350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 561:
What action can you take to prevent an amplification attack on an IPv6 network?
A. Disable the processing of IPv6 type 1 routing headers on the interface.
B. Disable the processing of IPv6 type 1 routing headers globally.
C. Disable the processing of IPv6 type 2 routing headers between remote routers.
D. Disable the processing of IPv6 type 0 routing headers globally.
E. Disable the processing of IPv6 type 2 routing headers globally. -
Question 562:
Which three statements about the TACACS protocol are correct? (Choose three.)
A. TACACS+ is an IETF standard protocol.
B. TACACS+ uses TCP port 47 by default.
C. TACACS+ is considered to be more secure than the RADIUS protocol.
D. TACACS+ can support authorization and accounting while having another separate authentication solution.
E. TACACS+ only encrypts the password of the user for security.
F. TACACS+ supports per-user or per-group for authorization of router commands. -
Question 563:
Which feature can prevent IP spoofing attacks?
A. CBAC
B. Unicast RPF
C. CoPP
D. CAR
E. ARP spoofing
F. TCP intercept -
Question 564:
Which two statements about SSL VPN smart tunnels on a Cisco IOS device are true? (Choose two.)
A. They are incompatible with split tunneling.
B. They do not support FTP.
C. They are incompatible with MAPI proxy.
D. They support private socket libraries.
E. They can be started in more than one Web browser at the same time. -
Question 565:
Which configuration is the correct way to change a GET VPN Key Encryption Key lifetime to 10800 seconds on the key server?
A. crypto isakmp policy 1 lifetime 10800
B. crypto ipsec security-association lifetime? seconds 10800
C. crypto ipsec profile getvpn-profile set security-association lifetime seconds 10800 ! crypto gdoi group GET-Group identity number 1234 server local sa ipsec 1 profile getvpn-profile
D. ?crypto gdoi group GET-Group identity number 1234 server local rekey lifetime seconds 10800
E. crypto gdoi group GET-Group identity number 1234 server local set security-association lifetime seconds 10800 -
Question 566:
Of which IPS application is Event Action Rule a component?
A. NotificationApp
B. InterfaceApp
C. SensorApp
D. SensorDefinition
E. MainApp
F. AuthenticationApp -
Question 567:
You have discovered an unwanted device with MAC address 001c.of12.badd on port FastEthernet1/1 on VLAN 4.What command or command sequence can enter on the switch to prevent the MAC address from passing traffic on VLAN 4?
A. Option 1
B. Option 2
C. Option 3
D. Option 4 -
Question 568:
Refer to the exhibit.
Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)
A. The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.
B. Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.
C. Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.
D. Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.
E. Interface FastEthernet 5/1 is the community port.
F. Interface FastEthernet 5/4 is the isolated port. -
Question 569:
Which statement about Cisco IPS signatures is true?
A. All of the built-in signatures are enabled by default.
B. Tuned signatures are built-in signatures whose parameters cannot be adjusted.
C. Once the signature is removed from the sensing engine it cannot be restored.
D. It is recommended to retire a signature not being used to enhance the sensor performance. -
Question 570:
Which two EAP methods may be susceptible to offline dictionary attacks? (Choose two.)
A. EAP-MD5
B. LEAP
C. PEAP with MS-CHAPv2
D. EAP-FAST
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.