1. Home
  2. Cisco
  3. 350-018

Cisco 350-018 Online Practice Questions and Exam Preparation

350-018 Exam Details

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 350-018 Online Questions & Answers

  • Question 791:

    Which three statements about SSHv1 and SSHv2 are true? (Choose three.)

    A. Both SSHv1 and SSHv2 support multiple session channels on a single connection.
    B. Both SSHv1 and SSHv2 require a server key to protect the session key.
    C. SSHv2 supports a wider variety of user-authentication methods than SSHv1.
    D. Unlike SSHv1, SSHv2 uses separate protocols for authentication, connection, and transport.
    E. Unlike SSHv1, SSHv2 supports multiple forms of user authentication in a single session.
    F. Both SSHv1 and SSHv2 negotiate the bulk cipher.

  • Question 792:

    What ASA feature can you use to restrict a user to a specific VPN group?

    A. MPF
    B. A Webtype ACL
    C. group-lock
    D. A VPN filter

  • Question 793:

    Which ASA device is designated as the cluster master?

    A. the ASA with the highest MAC address
    B. the ASA with the lowest MAC address
    C. the ASA configured with the highest priority value
    D. the ASA configures with lowest priority value

  • Question 794:

    Which statement is true regarding the packet flow on Cisco ASA firewall running version 8.2?

    A. For the packet that has been received on the ingress interface, ACL is only checked if the connection entry exists for the packet flow.
    B. For the packet that has been received on the ingress interface, transaction rule is checked before the ACL if the connection entry for the packet flow does not exist.
    C. For the packet that has been received on the egress interface, transaction rule is checked before the ACL if the connection entry does not exist for the packet flow.
    D. For the packet that has been received on the ingress interface, ACL is only checked if the connection entry does not exist for the packet flow.

  • Question 795:

    Which two statements about the send protocol are true?(Choose two)

    A. it counters neighbor discovery threats
    B. it must be enabled before you can configure IPv6 address
    C. It supports numerous custom neighbor discovery messages
    D. it supports an autoconfiguration mechanism
    E. it logs IPv6-related threats to an external log server
    F. it uses IPsec as baseline mechanism

  • Question 796:

    Drag and drop the step in the Cisco ASA packet processing flow on the left into the correct order of operations on the right.

    Select and Place:

  • Question 797:

    Which MPLS label is the signaled value to activate PHP (penultimate hop popping)?

    A. 0x00
    B. php
    C. swap
    D. push
    E. imp-null

  • Question 798:

    Which three statements about Security Group Tag Exchange Protocol are true? (Choose three.)

    A. SXP runs on UDP port 64999.
    B. A connection is established between a "listener" and a "speaker."
    C. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform SGT tagging at Layer 2 to devices that support it.
    D. SXP is supported across multiple hops.
    E. SXPv2 introduces connection security via TLS.

  • Question 799:

    What are two security controls you can implement to protect your organization's internal network from virus and worm outbreaks? (Choose two.)

    A. Implement routing protocols with strong interface authentication.
    B. Quarantine hosts that fail to meet your organization's IT security requirements.
    C. Implement Cisco Identity Service Engine (ISE) for network security.
    D. Deploy Cisco Prime LMS to manage network security,
    E. Require users to authenticate before accessing the network.

  • Question 800:

    Which VPN technology is based on GDOI (RFC 3547)?

    A. MPLS Layer 3 VPN
    B. MPLS Layer 2 VPN
    C. GET VPN
    D. IPsec VPN

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.