Flydumps Cisco 350-030 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Cisco 350-030 exam objectives. You will find them to be very helpful and precise in the subject matter since all the Cisco 350-030 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.
How can you configure Cisco Easy VPN Server on a Cisco IOS router in order to allow you to apply various QoS policies to different VPN groups?
A. Configure the command qos pre-classify under the crypto map that references each VPN group.
B. Configure Cisco Easy VPN using IPsec Dynamic Virtual Tunnel Interface (DVTI) and apply service policies on the VTI that are referenced by the ISAKMP profiles matching the respective VPN groups C. It is not currently possible to apply QoS to different VPN groups
D. Configure s static VTI that allows configuration of QoS service policies with each VTI referenced by the respective VPN groups
Correct Answer: B
Which three of these are considered TCP/IP protocols? (Choose three)
Correct Answer: ACF
All of these security technologies use Rivest, Shamir, Adleman (RSA) except which one?
B. IPsec using manual keying
C. IPsec using certificates
E. IPsec using encrypted nonces
Correct Answer: B
All of these are application layer protocols based on the OSI model except which one?
Correct Answer: F
A customer just deployed Cisco IOS firewall, and it has started to experience issues with applications timing out and overall network slowness during peak hours. The network administrator noticed the following syslog messages around the time of the problem. %FW-4-ALERT_ON: getting aggressive, count (501/500) current 1-min rate 200 What could the problem be and how might it be mitigated?
A. the DoS max half-open session threshold has been reached.Increase the threshold with the ip inspect max-incomplete high configuration
B. the Cisco IOS Firewall session license limit has been exceeded.Obtain a new license with more sessions
C. The router system resource limit threshold has been reached.Replace the router with one that has more memory and CPU power
D. The aggregate virus detection threshold has been reached identify the affected host and patch accordingly
E. The per-host new session establishment rate has been reached Increase the threshold with the ip inspect tcp max-incomplete host configuration
Correct Answer: A
Which of these notification protocols are supported in Cisco Security MARS?
A. SNMP trap only
B. syslog only
C. email(Sendmail)adn SMS only
D. SNMP trap and syslog only
E. syslog email(Sendmail),SMS,and SNMP trap
Correct Answer: E
What will this configuration for an IDSM-2 module do? intrusion-detection module 6 management-port accaess-vlan 36 intrusion-detection module 6 data-port 1 capture intrusion-detection module 6 data-port 1 capture allowed 1-10,36,124 ! vlan access-map IDSM-2 10 AAmatch ip address 150 AAaction forward capture vlan access-map IDSM-2 20 AAmatch ip address 151 AAaction forward ! vlan filter IDSM-2 vlan-list 1-10,36,124 access-list 150 permit tcp any 10.1.1.0 0.0.0.255 access-list 151 permit ip any any
A. forward all traffic to the IDSM-2 for inspection
B. forward only traffic destined to 10.1.1.0/24 to the IDSM-2 for inspection
C. forward only traffic destined to 10.1.1.0/24 and in VLANs 1-10,36 and 124 to IDSM-2 for inspection
D. forward only traffic in VLAN 36 to the IDSM-2 for inspection
Correct Answer: C
The Network Participation feature of Cisco IPS gathers all of these when it collects real-time data form IPS sensors except which one?
A. signature ID
B. signature name
C. attacker port
D. reputation score
E. signature version
F. victim port
Correct Answer: B
In order for a user to perform a reverse DNS lookup for a web server, which type of record must be stored in the DNS server for that web server?
A. type “A” record
B. PTR record
C. MX record
D. CNAME record
E. NS record
Correct Answer: B QUESTION 49
Refer to the exhibit, in this GETVPN setup ,as soon as GM1 successfully responsewith the key server at KS ,the BGP session between GM1 and its peering router in the provider network goes down ,with the KS configuration listed below , what could be the reason for the BGP problem?
Crypto gdoi group group1 Identity number 3333 Server local Rekey authentication mypubkey rsa getvpn-rsa-key Rekey transport unicast Sa ipsec 1 Profile gdoi-ip Match address ipv4 ENCRYPT-POLICY ! Ip access-list extend ENCRYPT-POLICY Deny ospf any any Deny eigrp any any Deny ip 188.8.131.52 0.0.0.255 any Deny ip any 184.108.40.206 0.0.0.255 Deny udp any eq 848 any eq 848 Permit ip any any !
A. GETVPN cannot run over an MPLS provider backbone.
B. the key server should excloud BGP from its encryption policy
C. GETVPN does not support BGP running between CE and PE links,so IGP must be used
D. the key server should be configured as a BGP router reflector
E. the rekey method should be configured as multicast on the key server.
Correct Answer: B
Cisco 350-030 Questions & Answers with explanations is all what you surely want to have before taking Cisco 350-030 exam.Cisco Cisco 350-030 Interactive Testing Engine is ready to help you to get your Cisco 350-030 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 350-030 certification passed and are in search of some best and useful material,Cisco 350-030 Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices study.