It is well known that CCIE 350-001 - 350-001 exam test is the hot exam of Cisco certification. pass4line offer you all the Q&A of the 350-001 real test . It is the examination of the perfect combination and it will help you pass 350-001 exam at the first time!

The CCIE 350-001 Questions and Answers as well as our other CCIE 350-001 exam training tools are not only priced to be easy on your budget - but each one is also backed with our guarantee. pass4line guarantees that after using our Cisco certification training tools, you will be prepared to take and pass your CCIE 350-001 exam.

Our on-site online training experts create all of the Cisco 350-001 exam products available through pass4line. Our main goal is to get your certified with a firm understanding of the core material. Whereas other online distributors only concern themselves with helping you obtain the paper, we strive to educate the certification candidate and better prepare them for their IT career.

Why choose pass4line 350-001 braindumps

Quality and Value for the 350-001 Exam
100% Guarantee to Pass Your 350-001 Exam
Downloadable, Interactive 350-001 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.

　
　
Exam : Cisco 350-001
Title : CCIE-Routing and Switching Written exam (3.1)


1. Which of these is mandatory when configuring Cisco IOS Firewall?
A. Cisco IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. a route map to define the trusted outgoing traffic
D. a route map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface
Answer: E

2. Refer to the exhibit. If VLAN 21 does not exist before typing the commands, what is the result of the configuration applied on switch SW1?
A. A new VLAN 21 is created and port 0/8 is assigned to that VLAN.
B. A new VLAN 21 is created, but no ports are assigned to that VLAN.
C. No VLAN 21 is created and no ports are assigned to that VLAN.
D. Configuration command vlan database should be used first to create the VLAN 21.
Answer: A

3. Which three statements are true regarding Cisco IOS Firewall configurations? (Choose three.)
A. An IP inspection rule can be applied in the inbound direction on a secured interface.
B. An IP inspection rule can be applied in the outbound direction on an unsecured interface.
C. An ACL that is applied in the outbound direction on an unsecured interface must be an extended ACL.
D. An ACL that is applied in the inbound direction on an unsecured interface must be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, an IP inspection rule must be applied to the secured interface.
Answer: ABD

4. Which Cisco IOS feature can be used to defend against spoofing attacks?
A. Cisco IOS Firewall (CBAC)
B. lock-and-key ACL and/or reflexive ACL
C. IP Source Guard and/or Unicast RPF
D. TCP Intercept
E. Cisco IOS IPS
F. Auth-Proxy
Answer: C

5. What is the purpose of an explicit "deny any" statement at the end of an ACL?
A. none, since it is implicit
B. to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually required
C. to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually required
D. to allow the log option to be used to log any matches
E. to prevent sync flood attacks
F. to prevent half-opened TCP connections
Answer: D

6. Into which two types of areas would an area border router (ABR) inject a default route? (Choose two.)
A. the autonomous system of a different interior gateway protocol (IGP)
B. area 0
C. totally stubby
D. NSSA
E. stub
F. the autonomous system of an exterior gateway protocol (EGP)
Answer: CE

7. The ip inspect inspection-name {in | out} command is used to configure which IOS security feature?
A. IPS
B. IPsec site-to-site VPN
C. Cisco IOS Firewall
D. Cisco AutoSecure
E. IDS
F. Easy VPN
Answer: C

8. Refer to the exhibit. Which statement about this configuration is true?
A. ACL 101 needs to have at least one permit statement in it or it will not work properly.
B. The ip inspect test out command needs to be used instead of the ip inspect test in command to make the configuration work.
C. Ethernet 0 is the trusted interface and Ethernet 1 is the untrusted interface.
D. Ethernet 0 needs an inbound access list to make the configuration work.
E. Ethernet 0 needs an outbound access list to make the configuration work.
Answer: C