Precise of 350-018 test preparation materials and study guides for Cisco certification for IT examinee, Real Success Guaranteed with Updated 350-018 pdf dumps vce Materials. 100% PASS CCIE Pre-Qualification Test for Security exam Today!

2021 Jun 350-018 Study Guide Questions:

Q201. Which standard prescribes a risk assessment to identify whether each control is required to decrease risks and if so, to which extent it should be applied? 

A. ISO 27001 

B. ISO 27002 

C. ISO 17799 


E. ISO 9000 

Answer: A 

Q202. Which two statements about OSPF authentication are true? (Choose two.) 

A. OSPF authentication is required in area 0. 

B. There are three types of OSPF authentication. 

C. In MD5 authentication, the password is encrypted when it is sent. 

D. Null authentication includes the password in clear-text. 

E. Type-3 authentication is a clear-text password authentication. 

F. In MD5 authentication, the password never goes across the network. 

Answer: BF 

Q203. What feature on the Cisco ASA is used to check for the presence of an up-to-date antivirus vendor on an AnyConnect client? 

A. Dynamic Access Policies with no additional options 

B. Dynamic Access Policies with Host Scan enabled 

C. advanced endpoint assessment 

D. LDAP attribute maps obtained from Antivirus vendor 

Answer: B 

350-018  test preparation

Rebirth vce 350-018:

Q204. DHCPv6 is used in which IPv6 address autoconfiguration method? 

A. stateful autoconfiguration 

B. stateless autoconfiguration 

C. EUI-64 address generation 

D. cryptographically generated addresses 

Answer: A 

Q205. What does the SXP protocol exchange between peers? 

A. IP to SGT binding information 

B. MAC to SGT binding information 

C. ingress port to SGT binding information 

D. ingress switch to SGT binding information 

Answer: A 

Q206. Which Cisco IPS appliance feature can automatically adjust the risk rating of IPS events based on the reputation of the attacker? 

A. botnet traffic filter 

B. event action rules 

C. anomaly detection 

D. reputation filtering 

E. global correlation inspection 

Answer: E

High value 350-018 forum:

Q207. Which IPsec protocol provides data integrity but no data encryption? 

A. AH 



D. DH 

Answer: A 

Q208. Which statement correctly describes a botnet filter category? 

A. Unlisted addresses: The addresses are malware addresses that are not identified by the dynamic database and are hence defined statically. 

B. Ambiguous addresses: In this case, the same domain name has multiple malware addresses but not all the addresses are in the dynamic database. These addresses are on the graylist. 

C. Known malware addresses: These addresses are identified as blacklist addresses in the dynamic database and static list. 

D. Known allowed addresses: These addresses are identified as whitelist addresses that are bad addresses but still allowed. 

Answer: C 

Q209. Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.) 

A. Microsoft Windows registry keys 

B. the existence of specific processes in memory 

C. the UUID of an Apple iPad or iPhone 

D. if a service is started on a Windows host 

E. the HTTP User-Agent string of a device 

F. if an Apple iPad or iPhone has been "jail-broken" 

G. if an antivirus application is installed on an Apple MacBook 

Answer: ABDG 

Q210. When you are configuring the COOP feature for GETVPN redundancy, which two steps are required to ensure the proper COOP operations between the key servers? (Choose two.) 

A. Generate an exportable RSA key pair on the primary key server and export it to the secondary key server. 

B. Enable dead peer detection between the primary and secondary key servers. 

C. Configure HSRP between the primary and secondary key servers. 

D. Enable IPC between the primary and secondary key servers. 

E. Enable NTP on both the primary and secondary key servers to ensure that they are synchronized to the same clock source. 

Answer: AB