Server (LNS)

Correct Answer: AD
QUESTION 97
When implementing network security at a specific site what would be your first step?
A. Hire a qualified consultant to install a firewall and configure your router to limit access to known traffic.
B. Run software to identify flaws in your network perimeter.
C. You must design a security policy.
D. You have to purchase and install a firewall for network protection.
E. You need to install access-control lists in your perimeter routers, to ensure that only known traffic is getting through your router.

Correct Answer: C
QUESTION 98
Why would you advice the new Certkiller trainee technician to select L2TP as a tunnel protocol for a VPN Client?
A. L2TP makes use of TCP as a lower level protocol to result in conntection oriented transmissions, resulting in more reliable delivery.
B. L2TP makes use of PPP so address allocation and authentication is built into the protocol instead of IPSec extended function reliant, like mode config and a-auth.
C. L2TP does not permit wildcard pre-shared keys usage, which is not as secure as some other methods.
D. L2TP has less overhead than GRE.

Correct Answer: B
QUESTION 99
TFTP security May be controlled by: (multiple answer)
A. A username/password
B. A default TFTP directory
C. A TFTP directory
D. A TFTP file
E. A pre-existing file on the server before it will accept a put
F. File privileges
Correct Answer: EF
QUESTION 100
Which of the following controls TFTP security? (Choose all that apply.)
A. A default TFTP directory.
B. A username/password.
C. A TFTP file.
D. A pre-existing file on the server before it will accept a put.
E. File privileges.
Correct Answer: ADE
QUESTION 101
Which of the following is a well known port commonly used for TFTP?
A. TCP 23
B. UDP 69
C. UDP 23
D. UDP 161

Correct Answer: B
QUESTION 102
Why would you advice the new Certkiller trainee technician NOT to use TFTP with authentication?
A. TFTP makes use of UDP as transport method.
B. A server initiates TFTP.
C. TFTP protocol has no hook for a username/password.
D. TFTP is already secure.
E. All of the above.

Correct Answer: C
QUESTION 103
What does the TFTP protocol do?
A. TFTP protocol makes use of the UDP transport layer and requires user authentication.
B. TFTP protocol makes use of the TCP transport layer and does not require user authentication.
C. TFTP protocol makes use of the UDP transport layer and does not require user authentication.
D. TFTP protocol makes use of TCP port 69.
E. TFTP protocol makes prevents unauthorized access by doing reverse DNS lookups before allowing a connection.

Correct Answer: C
QUESTION 104
Which statements about FTP are true? Select two.
A. FTP always uses two separate TCP sessions – one for control and one for data.
B. With passive mode FTP, both the control and data TCP session are initialed from the client.
C. With active mode FTP, the server the “PORT” command to tell the client on which port it wishes to send and data.
D. For both active and passive mode FTP, the control session on the server always TCP port 21, and the data session
Correct Answer: AB
QUESTION 105
Network topology exhibit Symptoms: Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console loggin: level warnings, 0 messages logged Monitor logging: level informational, 0 messages logged

Buffer logging: level informational, 0 messages logged Trap loggin: level informational, 0 message lines logged Note: Router Certkiller 1’s CPU is normally about 25 busy switching packets Scenario: Host Certkiller A cannot reach the Certkiller C FTP Server, but can reach Host Certkiller B. The network administrator suspects that packets are traveling from network 10.1.5.0 to the Certkiller C FTP Server, but packets are not returning. The administrator logs in to console part of Router Certkiller 1. When Host Certkiller A sends a ping to the Certkiller C FTP Server, the administrator executes a “debug ip packet” command on the router.
The administrator does not see any output, what additional commands could be used to see the packet flowing from Ethernet 0 to Ethernet 1?
A. terminal monitor
B. configure terminal logging console debug interfaces ethernet 1 no ip route-cache
C. configuring terminal logging console debug
D. configure terminal no logging buffered
E. configure terminal interface ethernet0 no ip route-cache

Correct Answer: B
QUESTION 106
A network administrator is troubleshooting a problem with FTP services. If a device blocks the data connection, the administrator should expect to see:
A. Very slow connect times
B. Incomplete execution, when issuing commands like “pwd” or “cd”
C. No problems at all
D. User login problems
E. Failure when listing a directory

Correct Answer: E
QUESTION 107
When building a non-passive FTP data connection, the FTP client:
A. Indicates the port number to be use for sending data over the command channel via the PORT command
B. Receives all data on port 20, the same port the FTP server daemon send data from
C. Uses port 20 for establishing the command channel and port 21 for the data channel
D. Initiates the connection form an ephemeral port to the RFC specified port of the server

Correct Answer: A
QUESTION 108
The Certkiller network administrator is troubleshooting a problem with FTP services. What will the administrator encounter if a device blocks the data connection?
A. The administrator will experience very slow connect times.
B. Incomplete execution, when issuing commands like “pwd” or “cd”.
C. User login problems will occur.
D. Failure when listing a directory.
E. No problems at all.

Correct Answer: D
QUESTION 109
What role does the FTP client play when building a non-passive FTP data connection?
A. The FTP client indicates the port number to be used for sending data over the command channel via the PORT command.
B. The FTP client receives all data on port 20, the same port the FTP server daemon sends data from.
C. The FTP client makes use of port 20 for establishing the command channel and port 21 for the data channel.
D. The FTP client initiates the connection from an ephemeral port to the RFC specified port of the server.

Correct Answer: A
The Cisco contains more than 400 practice questions for the Cisco 350-030 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Cisco 350-030 exams network simulation software.

You may also like...