350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 701:
Which is an example of a network reconnaissance attack?
A. botnets
B. backdoor
C. ICMP sweep
D. firewalk
E. inverse mapping -
Question 702:
Under what condition will a switch with DHCP snooping configured permit a DHCP packet?
A. When the source MAC address and DHCP client hardware address are different from the address in a packet that was received on an untrusted interface
B. When it receives a DHCPRELEASE message in which the interface information in the DHCP binding database is different from the interface on which the message was received
C. When it receives a DHCPPLEASEQUERY from outside the network
D. When a DHCP relay agent forwards a packet with option-82tiformation from a trusted port -
Question 703:
Which action is performed first on the Cisco ASA appliance when it receives an incoming packet on its outside interface?
A. check if the packet is permitted or denied by the inbound ACL applied to the outside interface
B. check if the packet is permitted or denied by the global ACL
C. check if the packet matches an existing connection in the connection table
D. check if the packet matches an inspection policy
E. check if the packet matches a NAT rule
F. check if the packet needs to be passed to the Cisco ASA AIP-SSM for inspections -
Question 704:
If a cisco ASA firewall that is configured in multiple-context mode of operation receives a packet whose destination MAC address is a multicast address,how is the packet routed?
A. The Packets dropped
B. The packet is duplicated and forwarded to every context
C. The packet is forwarded to the admin context only
D. The packet duplicated and forwarded to every context except admin -
Question 705:
Which three features describe DTLS protocol? (Choose three.)
A. DTLS handshake does not support reordering or manage loss packets.
B. DTLS provides enhanced security, as compared to TLS.
C. DTLS provides block cipher encryption and decryption services.
D. DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery.
E. DTLS is used by application layer protocols that use UDP as a transport mechanism.
F. DTLS does not support replay detection. -
Question 706:
What is an example of a stream cipher?
A. RC5
B. DES
C. RC4
D. Blowfish -
Question 707:
For what reason has the IPv6 Type 0 Routing Header been recommended for deprecation?
A. When Type 0 traffic is blocked by a firewall policy, all other traffic with routing headers is dropped automatically.
B. It can conflict with ingress filtering.
C. It can create a black hole when used in combination with other routing headers.
D. Attackers can exploit its functionality to generate DoS attacks. -
Question 708:
MACsec, which is defined in 802.1AE, provides MAC-layer encryption over wired networks. Which two statements about MACsec are true? (Choose two.)
A. Only links between network access devices and endpoint devices can be secured by using MACsec.
B. MACsec is designed to support communications between network devices only.
C. MACsec manages the encryption keys that the MKA protocol uses.
D. A switch that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy that is associated with the client. -
Question 709:
Refer to the exhibit,
which shows a partial configuration for the EzVPN server. Which three missing ISAKMP profile options are required to support EzVPN using DVTI? (Choose three.)
A. match identity group
B. trustpoint
C. virtual-interface
D. keyring
E. enable udp-encapsulation
F. isakmp authorization list
G. virtual-template -
Question 710:
Which additional capability was added in IGMPv3?
A. leave group messages support
B. source filtering support
C. group-specific host membership queries support
D. IPv6 support
E. authentication support between the multicast receivers and the last hop router
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.