350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 201:
Which four techniques can you use for IP management plane security? (Choose four.)
A. Management Plane Protection
B. uRPF
C. strong passwords
D. RBAC
E. SNMP security measures
F. MD5 authentication -
Question 202:
Which statement about the cisco AnyConnect Web Secruity module is true?
A. It is deployed on points to route HTTP traffic to ScanSafe.
B. It is VPN client software that works over the SSL protocol.
C. It is an endpoint component that is used with smart tunnels in a Clientless
D. It operates as an NAC Agent when it is configured with the AnyConnect VPN client -
Question 203:
Which three statements about VRF-Aware Firewall are true? (Choose three)
A. It can run as more than one instance
B. It enables service providers to implement firewall on PE devices.
C. It can generate syslog message that are visible only to individual VPNs
D. It can support VPN network with overlapping address range without NAT
E. It supports both global and per-VRF commands and DoS parameters
F. It enables service providers to deploy firewall on customer device. -
Question 204:
Which is a core function of the risk assessment process?
A. performing regular network upgrades
B. performing network optimization
C. performing network posture validation
D. establishing network baselines
E. prioritizing network roll-outs -
Question 205:
Before BGP update messages may be sent, a neighbor must stabilize into which neighbor state?
A. Active
B. Idle
C. Connected
D. Established -
Question 206:
Which statement about DNS is true?
A. The client-server architecture is based on push-pull messages.
B. Query and response messages have different format.
C. In the DNS message header, the QR flag set to 1 indicates a query.
D. In the DNS header, an Opcode value of 2 represents a server status request.
E. In the DNS header, the Rcode value is set to 0 for format error. -
Question 207:
Which two of these are things an attacker can do with an encrypted RC4 data stream? (Choose two.)
A. calculate the checksum of the encrypted stream
B. filter out the keystream if the attacker gets two streams encrypted with the same RC4 key
C. use XOR to match the encrypted stream to itself, in order to retrieve the key
D. retrieve the private key if the attacker has access to the public key
E. flip a bit of the encrypted text, which will flip a corresponding bit in the cleartext once it is decrypted -
Question 208:
When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose three.)
A. a message integrity check
B. AES-based encryption
C. avoidance of weak Initialization vectors
D. longer RC4 keys
E. a rekeying mechanism -
Question 209:
Refer to the exhibit.Which statement about this configuration is true?
A. The ASA injects a static default route into OSPF process 1
B. The ASA injects a static default route into OSPF process 1
C. The ASF stops LSA type 7 packets from flooding into OSPF area 1
D. The ASA redistributes routes from one routing protocol to another
E. The ASA injects a static default route into OSPF area 1
F. The ASA redistributes routes from one OSPF process to another -
Question 210:
Refer to the exhibit Routers R1,R2, and R3 have IPv6 reachability, and R1 and R3 are able to ping each other with IPv6 global unicast address. However, R1 and R3 are unable to ping eachother with their link-local address. What is a possible reason for the problem?
A. Multicast must be enabled to allow link-local address to traverse multiple hops.
B. Link-local addresses can be used only with a physical interface's local network.
C. ICMPv6 packets are dropped when the destination uses a link-local address.
D. Link-local addresses are forwarded by IPv6 routers using loopback interfaces.
E. Link-local address can communicate with neighboring nodes only if routing is enabled between them.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.