350-018 Exam Details
-
Exam Code
:350-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:872 Q&As -
Last Updated
:Dec 11, 2021
Cisco 350-018 Online Questions & Answers
-
Question 811:
Refer to the exhibit.
Why does the Easy VPN session fail to establish between the client and server?
A. Incomplete ISAKMP profile configuration on the server
B. Incorrect IPsec phase-2 configuration on the server
C. Incorrect group configuration on the client
D. ISAKMP key mismatch
E. Incorrect virtual-template configuration on the sever -
Question 812:
Which two cipher mechanisms does PColP use? (Choose two.)
A. autokey
B. RC4
C. SEAL
D. Blowfish
E. AES 256
F. Suite B -
Question 813:
What is the purpose of the BGP TTL security check?
A. The BGP TTL security check is used for iBGP session.
B. The BGP TTL security check protects against CPU utilization-based attacks.
C. The BGP TTL security check checks for a TTL value in packet header of less than or equal to for successful peering.
D. The BGP TTL security check authenticates a peer.
E. The BGP TTL security check protects against routing table corruption. -
Question 814:
Which three statements are true about PIM-SM operations? (Choose three.)
A. PIM-SM supports RP configuration using static RP, Auto-RP, or BSR.
B. PIM-SM uses a shared tree that is rooted at the multicast source.
C. Different RPs can be configured for different multicast groups to increase RP scalability.
D. Candidate RPs and RP mapping agents are configured to enable Auto-RP.
E. PIM-SM uses the implicit join model. -
Question 815:
Which multicast capability is not supported by the Cisco ASA appliance?
A. ASA configured as a rendezvous point
B. Sending multicast traffic across a VPN tunnel
C. NAT of multicast traffic
D. IGMP forwarding (stub) mode -
Question 816:
What is the maximum number of hops from the device that generated the given output to its BGP neighbor at 4.4.4.4?
Refer to the exhibit.
A. 3
B. 252
C. 5
D. 255
E. 2
F. 254 -
Question 817:
Referring to the DMVPN topology diagram shown in the exhibit, which two statements are correct? (Choose two.)
A. The hub router tunnel interface must have the EIGRP next hop self-enabled.
B. Before a spoke-to-spoke tunnel can be built, the spoke router needs to send an NHRP query to the hub to resolve the remote spoke router physical interface IP address.
C. The hub router needs to have EIGRP split horizon disabled.
D. The spoke routers act as the NHRP servers for resolving the remote spoke physical interface IP address.
E. At the Spoke A router, the next hop to reach the 192 168.0.0/24 network should be 172.17.0.1.
F. At the Spoke A router, the next hop to reach the 192.168.2.0/24 network should be 10.0.0.1. -
Question 818:
Which statement is true about the Cisco ASA interface monitoring?
A. ASA does not clear the received packets count on the monitored interface before running the tests.
B. Interfaces of the same context cannot be monitored.
C. It is possible to configure a context to monitor a shared interface.
D. If the monitored interface has both IPv4 and IPv6 addresses then it cannot be monitored. -
Question 819:
Which three statements are true about the Cisco ASA object configuration below? (Choose three.)
object network vpnclients
range 10.1.100.4 10.1.100.10
object network vpnclients
nat (outside,outside) dynamic interface
A. The NAT configuration in the object specifies a PAT rule?
B. This configuration requires the command same-security-traffic inter-interface for traffic that matches this NAT rule to pass through the Cisco ASA appliance.
C. The NAT rule of this object will be placed in Section 1 (Auto-NAT) of the Cisco ASA NAT table?
D. This configuration is most likely used to provide Internet access to connected VPN clients.
E. Addresses in the range will be assigned during config-mode. -
Question 820:
In what subnet does address 192.168.23.197/27 reside?
A. 192.168.23.0
B. 192.168.23.128
C. 192.168.23.160
D. 192.168.23.192
E. 192.168.23.196
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.