350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 271:
Which IPS module can be installed on the Cisco ASA 5520 appliance?
A. IPS-AIM
B. AIP-SSM
C. AIP-SSC
D. NME-IPS-K9
E. IDSM-2 -
Question 272:
Which transport type is used by the DHCP protocol?
A. UDP ports 67 and 69
B. TCP ports 67 and 68
C. UDP and TCP port 67
D. UDP ports 67 and 68 -
Question 273:
In Cisco IOS, what is the result of the ip dns spoofing command on DNS queries that are coming from the inside and are destined to DNS servers on the outside?
A. The router will prevent DNS packets without TSIG information from passing through the router.
B. The router will act as a proxy to the DNS request and reply to the DNS request with the IP address of the interface that received the DNS query if the outside interface is down.
C. The router will take the DNS query and forward it on to the DNS server with its information in place of the client IP.
D. The router will block unknown DNS requests on both the inside and outside interfaces. -
Question 274:
What are the two most common methods that security auditors use to assess an organization's security processes? (Choose two)
A. social engineering attempts
B. B. interviews
C. C. policy assessment
D. D. penetration testing
E. E. document review
F. F. physical observation -
Question 275:
Refer to the exhibit.
Which configuration prevents R2 from becoming a PIM neighbor with R1?
A. access-list 10 permit 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip pim neighbor-filter 10
B. access-list 10 deny 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip pim neighbor-filter 1
C. access-list 10 deny 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip pim neighbor-filter 10
D. access-list 10 deny 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip igmp access-group 10 -
Question 276:
Which two statements about ISO 27001 are true? (Choose two.)
A. It is closely aligned to ISO 22000 standards.
B. It is an ISO 17799 code of practice.
C. It is an Information Security Management Systems specification.
D. It is a code of practice for Informational Social Management.
E. It was formerly known as BS7799-2. -
Question 277:
Which two statements about BPDU guard and root guard are true? (Choose two.)
A. A switch configured with root guard disables any port that receives a superior BPDU.
B. When a port on a switch configured with root guard enters the errdisable state, the administrator must manually re-enable the port.
C. BPDU guard is enabled by default for all ports on which PortFast is enabled.
D. When a port on a switch configured with BPDU guard enters the errdisable state, it can recover automatically if the errdisable recovery timeout is configured. E. A switch configured with BPDU guard disables any port with PortFast enabled if the port receives a BPDU.
E. Root guard should always be implemented at the network edge. -
Question 278:
IKEv2 provides greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities? (Choose two)
A. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie.
B. IKEv2 interoperates with IKEv1 to increase security in IKEv1.
C. IKEv2 only allows certificates for peer authentication.
D. With cookie challenge, IKEv2 does not track the state of the initiator until the initiator responds with a cookie.
E. IKEv2 only allows symmetric keys for peer authentication.
F. IKEv2 performs TCP intercept on all secure connections. -
Question 279:
Which of these is a core function of the risk assessment process? (Choose one.)
A. performing regular network upgrades
B. performing network optimization
C. performing network posture validation
D. establishing network baselines
E. prioritizing network roll-outs -
Question 280:
What are three IPv6 extension headers? (Choose three)
A. Authentication
B. Destination options
C. Source options
D. Hop-by-hop options
E. TTL
F. Segment
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.