1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 541:

    Which two options describe the main purpose of EIGRP authentication? (Choose two.)

    A. To identify authorized peers.
    B. To allow faster convergence
    C. To provide redundancy
    D. To prevent injection of incorrect routing information.
    E. To provide routing updates confidentiality

  • Question 542:

    An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?

    A. NAT overload
    B. NAT extendable
    C. NAT TCP load balancing
    D. NAT service-type DNS
    E. NAT port-to-application mapping

  • Question 543:

    What action will be taken by a Cisco IOS router if a TCP packet, with the DF bit set, is larger than the egress interface MTU?

    A. Split the packet into two packets, so that neither packet exceeds the egress interface MTU, and forward them out.
    B. Respond to the sender with an ICMP Type 3 , Code 4.
    C. Respond to the sender with an ICMP Type 12, Code 2.
    D. Transmit the packet unmodified.

  • Question 544:

    Which statement about SOX is true?

    A. Section 404 of SOX is related to non IT compliance.
    B. It is a US law.
    C. It is an IEFT compliance procedure for computer systems security.
    D. It is an IEEE compliance procedure for IT management to produce audit reports.
    E. It is a private organization that provides best practices for financial institution computer systems.

  • Question 545:

    Which two ICMP types must be allowed in a firewall to enable traceroutes through the firewall? (Choose two.)

    A. ICMP type=5.code=1
    B. ICMP type=11, code=0
    C. ICMP type=5.code=0
    D. ICMP type=1l.code=1
    E. ICMP type=3, code=12
    F. ICMP type=3, code=3

  • Question 546:

    OSPFv3 mechanism of authentication? (choose two)

    A. AH
    B. ESP
    C. MD5
    D. SHA
    E. IP
    F. GRE

  • Question 547:

    Attacks can originate from multicast receivers. Any receiver that sends an IGMP or MLD report typically creates state on which router?

    A. customer
    B. first-hop
    C. source
    D. RP

  • Question 548:

    With ASM, sources can launch attacks by sending traffic to any groups that are supported by an active RP. Such traffic might not reach a receiver but will reach at least the first-hop router in the path, as well as the RP, allowing limited attacks. However, if the attacking source knows a group to which a target receiver is listening and there are no appropriate filters in place, then the attacking source can send traffic to that group. This traffic is received as long as the attacking source is listening to the group.

    Based on the above description, which type of security threat is involved?

    A. DoS
    B. man-in-the-middle
    C. compromised key
    D. data modification

  • Question 549:

    Why do firewalls need to specially treat an active mode FTP session?

    A. The data channel is originating from a server side.
    B. The FTP client opens too many concurrent data connections.
    C. The FTP server sends chunks of data that are too big.
    D. The data channel is using a 7-bit transfer mode.

  • Question 550:

    Which two statements about TrustSec are true? (Choose two)

    A. It can simplify the management and configuration of security policies
    B. It can simplify the ASA management and configuration
    C. It can simplify SG-ACL provisioning to network router and switches
    D. It can apply access-control policies throughout the network
    E. It is a part of Cisco commerce work space

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.