350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 411:
Refer to the exhibit.What is the effect of the given service policy configuration?
A. It blocks Facebook.com ,msn.com,cisco.com,and google.com, and permits all other domains.
B. It blocks all domains except cisco.com, msn.com,cisco. Facebook.com.
C. It blocks all domains except Facebook.com ,msn.com,cisco.com,and google.com.
D. It blocks cisco.com, msn.com, and Facebook.com and permits all other domains. -
Question 412:
Your IPv6 a CA and trust anchous to implement secure network discovery. What extension must your CA certificates support?
A. id-pe-ipaddrBlocks
B. keyUsage
C. extKeyUsage
D. id-pe-autonomousSyslds
E. ia-ad-classusers
F. nameConstraints -
Question 413:
As defined by Cisco TrustSec, which EAP method is used for Network Device Admission Control authentication?
A. EAP-FAST
B. EAP-TLS
C. PEAP
D. LEAP -
Question 414:
Which statement about a botnet attack is true?
A. The botnet attack is an attack on a firewall to disable it's filtering ability.
B. The botnet attack is a network sweeping attack to find hosts that are alive alive behind the filtering device.
C. The botnet attack is a collection of infected computers that launch automated attacks.
D. The owner of the infected computer willingly participates in automated attacks.
E. The botnet attack enhances the efficiency of the computer for effective automated attacks. -
Question 415:
Refer to the exhibit.
Which two statements about this debug output are true? (Choose two.)
A. The request is from NHC to NHS.
B. The request is from NHS to NNC.
C. 192.168.10.2 is the remote NBMA address.
D. 192.168.10.1 is the local VPN address.
E. 69.1.1.2 is the local non-routable address.
F. This debug output represents a failed NHRP request. -
Question 416:
Which option explains the passive scan technique that is used by wireless clients to discover available wireless networks?
A. listening for access point beacons that contain available wireless networks
B. sending a null probe request
C. sending a null association request
D. listening for access point probe response frames that contain available wireless networks -
Question 417:
What feature enables extended secure access from non-secure physical location?
A. 802.1x port-based authentication
B. Strom control
C. Port security
D. CBAC
E. NEAT -
Question 418:
When a client attempts to authenticate to an access point with the RADIUS server, the server returns the error message "Invalid message authenticator in EAP request." Which action can you take to correct the problem?
A. Add the user profile to ACS.
B. Synchronize the shared password between AP and ACS.
C. Configure the required privileges for the authentication service.
D. Enable the external database account. -
Question 419:
What are two effects of the given configuration? (Choose two.) Refer to the exhibit.
A. It permits Parameter Problem messages that indicate an error in the header.
B. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagram.
C. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded.
D. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering.
E. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header field.
F. It permits Destination Unreachable messages that indicate an invalid port on the host specified m the datagram. -
Question 420:
Which two statements are correct regarding the AES encryption algorithm? (Choose two.)
A. It is a FIPS-approved symmetric block cipher.
B. It supports a block size of 128, 192, or 256 bits.
C. It supports a variable length block size from 16 to 448 bits.
D. It supports a cipher key size of 128, 192, or 256 bits.
E. The AES encryption algorithm is based on the presumed difficulty of factoring large integers.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.