Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.

2021 Sep 350-018 topics:

Q131. An IPv6 multicast receiver joins an IPv6 multicast group using which mechanism? 

A. IGMPv3 report 

B. IGMPv3 join 

C. MLD report 

D. general query 

E. PIM join 

Answer: C 


Q132. Which two statements about SNMP are true? (Choose two) 

A. SNMP operates at Layer-6 of the OSI model. 

B. NMS sends a request to the agent at TCP port 161. 

C. NMS sends request to the agent from any source port. 

D. NMS receives notifications from the agent on UDP 162. 

E. MIB is a hierarchical representation of management data on NMS. 

Answer: CD 


Q133. If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next? 

A. drop the packet 

B. check the outside interface inbound ACL to determine if the packet is permitted or denied 

C. perform NAT operations on the packet if required 

D. check the MPF policy to determine if the packet should be passed to the SSM 

E. perform stateful packet inspection based on the MPF policy 

Answer: B 


Q134. MACsec, which is defined in 802.1AE, provides MAC-layer encryption over wired networks. Which two statements about MACsec are true? (Choose two.) 

A. Only links between network access devices and endpoint devices can be secured by using MACsec. 

B. MACsec is designed to support communications between network devices only. 

C. MACsec manages the encryption keys that the MKA protocol uses. 

D. A switch that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy that is associated with the client. 

Answer: AD 


Q135. crypto isakmp profile vpn1 

vrf vpn1 

keyring vpn1 

match identity address 172.16.1.1 255.255.255.255 

crypto map crypmap 1 ipsec-isakmp 

set peer 172.16.1.1 

set transform-set vpn1 

set isakmp-profile vpn1 

match address 101 

interface Ethernet1/2 

crypto map crypmap 

Which statements apply to the above configuration? (Choose two.) 

A. This configuration shows the VRF-Aware IPsec feature that is used to map the crypto ISAKMP profile to a specific VRF. 

B. VRF and ISAKMP profiles are mutually exclusive, so the configuration is invalid. 

C. An IPsec tunnel can be mapped to a VRF instance. 

D. Peer command under the crypto map is redundant and not required. 

Answer: AC 


350-018  exam cost

Leading cisco 350-018 vce:

Q136. Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.) 

A. PEAP 

B. EAP-TLS 

C. EAP-FAST 

D. EAP-TTLS 

E. EAPOL 

F. EAP-RADIUS 

G. EAP-MD5 

Answer: ABCD 


Q137. Which statement about the SYN flood attack is true? 

A. The SYN flood attack is always directed from valid address. 

B. The SYN flood attack target is to deplete server memory so that legitimate request cannot be served. 

C. The SYN flood attack is meant to completely deplete the TCB SYN-Received state backlog. 

D. The SYN flood attack can be launched for both UDP and TCP open ports on the server. 

E. SYN-Received state backlog for TCBs is meant to protect server CPU cycles. 

Answer: C 


Q138. The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration. 

A. policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0 drop log 

B. policy-map type inspect icmpv6 ICMPv6_PMAP match header routing-type eq 0 drop log C. policy-map type inspect ipv6-header HEADER_PMAP match header routing-type eq 0 drop log 

D. policy-map type inspect http HEADER_PMAP match routing-header 0 drop log 

E. policy-map type inspect ipv6 IPv6_PMAP match header type 0 drop log 

F. policy-map type inspect ipv6-header HEADER_PMAP match header type 0 drop log 

Answer: A 


Q139. Which three statements about the IANA are true? (Choose three.) 

A. IANA is a department that is operated by the IETF. 

B. IANA oversees global IP address allocation. 

C. IANA managed the root zone in the DNS. 

D. IANA is administered by the ICANN. 

E. IANA defines URI schemes for use on the Internet. 

Answer: BCD 


Q140. Which three configuration tasks are required for VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco ASA?? (Choose three.) 

A. The redirect-fqdn command must be entered under the vpn load-balancing sub-configuration. 

B. Each ASA in the VPN cluster must be able to resolve the IP of all DNS hostnames that are used in the cluster?. 

C. The identification and CA certificates for the master FQDN hostname must be imported into each VPN cluster-member device?. 

D. The remote-access IP pools must be configured the same on each VPN cluster-member interface. 

Answer: ABC