350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 501:
What are two reasons for a certificate to appear in a CRL? (Choose two.)
A. CA key compromise
B. cessation of operation
C. validity expiration
D. key length incompatibility
E. certification path invalidity -
Question 502:
What applications take advantage of a DTLS protocol?
A. delay-sensitive applications, such as voice or video
B. applications that require double encryption
C. point-to-multipoint topology applications
D. applications that are unable to use TLS -
Question 503:
Which three statements about Unicast RPF in strict mode and loose mode are true? (Choose three)
A. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing
B. Interface in strict mode drop traffic witch retun routes that point to the Null 0 interface
C. Strict mode requires a default route to be associated with the uplink network interface
D. Loose mode requires the source address to be present in the routing table
E. Both loose and strict modes are configured globally on the router
F. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which the interface is assigned -
Question 504:
What action does a RADIUS server take when it cannot authenticate the credentials of a user?
A. An Access-Reject message is sent.
B. An Access-Challenge message is sent, and the user is prompted to re-enter credentials.
C. A Reject message is sent.
D. A RADIUS start-stop message is sent via the accounting service to disconnect the session. -
Question 505:
Which three of these statements about a zone-based policy firewall are correct? (Choose three.)
A. An interface can be assigned to only one security zone.
B. By default, all traffic to and from an interface that belongs to a security zone is dropped unless explicitly allowed in the zone-pair policy.
C. Firewall policies, such as the past, inspect, and drop actions, can only be applied between two zones.
D. In order to pass traffic between two interfaces that belong to the same security zone, you must configure a pass action using class-default.
E. Traffic cannot flow between a zone member interface and any interface that is not a zone member. -
Question 506:
Which option describes the purpose of Fog architecture in loT?
A. To provide intersensor traffic routing
B. To provide highly available environmentally hardened network access
C. To provide centralized compute resources
D. To provide compute services at the network edge -
Question 507:
Which statement about the SYN flood attack is true?
A. The SYN flood attack is always directed from valid address.
B. The SYN flood attack target is to deplete server memory so that legitimate request cannot be served.
C. The SYN flood attack is meant to completely deplete the TCB SYN-Received state backlog.
D. The SYN flood attack can be launched for both UDP and TCP open ports on the server.
E. SYN-Received state backlog for TCBs is meant to protect server CPU cycles. -
Question 508:
Refer to the exhibit.
Why does the EasyVPN session fail to establish between the client and server?
A. Incomplete ISAKMP profile configuration on the server
B. Incorrect IPsec phase-2 configuration on the server
C. Incorrect group configuration on the client
D. ISAKMP key mismatch
E. Incorrect virtual-template configuration on the sever -
Question 509:
To prevent a potential attack on a Cisco IOS router with the echo service enabled, what action should you take?
A. Disable the service with the no ip echo command.
B. Disable the service with the no echo command.
C. Disable tcp-small-servers.
D. Disable this service with a global access-list. -
Question 510:
Refer to the exhibit.
What is the reason for the failure of the DMVPN session between R1 and R2?
A. tunnel mode mismatch B. IPsec phase-1 configuration is missing peer address on R2
C. IPsec phase-1 policy mismatch
D. IPsec phase-2 policy mismatch
E. incorrect tunnel source interface on R1
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.