1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 321:

    Event Store is a component of which IPS application?

    A. SensorApp
    B. InterfaceApp C. MainApp
    D. NotificationApp
    E. AuthenticationApp

  • Question 322:

    Refer to the exhibit.

    Which option describes the behavior of this configuration?

    A. Host 10.10.10.1 will get translated as 20.20.20.1 from inside to outside.
    B. Host 20.20.20.1 will be translated as 10.10.10.1 from outside to inside.
    C. Host 20.20.20.1 will be translated as 10.10.10.1 from inside to outside.
    D. Host 10.10.10.1 will be translated as 20.20.20.1 from outside to inside.

  • Question 323:

    crypto isakmp profile vpn1 vrf vpn1 keyring vpn1 match identity address 172.16.1.1 255.255.255.255 crypto map crypmap 1 ipsec-isakmp set peer 172.16.1.1 set transform-set vpn1 set isakmp-profile vpn1

    match address 101 ! interface Ethernet1/2 crypto map crypmap Which statements apply to the above configuration? (Choose two.)

    A. This configuration shows the VRF-Aware IPsec feature that is used to map the crypto ISAKMP profile to a specific VRF.
    B. VRF and ISAKMP profiles are mutually exclusive, so the configuration is invalid.
    C. An IPsec tunnel can be mapped to a VRF instance.
    D. Peer command under the crypto map is redundant and not required.

  • Question 324:

    Which of the following two options can you configure to avoid iBGP full mesh? (Choose two.)

    A. Route reflectors
    B. Confederations
    C. BGP NHT
    D. Local preference
    E. Virtual peering

  • Question 325:

    Which three statements about Dynamic ARP inspection on Cisco seithes are true? (Choose three)

    A. The trusted database can be manually configured using the CLI
    B. Dynamic ARP inspection is supported only on access ports
    C. Dynamic ARP inspection does no perform ingress security checking
    D. DHCP snooping is used to dynamically build the trusted database
    E. Dynamic ARP inspection checks ARP packets against the trusted database
    F. Dynamic ARP inspection checks ARP packets on trusted and untrusted ports

  • Question 326:

    Refer to the exhibit.

    According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server?

    A. ciaddr
    B. yiaddr
    C. siaddr
    D. giaddr

  • Question 327:

    An attacker configures an access point to broadcast the same SSID that is used at a public hot-spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker.

    In addition to the deauthentication attack, what attack has been launched?

    A. man-in-the-middle
    B. MAC spoofing
    C. Layer 1 DoS
    D. disassociation attack

  • Question 328:

    Which statement about the Cisco AnyConnect web Security module is true?

    A. It is VPN client software that works over the SSL protocol
    B. It is deployment on endpoints to route HTTP traffic to ScanSafe
    C. It is an endpoint component that is used with smart tunnels in a clientless SSL VPN
    D. It operates as an NAC Agent when it is configured with AnyConnect VPN client

  • Question 329:

    Which two ISE Probes would be required to distinguish accurately the difference between an iPad and a MacBook Pro? (Choose two.)

    A. DHCP or DHCPSPAN
    B. SNMPTRAP
    C. SNMPQUERY
    D. NESSUS
    E. HTTP
    F. DHCP TRAP

  • Question 330:

    When routing is configured on ASA, which statement is true?

    A. If the default route is not present, then the routing table is checked.
    B. If the routing table has two matching entries, the packet is dropped.
    C. If routing table has two matching entries with same prefix length, the first entry is used.
    D. If routing table has two matching entries with different prefix lengths, the entry with the longer prefix length is used.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.