Want to know Testking 350-018 Exam practice test features? Want to lear more about Cisco CCIE Pre-Qualification Test for Security certification experience? Study Real Cisco 350-018 answers to Rebirth 350-018 questions at Testking. Gat a success with an absolute guarantee to pass Cisco 350-018 (CCIE Pre-Qualification Test for Security) test on your first attempt.

2021 Oct cisco 350-018 vce:

Q11. Which three statements describe the security weaknesses of WEP? (Choose three.) 

A. Key strength is weak and non-standardized. 

B. The WEP ICV algorithm is not optimal for cryptographic integrity checking. 

C. There is no key distribution mechanism. 

D. Its key rotation mechanism is too predictable. 

E. For integrity, it uses MD5, which has known weaknesses. 

Answer: ABC 

Q12. Which three statements about GDOI are true? (Choose three.) 

A. GDOI uses TCP port 848. 

B. The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange. 

C. The KEK protects the GROUPKEY_PUSH message. 

D. The TEK is used to encrypt and decrypt data traffic. 

E. GDOI does not support PFS. 

Answer: BCD 

Q13. Which MPLS label is the signaled value to activate PHP (penultimate hop popping)? 

A. 0x00 

B. php 

C. swap 

D. push 

E. imp-null 


Q14. Which two statements about an authoritative server in a DNS system are true? (Choose two.) 

A. It indicates that it is authoritative for a name by setting the AA bit in responses. 

B. It has a direct connection to one of the root name servers. 

C. It has a ratio of exactly one authoritative name server per domain. 

D. It cannot cache or respond to queries from domains outside its authority. 

E. It has a ratio of at least one authoritative name server per domain. 

Answer: AE 

Q15. IPsec SAs can be applied as a security mechanism for which three options? (Choose three.) 

A. Send 

B. Mobile IPv6 

C. site-to-site virtual interfaces 

D. OSPFv3 



Answer: BCD 

Up to date cbt nuggets 350-018:

Q16. Refer to the exhibit. 

What type of attack is being mitigated on the Cisco ASA appliance? 

A. HTTPS certificate man-in-the-middle attack 

B. HTTP distributed denial of service attack 

C. HTTP Shockwave Flash exploit 

D. HTTP SQL injection attack 


Q17. Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.) 

A. Create the security zones and security zone pairs. 

B. Create the self zone. 

C. Create the default global inspection policy. 

D. Create the type inspect class maps and policy maps. 

E. Assign a security level to each security zone. 

F. Assign each router interface to a security zone. 

G. Apply a type inspect policy map to each zone pair. 

Answer: ADFG 

Q18. Which three statements about remotely triggered black hole filtering are true? (Choose three.) 

A. It filters undesirable traffic. 

B. It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks. 

C. It provides a rapid-response technique that can be used in handling security-related events and incidents. 

D. It requires uRPF. 

Answer: ACD 

Q19. Which statement is true about an SNMPv2 communication? 

A. The whole communication is not encrypted. 

B. Only the community field is encrypted. 

C. Only the query packets are encrypted. 

D. The whole communication is encrypted. 


Q20. Which of the following describes the DHCP "starvation" attack? 

A. Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons. 

B. Saturate the network with DHCP requests to prevent other network services from working. 

C. Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names. 

D. Send DHCP response packets for the purpose of overloading CAM tables.