350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 261:
Management Frame Protection is available in two deployment modes, Infrastructure and Client. Which three statements describe the differences between these modes? (Choose three.)
A. Infrastructure mode appends a MIC to management frames.
B. Client mode encrypts management frames.
C. Infrastructure mode can detect and prevent common DoS attacks.
D. Client mode can detect and prevent common DoS attacks.
E. Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients. -
Question 262:
You have configured an NDAC seed switch as shown, but the switch is failing to allow other switches to securely join the domain What command must you add to the seed switch's configuration to enable secure RADIUS communication?
Refer to the exhibit.
A. Seed-Switch(config)#radius.server host 10.1.1.2 auth-port 1812 acct-port 1813 test username ndac-test pac key Cisco123
B. Seed-Switch(config)#radius-server vsa send accounting
C. Seed-Switch(config)#aaa preauth
D. Seed-Switch(config)#no dot1x system-auth-control
E. Seed-Switch(config)#radius-server host non-standard
F. Seed-Switch(config)#aaa authentication dot1x default group local -
Question 263:
Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable web application identified by the "/ runscript.php" URI is run?
A. AIC HTTP
B. Service HTTP
C. String TCP
D. Atomic IP
E. META
F. Multi-String -
Question 264:
Given the IPv4 address 10.10.100.16, which two addresses are valid IPv4-compatible IPv6 addresses? (Choose two.)
A. :::A:A:64:10
B. ::10:10:100:16
C. 0:0:0:0:0:10:10:100:16
D. 0:0:10:10:100:16:0:0:0 -
Question 265:
Which transport mechanism is used between a RADIUS authenticator and a RADIUS authentication server?
A. UDP, with only the password in the Access-Request packet encrypted
B. UDP, with the whole packet body encrypted
C. TCP, with only the password in the Access-Request packet encrypted
D. EAPOL, with TLS encrypting the entire packet
E. UDP RADIUS encapsulated in the EAP mode enforced by the authentication server. -
Question 266:
same security level interface inter-traffic communication.
A. asa support 101 security level and mort than 101 interface (include sub-interface)
B. ASA can assign different interface to the same security level
C. by default, same security level port inter-traffic is not allowed
D. ASA should activate inter-interface communication by default -
Question 267:
Which method of output queuing is supported on the Cisco ASA appliance?
A. CBWFQ
B. priority queuing
C. MDRR
D. WFQ
E. custom queuing -
Question 268:
Refer to the exhibit.
In which two parts should the multicast boundary command be applied? (Choose two.)
A. A
B. B
C. C
D. D
E. E
F. F -
Question 269:
Refer to the exhibit.
Which three fields of the IP header labeled can be used in a spoofing attack? (Choose one.)
A. 6, 7, 11
B. 6, 11, 12
C. 3, 11, 12
D. 4, 7, 11 -
Question 270:
Which statement about the Cisco NAC CAS is true?
A. The Cisco NAC CAS acts as a gateway between untrusted networks.
B. The Cisco NAC CAS can only operate as an in-band real IP gateway.
C. The Cisco NAC CAS can operate as an out-of-band virtual gateway.
D. The Cisco NAC CAS is an administration and monitoring server.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.