1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 451:

    Which QoS marking is only locally significant on a Cisco router?

    A. MPLS EXP
    B. DSCP
    C. QoS group
    D. IP precedence
    E. traffic class
    F. flow label

  • Question 452:

    Drag each SSL encryption algorithm on the left to the encryption and hashing values it users on the right.

    Select and Place:

  • Question 453:

    What functionality is provided by DNSSEC?

    A. origin authentication of DNS data
    B. data confidentiality of DNS queries and answers
    C. access restriction of DNS zone transfers
    D. storage of the certificate records in a DNS zone file

  • Question 454:

    Which statement is true about the PKI deployment using Cisco IOS devices?

    A. During the enrollment, CA or RA signs the client certificate request with its public key.
    B. RA is capable to publish the CRLs.
    C. Peers use private leys in their certificates to negotiate IPSec SAs to establish the secure channel.
    D. RA is used for accepting the enrollment requests.
    E. Certificate Revocation is not supported by SCEP protocol.

  • Question 455:

    Refer to the exhibit.

    It shows the format of an IPv6 Router Advertisement packet. If the Router Lifetime value is set to 0, what does that mean?

    A. The router that is sending the RA is not the default router.
    B. The router that is sending the RA is the default router.
    C. The router that is sending the RA will never power down.
    D. The router that is sending the RA is the NTP master.
    E. The router that is sending the RA is a certificate authority.
    F. The router that is sending the RA has its time synchronized to an NTP source.

  • Question 456:

    What is the size of a point-to-point GRE header, and what is the protocol number at the IP layer?

    A. 8 bytes, and protocol number 74
    B. 4 bytes, and protocol number 47
    C. 2 bytes, and protocol number 71
    D. 24 bytes, and protocol number 1
    E. 8 bytes, and protocol number 47

  • Question 457:

    Which two statements about ASA transparent mode are true? (Choose two.)

    A. Transparent mose acts as a Layer-3 firewall.
    B. The inside and outside interface must be in a different subnet.
    C. IP traffic will not pass unless it is permitted by an access-list.
    D. ARP traffic is dropped unless it is permitted.
    E. A configured route applies only to the traffic that is originated by the ASA.
    F. In multiple context mode, all contexts need to be in transparent mode.

  • Question 458:

    Which two statements about dynamic ARP inspection are true? (Choose two.)

    A. Dynamic ARP inspection checks ARP packets on both trusted and untrusted ports.
    B. Dynamic ARP inspection is only supported on access and trunk ports.
    C. Dynamic ARP inspection checks invalid ARP packets against the trusted database.
    D. The trusted database to check for an invalid ARP packet is manually configured.
    E. Dynamic ARP inspection does not perform ingress security checking.
    F. DHCP snooping must be enabled.

  • Question 459:

    Which two options are apen-source SDN controllers? (choose two)

    A. Opendaylight
    B. Big Cloud Fabric
    C. Application Policy Infrastructure Controller
    D. OPenContrail
    E. Virtual Application Networks SDN Controller

  • Question 460:

    When configuring a switchport for port security that will support multiple devices and that has already been configured for 802.1X support, which two commands need to be added? (Choose two.)

    A. The 802.1X port configuration must be extended with the command dot1x multiple-host.
    B. The 802.1X port configuration must be extended with the command dot1x port-security.
    C. The switchport configuration needs to include the command switchport port-security.
    D. The switchport configuration needs to include the port-security aging command.
    E. The 802.1X port configuration needs to remain in port-control force-authorized rather than port-control auto.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.