Cisco 350-018 Online Practice
Questions and Exam Preparation
350-018 Exam Details
Exam Code
:350-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:872 Q&As
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions &
Answers
Question 191:
Which two statements about VTP passwords are true? (Choose two)
A. The VTP password can only be configured when the switch is in Server mode. B. The VTP password is sent in the summary advertisements.. C. The VTP password is encrypted for confidentiality using 3DES. D. VTP is not required to be configured on all switches in the domain. E. The VTP password is hashed to preserve authenticity using the MD5 algorithm. F. The VTP password can only be configured when the switch is in Client mode.
B. The VTP password is sent in the summary advertisements.. E. The VTP password is hashed to preserve authenticity using the MD5 algorithm.
Question 192:
When is a connection entry created on ASA for a packet that is received on the ingress interface?
A. When the packet is checked by the access-list. B. When the packet reaches the ingress interface internal buffer. C. When the packet is a SYN packet or UDP packet. D. When a translation rule exists for the packet. E. When the packet is subjected to inspection.
D. When a translation rule exists for the packet.
Question 193:
Which three options are the types of zones that are defined for anomaly detection on the Cisco IPS Sensor? (Choose three.)
A. inside B. outside C. internal D. external E. illegal F. baseline
C. internal D. external E. illegal
Question 194:
How can the tail drop algorithm support traffic shaping when the queue is filled?
A. It drops older TCP packets that are set to be redelivered due to errors on the link until the queue has room for more traffic, B. It drops older packets with a size of 64 bytes or more until the queue has room for more traffic, C. It drops new packets with a size of less than 64 bytes until the queue has room for more traffic. D. It drops all new packets until the queue has room for more traffic.
D. It drops all new packets until the queue has room for more traffic.
Question 195:
Which statement about ISO/IEC 27001 is true?
A. ISO/IEC 27001 is only intended to report security breaches to the management authority. B. ISO/IEC 27001 was reviewed by the International Organization for Standardization. C. ISO/IEC 27001 is intend to bring information security under management control. D. ISO/IEC 27001 was reviewed by the International Electrotechnical Commission. E. ISO/IEC 27001 was published by ISO/IEC.
C. ISO/IEC 27001 is intend to bring information security under management control.
Question 196:
Which two statements about DHCP snooping are true? (Choose two)
A. The lease time in the banding database is a pre-set value B. The binding database stores information about both IP and MAC addresses. C. Message sent from outside the service-provider network is untrusted D. The binding database stores information about trusted interface E. DHCP servers connect to untrusted interface on the switch
A. The lease time in the banding database is a pre-set value B. The binding database stores information about both IP and MAC addresses.
Question 197:
Which two options describe how the traffic for the shared interface is classified in ASA multi context mode? (Choose two.)
A. Traffic is classified at the source address in the packet. B. Traffic is classified at the destination address in the packet. C. Traffic is classified at the destination address in the context. D. Traffic is classified by copying and sending the packet to all the contexts. E. Traffic is classified by sending the MAC address for the shared interface.
C. Traffic is classified at the destination address in the context. E. Traffic is classified by sending the MAC address for the shared interface.
Question 198:
Client MFP supplements rather than replaces infrastructure MFP. Which three are client MFP components? (Choose three.)
A. key generation and distribution B. protection and validation of management frames C. error reports D. error generation E. non-management messages protection
A. key generation and distribution B. protection and validation of management frames C. error reports
Question 199:
Which three Cisco security product features assist in preventing TCP-based man-in-the- middle attacks? (Choose three.)
A. Cisco ASA TCP initial sequence number randomization? B. Cisco ASA TCP sliding-window conformance validation? C. Cisco IPS TCP stream reassembly? D. Cisco IOS TCP maximum segment size adjustment?
A. Cisco ASA TCP initial sequence number randomization? B. Cisco ASA TCP sliding-window conformance validation? C. Cisco IPS TCP stream reassembly?
Question 200:
Which three addresses are special use as defined in RFC 5735? (Choose three.)
A. 171.10.0.0/24 B. 0.0.0.0/8 C. 203.0.113.0/24 D. 192.80.90.0/24 E. 172.16.0.0/12 F. 198.50.100.0/24
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 350-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.