1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 231:

    Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?

    A. class-map type inspect
    B. parameter-map type inspect
    C. service-policy type inspect
    D. policy-map type inspect tcp
    E. inspect-map type tcp

  • Question 232:

    Which three options are components of Mobile IPv6? (Choose three.)

    A. home agent
    B. correspondent node
    C. mobile node
    D. binding node
    E. discovery probe

  • Question 233:

    Which two statements about IPv6 path MTU discovery are true? (Choose two.)

    A. During the discovery process, the DF bit is set to 1.
    B. The initial path MTU is the same as the MTU of the original node's link layer interface.
    C. The discover packets are dropped if there is congestion on the link.
    D. I can allow fragmentation when the minimum MTU is below a configured value.
    E. If the destination host receives an ICMPv6 Packet Too Big message from a router, it reduces its path MTU.
    F. If the source host receives an ICMPv6 Packet Too Big message from a router, it reduces its path MTU.

  • Question 234:

    Which protocol can be used to encrypt traffic sent over a GRE tunnel?

    A. SSL
    B. SSH
    C. IPsec
    D. DH
    E. TLS

  • Question 235:

    What is the purpose of enabling the IP options selective drop feature on your network routers?

    A. To protect the internal network from IP spoofing attacks
    B. To drop IP fragmented packets
    C. To Drop packets with a TTL value of zero
    D. To protect the network from DoS attacks.

  • Question 236:

    Which three statements about Cisco IOS RRI are correct? (Choose three.)

    A. RRI is not supported with ipsec-profiles.
    B. Routes are created from ACL entries when they are applied to a static crypto map.
    C. Routes are created from source proxy IDs by the receiver with dynamic crypto maps.
    D. VRF-based routes are supported.
    E. RRI must be configured with DMVPN.

  • Question 237:

    Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall to allow PMTUD?

    A. ICMPv6 Type 1 ?Code 0 ?no route to host
    B. ICMPv6 Type 1 ?Code 1 ?communication with destination administratively prohibited
    C. ICMPv6 Type 2 ?Code 0 ?packet too big
    D. ICMPv6 Type 3 ?Code 1 ?fragment reassembly time exceeded
    E. ICMPv6 Type 128 ?Code 0 ?echo request
    F. ICMPv6 Type 129 ?Code 0 ?echo reply

  • Question 238:

    Which two statements about SNMP are true? (Choose two)

    A. SNMP operates at Layer-6 of the OSI model.
    B. NMS sends a request to the agent at TCP port 161.
    C. NMS sends request to the agent from any source port.
    D. NMS receives notifications from the agent on UDP 162.
    E. MIB is a hierarchical representation of management data on NMS.

  • Question 239:

    Refer to the exhibit.

    Which two statements correctly describe the debug output?

    A. The remote VPN address is 180.10.10.1
    B. The message is observed on the NHS
    C. The message is observed on the NHC.
    D. The remote routable address 91.91.91.1.
    E. The local non-routable address is 20.10.10.3.
    F. The NHRP hold time is 3 hours.

  • Question 240:

    Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?

    A. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.
    B. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.
    C. AV pairs are only string values.
    D. AV pairs are of two types: string and integer.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.