1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 161:

    Which four statements about SeND for IPv6 are correct? (Choose four.)

    A. It protects against rogue RAs.
    B. NDP exchanges are protected by IPsec SAs and provide for anti-replay.
    C. It defines secure extensions for NDP.
    D. It authorizes routers to advertise certain prefixes.
    E. It provides a method for secure default router election on hosts.
    F. Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange.
    G. It is facilitated by the Certification Path Request and Certification Path Response ND messages.

  • Question 162:

    Refer to the exhibit.

    Which option describes the behavior of the ACL if it is applied inbound on E0/0?

    A. The ACL will drop both initial and noninitial fragments for port 80 only.
    B. The ACL will pass both initial fragments for port 80 and non-initial fragments.
    C. The ACL will pass the initial fragment for port 80 but drop the noninitial fragment for any port.
    D. The ACL will drop the initial fragment for port 80 but pass the noninitial fragment for any port.

  • Question 163:

    Cisco firewalls and routers can respond to a TCP SYN packet that is destined for a protected resource, by using a SYN-ACK packet to validate the source of the SYN packet. What is this feature called?

    A. IP reverse path verification
    B. TCP reverse path verification
    C. TCP sequence number randomization
    D. TCP intercept

  • Question 164:

    In ISO 27002, access control code of practice for Information Security Management serves which of the following objective?

    A. Optimize the audit process.
    B. Implement proper control of user, network and application access.
    C. Prevent the physical damage of the resources.
    D. Educating employees on security requirements and issues.

  • Question 165:

    Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation using tunnel protection?

    A. Session token
    B. One-time password
    C. Time stamps
    D. Sequence number
    E. Nonce

  • Question 166:

    Which statement regarding TFTP is not true?

    A. Communication is initiated over UDP port 69.
    B. Files are transferred using a secondary data channel.
    C. Data is transferred using fixed-size blocks.
    D. TFTP authentication information is sent in clear text.
    E. TFTP is often utilized by operating system boot loader procedures.
    F. The TFTP protocol is implemented by a wide variety of operating systems and network devices.

  • Question 167:

    Refer to the exhibit. What IPSec function does the given debug output demonstrate?

    A. DH exchange initiation
    B. Crypto ACL confirmation
    C. PFS parameter negotiation
    D. Setting SPIs to pass traffic

  • Question 168:

    Which statement about IPv6 is true?

    A. Broadcast is available.
    B. The address pool will never deplete.
    C. Data security is natively supported through mandatory IPv6 extension headers for ESP and AH.
    D. Increased NAT is required compared to IPv4.
    E. IPv6 has fewer bits available for addressing than IPv4.

  • Question 169:

    You have configured an ASA firewall in multiple context mode. If the context are sharing an Interface. What are two of the actions you could take to classify packets to the appropriate Context?(Choose two)

    A. Enable DHCP
    B. Disable MAC auto-generation and adding unique IP addresses to each interface
    C. Enable MAC auto-generation globally
    D. Assign a unique MAC address to each interface
    E. Apply QoS to each interface

  • Question 170:

    Refer to the exhibit.

    What is the effect of the given service policy configuration?

    A. It blocks cisco.com, msn.com, and facebook.com and permits all other domains.
    B. It blocks all domains except facebook.com, msn.com, cisco.com and google.com
    C. It blocks all domains except cisco.com, msn.com, and facebook.com
    D. It blocks facebook.com, msn.com, cisco.com and google.com, and permits all other domains

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.