1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 301:

    On Cisco routers, there are two mutually exclusive types of RSA key pairs: special-usage keys and general-purpose keys. When you generate RSA key pairs, you are prompted to select either special-usage keys or general-purpose keys. Which set of statements is true?

    A. If you generate special-usage keys, two pairs of RSA keys are generated. One pair is used with any IKE policy that specifies RSA signatures as the authentication method. The other pair is used with any IKE policy that specifies RSA encrypted keys as the authentication method.
    B. If you generate a named key pair, only one pair of RSA keys is generated. This pair is used with IKE policies that specify either RSA signatures or RSA encrypted keys. Therefore, a general-purpose key pair might be used more frequently than a special-usage key pair.
    C. If you generate general-purpose keys, you must also specify the usage-key keyword or the general-key keyword. Named key pairs allow you to have multiple RSA key pairs, enabling the Cisco IOS Software to maintain a different key pair for each identity certificate.
    D. special-usage key pair is default in Cisco IOS

  • Question 302:

    Refer to the exhibit.

    Which two statements about the effects of the given Cisco IOS configuration are true? (Choose two.)

    A. The maximum number of half-open sessions is 400.
    B. The maximum number of half-open sessions is 600
    C. The idle timeout for UDP connections is 20 minutes.
    D. The half-open session timeout is 20 minutes
    E. The software will delete half-open sessions if more than 600 new sessions are established per minute.

  • Question 303:

    If a host receives a TCP packet with an SEQ number of 1234, an ACK number of 5678, and a length of 1000 bytes, what will it send in reply?

    A. a TCP packet with SEQ number: 6678, and ACK number: 1234
    B. a TCP packet with SEQ number: 2234, and ACK number: 5678
    C. a TCP packet with SEQ number: 1234, and ACK number: 2234
    D. a TCP packet with SEQ number: 5678, and ACK number 2234

  • Question 304:

    Which statement regarding the routing functions of the Cisco ASA is true?

    A. The translation table can override the routing table for new connections.
    B. The ASA supports policy-based routing with route maps?.
    C. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors.
    D. Routes to the Null0 interface can be configured to black-hole traffic.

  • Question 305:

    Refer to the exhibit.

    Based on the show command output, which statement is true?

    A. A NAT/PAT device is translating the local VPN endpoint.
    B. A NAT/PAT device is translating the remote VPN endpoint.
    C. A NAT/PAT device exists in the path between VPN endpoints.
    D. No NAT/PAT device exists in the path between VPN endpoints.

  • Question 306:

    Which three statements about the SHA-2 algorithm are true?(Choose three)

    A. It generates a 160-bit message digest
    B. It generates a 512-bit message digest
    C. It is the collective term for the SHA-224 ,SHA-256,SHA-384,and SHA-512 algorithms
    D. It is used for intergrity verification
    E. It is provides a fixed-length output using a collision-resistant cryptographic hash
    F. It is provides a variable-length output using a collision-resistant cryptographic hash

  • Question 307:

    In an 802.11 wireless network, what would an attacker have to spoof to initiate a deauthentication attack against connected clients?

    A. the BSSID of the AP where the clients are currently connected
    B. the SSID of the wireless network
    C. the MAC address of the target client machine
    D. the broadcast address of the wireless network

  • Question 308:

    According to RFC 4890, which four ICMPv6 types are recommended to be allowed to transit a firewall? (Choose four.)

    A. Type 1 - destination unreachable
    B. Type 2 - packet too big
    C. Type 3 - time exceeded
    D. Type 0 - echo reply
    E. Type 8 - echo request
    F. Type 4 - parameter problem

  • Question 309:

    Which RFC outlines BCP 84?

    A. RFC 3704
    B. RFC 2827
    C. RFC 3030
    D. RFC 2267
    E. RFC 1918

  • Question 310:

    Refer the exhibit, which two statements about the given IPv6 ZBF configuration are true? (Choose two)

    A. It provides backward compatibility with legacy IPv6 inspection.
    B. It passes TCP, UDP, ICMP, and FTP traffic from z1 to z2.
    C. It provides backward compatibility with legacy IPv4 inspection.
    D. It passes TCP, UDP, ICMP and FTP traffic in both directions between z1 and z2
    E. It inspects TCP, UDP, ICMP and FTP traffic from z1 to z2.
    F. It inspects TCP, UDP, CIMP and FTP traffic from z1 to z2

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.