1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 671:

    Refer to the exhibit.

    Which three descriptions of the configuration are true? (Choose three.)

    A. The configuration is on the NHS.
    B. The tunnel IP address represents the NBMA address.
    C. This tunnel is a point-to-point GRE tunnel.
    D. The tunnel is not providing peer authentication.
    E. The configuration is on the NHC.
    F. The tunnel encapsulates multicast traffic.
    G. The tunnel provides data confidentiality.

  • Question 672:

    Refer to the exhibit.

    Which two statements about the given configuration are true? (Choose two)

    A. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
    B. It will allow 209.165.202.129 to connect to 202.165.200.225 on a IMAP port
    C. It will allow 209.165.202.129 to connect to 202.165.200.225 on a RDP port
    D. It is an inbound policy
    E. It is an outbound policy
    F. It will allow 202.165.200.225 to connect to 209.165.202.129 on a RDP port

  • Question 673:

    A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. How can this issue be resolved?

    A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.
    B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client.
    C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.
    D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.
    E. The Cisco Easy VPN client machine needs to have multiple NICs to support this.

  • Question 674:

    Which port or ports are used for the FTP data channel in passive mode?

    A. random TCP ports
    B. TCP port 21 on the server side
    C. TCP port 21 on the client side
    D. TCP port 20 on the server side
    E. TCP port 20 on the client side

  • Question 675:

    Which three statements about remotely triggered black hole filtering are true? (Choose three.)

    A. It filters undesirable traffic.
    B. It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks.
    C. It provides a rapid-response technique that can be used in handling security-related events and incidents.
    D. It requires uRPF.

  • Question 676:

    Which feature can you implement to protect against SYN-flooding DoS attacks?

    A. TCP intercept
    B. a null zero route
    C. CAR applied to ICMP packets
    D. the ip verify unicast reverse-path command

  • Question 677:

    What Cisco IOS feature prevents an attacker from filling up the MTU cache for locally generated traffic when using path MTU discovery?

    A. Use NetFlow information to export data to a workstation.
    B. Force all traffic to send 1280-byte Packets by hard coding the MSS.
    C. Enable flow-label marking to track packet destination.
    D. Enable flow-label switching to track IPv6 packets in the MPLS cloud.
    E. Always use packets of 1500-byte size or larger.

  • Question 678:

    Which three statements about SMTP are true? (Choose three.)

    A. SMTP uses TCP port 25.
    B. The POP protocol is used by the SMTP client to manage stored mail.
    C. The IMAP protocol is used by the SMTP client to send email.
    D. The mail delivery agent in the SMTP architecture is responsible for DNS lookup.
    E. SMTPS uses SSL and TLS.
    F. SMTP uses TCP port 587.

  • Question 679:

    Which feature can be implemented to avoid any MPLS packet loss?

    A. IP TTL propagation
    B. LDP IGP sync
    C. label advertisement sync
    D. conditional label advertisement
    E. PHP

  • Question 680:

    Which port is used by default to communicate between VPN load-balancing ASAs?

    A. TCP 9022
    B. UDP 9023
    C. TCP 9023
    D. UDP 9022

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.