Exam Deatils

  • Exam Code
    :350-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certified Internetwork Expert Security
  • Vendor
    :Cisco
  • Total Questions
    :872 Q&As
  • Last Updated
    :Jul 31, 2020

Cisco Cisco Certified Internetwork Expert Security 350-018 Questions & Answers

  • Question 1:

    Which three statements about Security Group Tag Exchange Protocol are true? (Choose three.)

    A. SXP runs on UDP port 64999.

    B. A connection is established between a "listener" and a "speaker."

    C. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform SGT tagging at Layer 2 to devices that support it.

    D. SXP is supported across multiple hops.

    E. SXPv2 introduces connection security via TLS.

  • Question 2:

    Refer to the exhibit.

    With the client protected by the firewall, an HTTP connection from the client to the server on TCP port 80 will be subject to which action?

    A. inspection action by the HTTP_CMAP

    B. inspection action by the TCP_CMAP

    C. drop action by the default class

    D. inspection action by both the HTTP_CMAP and TCP_CMAP

    E. pass action by the HTTP_CMAP

    F. drop action due to class-map misclassification

  • Question 3:

    Which three IP resources is the IANA responsible? (Choose three.)

    A. IP address allocation

    B. detection of spoofed address

    C. criminal prosecution of hackers

    D. autonomous system number allocation

    E. root zone management in DNS

    F. BGP protocol vulnerabilities

  • Question 4:

    What protocol is responsible for issuing certificates?

    A. GET

    B. SCEP

    C. ESP

    D. DTLS

    E. AH

  • Question 5:

    Which three statements about the RSA algorithm are true to provide data confidentiality? (Choose three.)

    A. The RSA algorithm provides encryption and authentication.

    B. The RSA algorithm provides authentication but not encryption.

    C. The RSA algorithm creates a pair of public-private keys and the public key is shared to perform encryption.

    D. The private key is never shared after it is generated.

    E. The public key is used to decrypt the message that was encrypted by the private key.

    F. The private key is used to decrypt the message that was encrypted by the public key.

  • Question 6:

    In an 802.11 wireless network, what would an attacker have to spoof to initiate a deauthentication attack against connected clients?

    A. the BSSID of the AP where the clients are currently connected

    B. the SSID of the wireless network

    C. the MAC address of the target client machine

    D. the broadcast address of the wireless network

  • Question 7:

    Which three statements are true about Cryptographically Generated Addresses for IPv6? (Choose three.)

    A. They prevent spoofing and stealing of existing IPv6 addresses.

    B. They are derived by generating a random 128-bit IPv6 address based on the public key of the node.

    C. They are used for securing neighbor discovery using SeND.

    D. SHA or MD5 is used during their computation.

    E. The minimum RSA key length is 512 bits.

    F. The SHA-1 hash function is used during their computation.

  • Question 8:

    Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not

    forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)

    A. mismatch area types

    B. mismatch of subnet masks

    C. mismatch of network types

    D. mismatch of authentication types

    E. mismatch of instance IDs

  • Question 9:

    Refer to the exhibit.

    To configure the Cisco ASA, what should you enter in the Name field, under the Group Authentication option for the IPSec VPN client?

    A. group policy name

    B. crypto map name

    C. isakmp policy name

    D. crypto ipsec transform-set name

    E. tunnel group name

  • Question 10:

    What is the maximum number of hops from the device that generated the given output to its BGP neighbor at 4.4.4.4?

    Refer to the exhibit.

    A. 3

    B. 252

    C. 5

    D. 255

    E. 2

    F. 254

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Gk4exam.com, you will find all the answers. Gk4exam.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-018 exam preparations and Cisco certification application, do not hesitate to visit our Gk4exam.com to find your solutions here.