Cisco 350-018 Online Practice
Questions and Exam Preparation
350-018 Exam Details
Exam Code
:350-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:872 Q&As
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions &
Answers
Question 1:
Refer to the exhibit.
Which option describes the behavior of this configuration?
A. The packet will be dropped if received on the same interface that the router would use to forward return packet. B. The packet will be forwarded as long as it is in the routing table. C. The packet will be forwarded if received on the same interface that the router would use to forward return packet. D. Packet will be forwarded only if exists a default route for the return path.
C. The packet will be forwarded if received on the same interface that the router would use to forward return packet.
Question 2:
Which two statements about IPv6 Neighbor Solicitation Messages are true? (Choose two.)
A. They are sent at a regular interval through the interfaces on a IPv6 device. B. They are identified by Type value 133 in the ICMP packet header. C. They elicit neighbor advertisement message from the destination device. D. They include the link-layer address of the source device. E. They are identified by Type value 134 in the ICMP packet header. F. They are sent to the link-layer address of the destination node.
C. They elicit neighbor advertisement message from the destination device. D. They include the link-layer address of the source device.
Question 3:
Which three options are security measures that are defined for Mobile IPv6? (Choose three.)
A. IPsec SAs are used for binding updates and acknowledgements. B. The use of IKEv1 or IKEv2 is mandatory for connections between the home agent and mobile node. C. Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication. D. Mobile IPv6 control messages are protected by SHA-2. E. IPsec SAs are used to protect dynamic home agent address discovery. F. IPsec SAs can be used to protect mobile prefix solicitations and advertisements.
A. IPsec SAs are used for binding updates and acknowledgements. C. Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication. F. IPsec SAs can be used to protect mobile prefix solicitations and advertisements.
Question 4:
Which three IPv6 tunneling methods are point-to-multipoint in nature? (Choose three.)
A. automatic 6to4 B. manually configured C. IPv6 over IPv4 GRE D. ISATAP E. automatic IPv4-compatible
A. automatic 6to4 D. ISATAP E. automatic IPv4-compatible
Question 5:
Which two statements about IPv6 are true? (Choose two.)
A. Broadcast is available. B. Routing tables are less complicated. C. The address pool will eventually deplete. D. Data encryption is built into the packet frame. E. Increased NAT is required. F. Fewer bits makes IPv6 easier to configure.
B. Routing tables are less complicated. D. Data encryption is built into the packet frame.
Question 6:
What Protocol provides security for datagram protocols?
A. LDP B. MAB C. GET D. SCEP E. DTLS
E. DTLS
Question 7:
Which statement about the Cisco ASA operation running versions 8.3 is true ?
A. NAT control is enabled by default B. The interface and global access lists both can be applied in the input or output direction C. The static CLI command is used to configure static NAT translation rules D. The imerface access list is matched first before the global access list
D. The imerface access list is matched first before the global access list
Question 8:
Which NTP stratum level means that the clock is unsynchronized?
B. 1 C. 8 D. 16
D. 16
Question 9:
Which three types of traffic are processed by CoPP configured on the device? (Choose three.)
A. tansient traffic B. routing protocol traffic C. IPsec traffic D. traffic that is destined to the device interface E. any traffic filtered by the access list F. traffic from a management protocol such as Telnet or SNMP
B. routing protocol traffic D. traffic that is destined to the device interface F. traffic from a management protocol such as Telnet or SNMP
Question 10:
Which of the following two statements apply to EAP-FAST? (Choose two.)
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed. B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i. C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack). D. EAP-FAST is a client/client security architecture.
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed. C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 350-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.