350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 591:
Which statement about the DH group is true?
A. It provides data confidentiality.
B. It does not provide data authentication.
C. It is negotiated in IPsec phase 2.
D. It establishes a shared key over a secured medium. -
Question 592:
Which statement about the distributed SYN flood attack is true?
A. A distributed SYN flood attack is carried out only by the valid address.
B. A distributed SYN flood attack is carried out only by spoofed addresses.
C. Botnet could be used to launch a distributed SYN flood attack.
D. A distributed SYN flood attack does not completely deplete TCBs SYN-Received state backlog.
E. A distributed SYN flood attack is the most effective SYN flood attack because it targets server memory. -
Question 593:
What is the most commonly used technology to establish an encrypted HTTP connection?
A. The HTTP/1.0 Upgrade header
B. HTTPS
C. Secure Hyper Transfer Protocol
D. The HTTP/1.1 Upgrade header -
Question 594:
Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)
A. COBIT and ISO 27002 both define a best practices framework for IT controls.
B. COBIT focuses on information system processes, whereas ISO 27002 focuses on the security of the information systems.
C. ISO 27002 addresses control objectives, whereas COBIT addresses information security management process requirements.
D. Compared to COBIT, ISO 27002 covers a broader area in planning, operations, delivery, support, maintenance, and IT governance.
E. Unlike COBIT, ISO 27002 is used mainly by the IT audit community to demonstrate risk mitigation and avoidance mechanisms. -
Question 595:
ASA v9.2 new feature
A. not possible to point to null0
B. support for policy based routing with route-map
C. backup ASA does ospf neighbor -
Question 596:
Which authentication mechanism is available to OSPFv3?
A. simple passwords
B. MD5
C. null
D. IKEv2
E. IPsec AH/ESP -
Question 597:
Which three statements about remotely triggered black hole filtering are true? (Choose three.)
A. Three key components of an RTBH filtering solution are: uRPF, iBGP and a null0 interface.
B. It supports both source-based and destination-based filtering.
C. It can be used to mitigate DDoS and worm attacks.
D. ICMP unreachable messages must not be disabled on all edge PE routers peered with the trigger router.
E. It requires loose uRPF for destination based filtering.
F. It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks. -
Question 598:
Which query type is required for an nslookup on an IPv6 addressed host?
A. type=AAAA
B. type=ANY
C. type=PTR
D. type=NAME-IPV6 -
Question 599:
The SSL VPN implementation on a Cisco ASA adaptive security appliance supports which three of these features? (Choose three)
A. sending TCP-only traffic through port forwarding
B. sending TCP-only traffic through a smart tunnel
C. sending TCP and UDP traffic through a smart tunnel
D. establishing a Winsock 2 connection between the client and the server through smart tunnels
E. establishing a Winsock 2 connection between the client and the server through port forwarding
F. sending TCP and UDP traffic through port forwarding -
Question 600:
Refer the exhibit.
if R1 is acting as a DHCP server, what action can you take to enable the PC to receive an IP address assignment from the DHCP server?
A. Configure the ip helper-address command on R2 to use R1's IP address
B. Configure the ip helper-address command on R1 to use R2's ip address
C. Configure DHCP option 150 on R2
D. configure the ip local pool command on R2
E. Configure the ip loca pool command on R1
F. Configure DHCP option 82 on R1
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.