350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 91:
Which two options are Cisco-recommended best practices for provisioning QoS for Scavenger-class traffic? (Choose two.)
A. It should be assigned a higher CBWFQ percentage than bulk data.
B. It should be marked as DSCP CS1 to mitigate DoS attacks.
C. It should be assigned a higher CBWFQ percentage than best effort.
D. It should be assigned a lower DSCP value than best effort.
E. It should be assigned a higher CoS than bulk data.
F. It should be assigned the lowest possible CBWFQ value. -
Question 92:
You are trying to set up a site-to-site IPsec tunnel between two Cisco ASA adaptive security appliances, but you are not able to pass traffic. You try to troubleshoot the issue by enabling debug crypto isakmp and see the following messages:
CiscoASA# debug crypto isakmp
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Tunnel RejecteD. Conflicting protocols specified by tunnel-group and group-policy
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, QM FSM error (P2 struct and0xb0cf31e8, mess id 0x97d965e5)!
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Removing peer from correlator table failed, no match! What could be the potential problem?
A. The policy group mapped to the site-to-site tunnel group is configured to use both IPsec and SSL VPN tunnels.
B. The policy group mapped to the site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec tunnels.
C. The policy group mapped to the site-to-site tunnel group is configured to just use the SSL VPN tunnel.
D. The site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec tunnels.
E. The site-to-site tunnel group is configured to just use the SSL VPN tunnel. -
Question 93:
What are four technologies that can be used to trace the source of an attack in a network environment with multiple exit/entry points? (Choose four.)
A. Remotely-triggered destination-based black holing
B. ICMP Unreachable messages
C. Sinkholes
D. Traffic scrubbing
E. A honey pot
F. NetFlowv9 -
Question 94:
Which four values can be used by the Cisco IPS appliance in the risk rating calculation? (Choose four.)
A. attack severity rating
B. target value rating
C. signature fidelity rating
D. promiscuous delta
E. threat rating
F. alert rating -
Question 95:
Which two statements about PIM-DM are true? (Choose two.)
A. It forwards data packets on the shared distribution tree.
B. It delivers multicast traffic only when the data is explicitly requested.
C. It uses a unicast routing table to perform the RPF check.
D. It is most efficient when the network uses active receivers on every subnet.
E. It requires a rendezvous point. -
Question 96:
What are the three flag bits in an IPv4 header? (Choose three.)
A. TTL
B. Unused
C. Record Route
D. DF
E. MF
F. Timestamp -
Question 97:
Refer to the exhibit.
Which statement about the exhibit is true?
A. The tunnel configuration is incomplete and the DMVPN session will fail between R1 and R2.
B. IPsec phase-2 will fail to negotiate due to a mismatch in parameters.
C. A DMVPN session will establish between R1 and R2 provided that the BGP and EIGRP configurations are correct.
D. A DMVPN session will establish between R1 and R2 provided that the BGP configuration is correct.
E. A DMVPN session will fail to establish because R2 is missing the ISAKMP peer address. -
Question 98:
From what type of server can you to transfer files to ASA's internal memory? (flash)
A. SSH
B. SMB
C. Netlogon
D. SFTP -
Question 99:
Refer to the exhibit.
Which option is the reason for the failure of the DMVPN session between R1 and R2?
A. incorrect tunnel source interface on R1
B. IPsec phase-1 policy mismatch
C. tunnel mode mismatch
D. IPsec phase-2 policy mismatch
E. IPsec phase-1 configuration missing peer address on R2 -
Question 100:
Which two statements about fast SSID changing on a WLC are true? (Choose two.)
A. It enables a controller to rapidly cycle its SSID to drop rogue connections.
B. It enables a client to move to a new SSID before its previous entry in the controller connection table is cleared.
C. If it is disabled while clients are connected to the controller, the client loses communication with other hosts in the same VLAN.
D. If it is disabled while clients are connected to the controller, the client loses communication with hosts in other VLANs.
E. It enables a client to move faster between SSIDs
F. It enforces MIMO on clients.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.