350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 281:
Which two statements about the SHA-1 algorithm are true? (Choose two)
A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.
B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.
C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.
D. The purpose of the SHA-1 algorithm is to provide data confidentiality.
E. The purpose of the SHA-1 algorithm is to provide data authenticity. -
Question 282:
Refer to the exhibit.
Which option describes the behavior of this configuration?
A. Devices that perform IEEE 802.1X should be in the MAC address database for successful authentication.
B. IEEE 802.1x devices must fail MAB to perform IEEE 802.1X authentication.
C. If 802.1X fails, the device will be assigned to the default guest VLAN.
D. The device will perform subsequent IEEE 802.1X authentication if it passed MAB authentication.
E. If the device fails IEEE 802.1X, it will start MAB again. -
Question 283:
Which one of the foiling Cisco ASA adapts security appliance rule samples will send HTTP data to the AIP-SSM module to evaluate and stop HTTP attacks?
E. Exhibit A
F. Exhibit B
G. Exhibit C
H. Exhibit D -
Question 284:
Wich two statements about cisco ASA authentication using LDAP are ture:
A. It uses AD attribute maps to assign users to group policies configured under the webvpn contant.
B. It is a closed standard that manages directory-information services over distributed networks.
C. It can assign a group policy to a user based on access credentials.
D. It uses attribute maps to map the AD member of attribute to the cisco ASA group policy attribute.
E. The cisco ASA can use more than one AD . member of attribute to match a user to multiple group policies.
F. It can combine AD attributes and LDAP attribute to configure group policies on the cisco ASA. -
Question 285:
Which option is used to collect wireless traffic passively, for the purposes of eavesdropping or information gathering?
A. network taps
B. repeater Access Points
C. wireless sniffers
D. intrusion prevention systems -
Question 286:
Which two statement about ICMP redirect messages are true? (Choose two)
A. Redirects are only to the CPU if the packets are also source-routed
B. By default, configuring HSRP on the interface disables ICMP redirect functionality
C. They are generated by the host to inform the router of an alternate route to the destination
D. They are generated when a packet enters and exits the same router interface
E. The messages contain an ICMP Type 3 and ICMP code 7 -
Question 287:
Which encapsulation technique does VXLAN use?
A. MAC in TCP
B. MAC in MAC
C. MAC in UDP
D. MAC in GRE -
Question 288:
Which two types of DNS attacks are associated with DoS and DDo S attacks?(Choose Two)
A. DNS reflection attacks
B. Resource utilization attacks
C. DNS open resolver attack
D. DNS cache poisoning attacks
E. DNS amplification attacks -
Question 289:
Depending on configuration, which two behaviors can the ASA classifier exhibit when it receives unicast traffic on an interface that is shared by multiple contexts? (Choose two.)
A. It is classified using the destination address of the packet using the NAT table.
B. It is classified using the destination address of the packet using the connection table.
C. It is classified by copying and sending the packet to all the contexts.
D. it is classified using the destination address of the packet using the routing table.
E. It is classified using the destination MAC address of the packet. -
Question 290:
IANA is responsible for which three IP resources? (Choose three.)
A. IP address allocation
B. Detection of spoofed address
C. Criminal prosecution of hackers
D. Autonomous system number allocation
E. Root zone management in DNS
F. BGP protocol vulnerabilities
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.