Want to know Examcollection 350-018 Exam practice test features? Want to lear more about Cisco CCIE Pre-Qualification Test for Security certification experience? Study Virtual Cisco 350-018 answers to Renew 350-018 questions at Examcollection. Gat a success with an absolute guarantee to pass Cisco 350-018 (CCIE Pre-Qualification Test for Security) test on your first attempt.

2021 Sep cisco 350-018 exam:

Q221. Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation? 

A. session token 

B. one-time password 

C. time stamps 

D. sequence number 

E. nonce 

Answer: D 


Q222. Which query type is required for an nslookup on an IPv6 addressed host? 

A. type=AAAA 

B. type=ANY 

C. type=PTR 

D. type=NAME-IPV6 

Answer: A 


Q223. When the RSA algorithm is used for signing a message from Alice to Bob, which statement best describes that operation? 

A. Alice signs the message with her private key, and Bob verifies that signature with Alice's public key. 

B. Alice signs the message with her public key, and Bob verifies that signature with Alice's private key. 

C. Alice signs the message with Bob's private key, and Bob verifies that signature with his public key. 

D. Alice signs the message with Bob's public key, and Bob verifies that signature with his private key. 

E. Alice signs the message with her public key, and Bob verifies that signature with his private key. 

F. Alice signs the message with her private key, and Bob verifies that signature with his public key. 

Answer: A 


Q224. Refer to the exhibit. 


It shows the format of an IPv6 Router Advertisement packet. If the Router Lifetime value is set to 0, what does that mean? 

A. The router that is sending the RA is not the default router. 

B. The router that is sending the RA is the default router. 

C. The router that is sending the RA will never power down. 

D. The router that is sending the RA is the NTP master. 

E. The router that is sending the RA is a certificate authority. 

F. The router that is sending the RA has its time synchronized to an NTP source. 

Answer: A 


Q225. Identify three IPv6 extension headers? (Choose three.) 

A. traffic class 

B. flow.label 

C. routing 

D. fragment 

E. encapsulating security.payload 

Answer: CDE 


2passeasy.com

Avant-garde ccie 350-018:

Q226. A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes 20 B of IP header, which statement is true? 

A. The first three packets will have a packet payload size of 1400. 

B. The last packet will have a payload size of 560. 

C. The first three packets will have a packet payload size of 1480. 

D. The last packet will have a payload size of 20. 

Answer: C 


Q227. Which statement applies to Flexible NetFlow? 

A. Flexible NetFlow uses seven key fields in IP datagrams to identify the flow. 

B. Flexible NetFlow uses key fields of IP datagram to identify fields from which data is captured. 

C. User-defined flows can be defined in Flexible NetFlow. 

D. Flexible NetFlow cannot be used for billing and accounting applications. 

E. Flexible NetFlow does not have any predefined records. 

Answer: C 


Q228. Which statement is true regarding Cisco ASA operations using software versions 8.3 and later? 

A. The global access list is matched first before the interface access lists. 

B. Both the interface and global access lists can be applied in the input or output direction. 

C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface will apply the access list entry globally. 

D. NAT control is enabled by default. 

E. The static CLI command is used to configure static NAT translation rules. 

Answer: A 


Q229. Which three statements regarding VLANs are true? (Choose three.) 

A. To create a new VLAN on a Cisco Catalyst switch, the VLAN name, VLAN ID and VLAN type must all be specifically configured by the administrator. 

B. A VLAN is a broadcast domain. 

C. Each VLAN must have an SVI configured on the Cisco Catalyst switch for it to be operational. 

D. The native VLAN is used for untagged traffic on an 802.1Q trunk. 

E. VLANs can be connected across wide-area networks. 

Answer: BDE 


Q230. What action does a RADIUS server take when it cannot authenticate the credentials of a user? 

A. An Access-Reject message is sent. 

B. An Access-Challenge message is sent, and the user is prompted to re-enter credentials. 

C. A Reject message is sent. 

D. A RADIUS start-stop message is sent via the accounting service to disconnect the session. 

Answer: A