1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 781:

    What transport protocol and port are used by GDOI for its IKE sessions that are established between the group members and the key server?

    A. UDP port 848
    B. TCP port 848
    C. ESP port 51
    D. SSL port 443
    E. UDP port 4500

  • Question 782:

    Which statement about the HTTP protocol is true?

    A. The request method does not include the protocol version.
    B. The proxy acts as an intermediary receiving agent in the request-response chain.
    C. The tunnel acts as an intermediary relay agent in the request-response chain.
    D. The gateway acts as an intermediary forwarding agent in the request-response chain.
    E. The success and error codes are returned in the response message by the user-agent.

  • Question 783:

    What are too important guidelines to follow when implementing VTP? (Choose two.)

    A. When using secure-mode VTP, configure management domain passwords only on VTP servers.
    B. Use of the VTP multidomain feature should be restricted to migration and temporary implementation.
    C. Enabling VTP pruning on a server will enable the feature for the entire management domain.
    D. All switches in the VTP domain must run the same version of VTP.
    E. CDP must be enabled on all switches in the VTP management domain.

  • Question 784:

    Which two statements about the fragmentation of IPsec packets in routers are true? (Choose two.)

    A. By default, the IP packets that need encryption are first encrypted with ESP. If the resulting encrypted packet exceeds the IP MTU on the egress physical interface, then the encrypted packet is fragmented and sent out.
    B. By default, the router knows the IPsec overhead to add to the packet. The router performs a lookup if the packet will exceed the egress physical interface IP MTU after encryption, then fragments the packet and encrypts the resulting IP fragments separately.
    C. increases CPU utilization on the decrypting device.
    D. increases CPU utilization on the encrypting device.

  • Question 785:

    IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)

    A. Send
    B. Mobile IPv6
    C. site-to-site virtual interfaces
    D. OSPFv3
    E. CAPWAP
    F. LWAPP

  • Question 786:

    Which statement about ACS rule-based policies is true?

    A. The permissions for rule-based policies are defined in authentication profile.
    B. Permission for rule-bases polices are associated with user group.
    C. Rule-based polices can apply different permission to the same user under different condition
    D. TACACS+ is one of the attributes included in the authorization profile

  • Question 787:

    Drag each ESP header field on the left into the corresponding field-length category on the right

    Select and Place:

  • Question 788:

    Review the exhibit.

    Which three statements about the Cisco IPS sensor are true? (Choose three.)

    A. A
    B. B C. C
    D. D
    E. E

  • Question 789:

    Drag and drop the web attack types from the left to the corresponding descriptions of the attack on the right.

    Select and Place:

  • Question 790:

    Refer to the exhibit.

    You are configuring a GRE tunnel between two sites. What action can you take to minimize packet fragmentation on the tunnel?

    A. Configure ip mtu 1400 and ip tcp adjust-mss 1360 under the tunnel1 interface on both routers.
    B. Configure ip mtu 1360 and ip tcp adjust-mss 1400 under the tunnel1 interface on both routers
    C. Configure ip mtu 1500 and ip tcp adjust-mss 1400 under the tunnel1 interface on either router
    D. Configure ip mtu 1500 and ip tcp adjust-mss 1360 under the tunnel1 interface on either router

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.