1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 351:

    Which three security features were introduced with the SNMPv3 protocol? (Choose three.)

    A. Message integrity, which ensures that a packet has not been tampered with in-transit
    B. DoS prevention, which ensures that the device cannot be impacted by SNMP buffer overflow
    C. Authentication, which ensures that the message is from a valid source
    D. Authorization, which allows access to certain data sections for certain authorized users
    E. Digital certificates, which ensure nonrepudiation of authentications
    F. Encryption of the packet to prevent it from being seen by an unauthorized source

  • Question 352:

    EAP-MD5 provides one-way client authentication. The server sends the client a random challenge. The client proves its identity by hashing the challenge and its password with MD5. What is the problem with EAP-MD5?

    A. EAP-MD5 is vulnerable to dictionary attack over an open medium and to spoofing because there is no server authentication.
    B. EAP-MD5 communication must happen over an encrypted medium, which makes it operationally expensive.
    C. EAP-MD5 is CPU-intensive on the devices.
    D. EAP-MD5 not used by RADIUS protocol.

  • Question 353:

    Drag each Cisco TrustSec feature on the left to its description on the right.

    Select and Place:

  • Question 354:

    What IPS risk rating allows the user to assign a risk weighting based on the relative importance of the system involved?

    A. Signature Fidelity Rating
    B. Mack Relevancy Rating
    C. Target Value Rating
    D. Alert Severity Rating

  • Question 355:

    Which two statements about the RC4 algorithm are true? (Choose two.)

    A. The RC4 algorithm is an asymmetric key algorithm.
    B. In the RC4 algorithm, the 40-bit key represents four characters of ASCII code.
    C. The RC4 algorithm is faster in computation than DES.
    D. The RC4 algorithm uses variable-length keys.
    E. The RC4 algorithm cannot be used with wireless encryption protocols.

  • Question 356:

    Which three statements apply to the behavior of Cisco AnyConnect client auto-reconnect? (Choose three.)

    A. By default, Cisco AnyConnect attempts to re-establish a VPN connection when you lose connectivity to the secure gateway.
    B. With respect to VPN load balancing and Cisco AnyConnect reconnect, the client reconnects to the cluster member with the highest priority.
    C. Cisco AnyConnect reconnects when the network interface changes, whether the IP of the NIC changes or whether connectivity switches from one NIC to another; for example, wireless to wired or vice versa.
    D. With respect to VPN load balancing and Cisco AnyConnect reconnect, the client reconnects directly to the cluster member to which it was previously connected.
    E. By default, Cisco AnyConnect attempts to re-establish a VPN connection following a system resume.

  • Question 357:

    Which two statements about the storm control implementation on the switch are true? (Choose two.)

    A. Traffic storm level is the percentage of total available bandwidth of the port.
    B. Traffic storm level is the rate at which layer 3 traffic is received on the port.
    C. Traffic storm control monitors only the broadcast traffic.
    D. Traffic storm control monitors the broadcast, multicast, and unicast traffic.
    E. Traffic storm level is the rate at which layer 2 traffic is received on the port.
    F. A Lower storm control level means more traffic is allowed to pass through.

  • Question 358:

    Which two statements about attacks against IPV4 and IPv6 network are true? (Choose two)

    A. Man-in-the-middle attacks are more common against IPv4 and IPv6
    B. The multicast DHCPv6 replies on IPv6 network are easier to protect from attacks
    C. Rogue devices provide more risk to IPv4 networks than IPv6 networks
    D. It is easier to scan an IPv4 network than an IPv6 networks.
    E. Data can be captured in transit across both network types.
    F. Attacks performed at the application layer can compromise both types

  • Question 359:

    Refer to the exhibit.

    Why is there no encrypted session between host 10.10.10.1 and 20.20.20.1?

    A. Incorrect or missing group configuration on the client.
    B. Incorrect or missing phase 2 configuration on the server.
    C. Incorrect or missing Virtual-Template configuration on the server.
    D. Incorrect or missing phase 1 configuration on server.
    E. Incorrect or missing Virtual-Template configuration on the client.
    F. Incorrect or missing group configuration on the server.

  • Question 360:

    Refer to the exhibit.

    Which services or feature must be enabled on 209.165.200.225 to produce the given output?

    A. the PAD service
    B. a TCP small server
    C. the Finger Service
    D. a BOOTP server

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.