350-001 braindumps
Testinside 350-001 braindumps with high quality and low price. Before you take the exam, you may have a view of it!
1. Which three statements are true regarding Cisco IOS Firewall configurations? (Choose three.)
A. An IP inspection rule can be applied in the inbound direction on a secured interface.
B. An IP inspection rule can be applied in the outbound direction on an unsecured interface.
C. An ACL that is applied in the outbound direction on an unsecured interface must be an extended ACL.
D. An ACL that is applied in the inbound direction on an unsecured interface must be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, an IP inspection rule must be applied to the secured interface.
Answer: ABD
2. The ip inspect inspection-name {in | out} command is used to configure which IOS security feature?
A. IPS
B. IPsec site-to-site VPN
C. Cisco IOS Firewall
D. Cisco AutoSecure
E. IDS
F. Easy VPN
Answer: C
3. What is the purpose of an explicit “deny any” statement at the end of an ACL?
A. none, since it is implicit
B. to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually required
C. to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually required
D. to allow the log option to be used to log any matches
E. to prevent sync flood attacks
F. to prevent half-opened TCP connections
Answer: D
4. Which Cisco IOS feature can be used to defend against spoofing attacks?
A. Cisco IOS Firewall (CBAC)
B. lock-and-key ACL and/or reflexive ACL
C. IP Source Guard and/or Unicast RPF
D. TCP Intercept
E. Cisco IOS IPS
F. Auth-Proxy
Answer: C
5. Which of these is mandatory when configuring Cisco IOS Firewall?
A. Cisco IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. a route map to define the trusted outgoing traffic
D. a route map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface
Answer: E
6. For an MPLS label, if the stack bit is set to 1, which of these is correct?
A. The stack bit is reserved for future use.
B. The label is the last entry in the label stack.
C. The stack bit will only be used when LDP is the label distribution protocol.
D. The stack bit is for Cisco implementations exclusively and will only be used when TDP is the label distribution protocol.
E. The label is the top entry in the label stack and will remain set to 1 until the last entry, the bottom label, is reached.
Answer: B
If you want more 350-001 braindumps, i suggest you to login on Testinside. Good luck!