1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 481:

    In RFC 4034, DNSSEC introduced which four new resource record types? (Choose four.)

    A. DNS Public Key (DNSKEY)
    B. Next Secure (NSEC)
    C. Resource Record Signature (RRSIG)
    D. Delegation Signer (DS)
    E. Top Level Domain (TLD)
    F. Zone Signing Key (ZSK)

  • Question 482:

    Which of the following best describes Chain of Evidence in the context of security forensics?

    A. Evidence is locked down, but not necessarily authenticated.
    B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
    C. The general whereabouts of evidence is known.
    D. Someone knows where the evidence is and can say who had it if it is not logged.

  • Question 483:

    Regarding VSAs, which statement is true?

    A. VSAs may be implemented on any RADIUS server.
    B. VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor. For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.
    C. VSAs do not apply to RADIUS; they are a TACACS attribute.
    D. Each VSA is defined in an RFC and is considered to be a standard.

  • Question 484:

    Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

    A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
    B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
    C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
    D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.

  • Question 485:

    What are three benefits of Cisco IOS FlexVPN? (Choose three)

    A. Its provide hierarchical QoS on a per-tunnel basis
    B. It is compatible with most private intranet deployments
    C. Its support TACACS+
    D. It is compatible with IKEv2-based third-party VPN solutions
    E. It provides centralized policy control
    F. It support DMVPN deployment

  • Question 486:

    What is the advantage of using the ESP protocol over the AH?

    A. data confidentiality
    B. data integrity verification
    C. nonrepudiation
    D. anti-replay protection

  • Question 487:

    You have determined that RouterA is sending a high number of fragmented packets from the s0 interface to the Web server causing performance issues on RouterA . What configuration can you perform to send the fragmented packets to the workstation at 10.0.0.2 for analysis?

    Refer to the exhibit.

    G. Exhibit A
    H. Exhibit B
    I. Exhibit C
    J. Exhibit D

  • Question 488:

    Refer to the exhibit.

    A customer has an IPsec tunnel that is configured between two remote offices. The customer is seeing these syslog messages on Router B:

    %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=x, sequence number=y

    What is the most likely cause of this error?

    A. The customer has an LLQ QoS policy that is configured on the WAN interface of Router
    C. A hacker on the Internet is launching a spoofing attack.
    D. Router B has an incorrectly configured IP MTU value on the WAN interface.
    E. There is packet corruption in the network between Router A and Router B.
    F. Router A and Router B are not synchronized to the same timer source.

  • Question 489:

    Which two statements about PCI DSS are true ?(Choose two)

    A. It is a criminal act of cardholder information fraud.
    B. It is an IETF standard for companies to protect credit, debit ,and ATM cardholder information.
    C. It has as one of its objectives to restrict physical access to credit, debit ,and ATM cardholder information.
    D. It is a US government standard that defines ISP security compliance.
    E. It is a proprietary security standard that defines a framework for credit, debit ,and ATM cardholder information.

  • Question 490:

    Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)

    A. manually configured
    B. automatic 6to4
    C. ISATAP
    D. GRE

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.