1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 331:

    Which MAC address control command enables usage monitoring for A CAM table on a switch?

    A. mac-address-table learing
    B. mac-address-table synchronize
    C. mac-address-table secure
    D. mac-address-table limit
    E. mac-address-table notification threshold

  • Question 332:

    Which two statements about the BGP backdoor feature are true? (Choose two.)

    A. It makes IGP learned routes preferred over eBGP learned routes.
    B. It makes iBGP learned routes preferred over IGP learned routes.
    C. It changes the eBGP administrative distance from 20 to 200.
    D. It makes eBGP learned routes preferred over IGP learned routes.
    E. It changes the eBGP administrative distance from 200 to 20.
    F. It changes the iBGP administrative distance from 200 to 20.

  • Question 333:

    Which three of these situations warrant engagement of a Security Incident Response team? (Choose three.)

    A. loss of data confidentiality/integrity
    B. damage to computer/network resources
    C. denial of service (DoS)
    D. computer or network misuse/abuse
    E. pornographic blogs/websites

  • Question 334:

    What command can you use to protect a router from TCP SYN-flooding attacks?

    A. ip igmp snooping
    B. rate-limit input
    C. ip tcp intercept list < access-list>
    D. police
    E. ip dns spoofing

  • Question 335:

    Which statement about the fragmentation of IPsec packets in routers is true?

    A. By default if the packet size exceeds MTU of ingress physical interface, it will be fragmented and sent without encryption.
    B. By default if the packet size exceeds MTU of the egress physical interface, it will be dropped.
    C. By default, the router knows the IPsec overhead to add to the packet, performs a lookup if the packet will exceed egress physical interface IP MTU after encryption, then fragments the packet before encrypting and separately encrypts the resulting IP fragments.
    D. By default, the IP packets that need encryption are first encrypted with ESP, if the resulting encrypted packet exceeds the IP MTU on the egress physical interface, then the encrypted packet is fragmented before being sent.

  • Question 336:

    Refer to the exhibit What feature must be implemented on the network to produce the given output?

    A. CAR
    B. NBAR
    C. WFQ
    D. PQ
    E. CQ

  • Question 337:

    On an ASA firewall in multiple context mode running version 8.X, what is the default number of VPN site-to-site tunnels per context?

    A. 2 sessions
    B. 4 sessions
    C. 1 session
    D. 0 sessions

  • Question 338:

    Refer to the exhibit.If R1 is connected upstream to R2 and R3 at different ISPs as shown,what action must be taken to preven Unicast Reverse Path Forwarding(uRPF)from dropping asymmetric traffic?

    A. Configure Unicast RPF Strict Mode on R2 and R3 only
    B. Configure Unicast RPF loose Mode on R2 and R3 only
    C. Configure Unicast RPF Strict Mode on R1 only
    D. Configure Unicast RPF loose Mode on R1 only
    E. Configure Unicast RPF Strict Mode on R1,R2 and R3

  • Question 339:

    Refer to the exhibit.

    Which option describes the behavior of this configuration?

    A. Traffic from the n2 network object to the outside network will be translated using the g1 network objects and outside interface.
    B. Traffic from the n3 network object to the inside network will be translated using the g1 network objects and outside interface.
    C. Traffic from the n1 network object to the outside network will be translated using the g1 network object and outside interface.
    D. Traffic from the n3 network object to the outside network will be translated using the g1 network object and outside interface.

  • Question 340:

    What are two advantages of SNMPv3 over SNMPv2c? (Choose two.)

    A. integrity, to ensure that data has not been tampered with in transit
    B. no source authentication mechanism for faster response time
    C. Packet replay protection mechanism removed for efficiency
    D. GetBulkRequest capability, to retrieve large amounts of data in a single request
    E. confidentiality via encryption of packets, to prevent man-in-the-middle attacks

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.