Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.

2021 Dec 350-018 questions & answers:

Q1. Which encryption mechanism is used in WEP? 

A. RC4 

B. RC5 




Q2. Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.) 

A. The firewall is not a routed hop. 

B. The firewall can connect to the same Layer 3 network on its inside and outside interfaces. 

C. Static routes are supported. 

D. PAT and NAT are not supported. 

E. Only one global address per device is supported for management. 

F. SSL VPN is supported for management. 

Answer: ABC 

Q3. error: % Invalid input detected at '^' marker. 

Above error is received when generating RSA keys for SSH access on a router using the crypto key generate rsa command. What are the reasons for this error? (Choose two.) 

A. The hostname must be configured before generating RSA keys. 

B. The image that is used on the router does not support the crypto key generate rsa command. 

C. The command has been used with incorrect syntax. 

D. The crypto key generate rsa command is used to configure SSHv2, which is not supported on Cisco IOS devices. 

Answer: BC 

Q4. Which two certificate enrollment methods can be completed without an RA and require no direct connection to a CA by the end entity? (Choose two.) 



C. manual cut and paste 

D. enrollment profile with direct HTTP 

E. PKCS#12 import/export 

Answer: CE 

Q5. Which option represents IPv6 address ff02::1? 

A. PIM routers. 

B. RIP routers. 

C. all nodes on the local network. 

D. NTP. 


Abreast of the times 350-018 study guide:

Q6. Which transport method is used by the IEEE 802.1X protocol? 

A. EAPOL frames 

B. 802.3 frames 

C. UDP RADIUS datagrams 

D. PPPoE frames 


Q7. Which statement about Storm Control implementation on a switch is true? 

A. Storm Control does not prevent disruption due to unicast traffic. 

B. Storm Control is implemented as a global configuration. 

C. Storm Control uses the bandwidth and rate at which a packet is received to measure the activity. 

D. Storm Control uses the bandwidth and rate at which a packet is dispatched to measure the activity. 

E. Storm Control is enabled by default. 


Q8. Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly? 

A. dynamic-filter inspect tcp/80 

B. dynamic-filter whitelist 

C. inspect botnet 

D. inspect dns dynamic-filter-snoop 


Q9. Refer to the exhibit. 

Which three statements about the Cisco ASDM screen seen in the exhibit are true? (Choose three.) 

A. This access rule is applied to all the ASA interfaces in the inbound direction. 

B. The ASA administrator needs to expand the More Options tag to configure the inbound or outbound direction of the access rule. 

C. The ASA administrator needs to expand the More Options tag to apply the access rule to an interface. 

D. The resulting ASA CLI command from this ASDM configuration is access-list global_access line 1 extended permit ip host host 

E. This access rule is valid only on the ASA appliance that is running software release 8.3 or later. 

F. This is an outbound access rule. 

Answer: ADE 

Q10. Which two statements about the DH group are true? (Choose two.) 

A. The DH group is used to provide data authentication. 

B. The DH group is negotiated in IPsec phase-1. 

C. The DH group is used to provide data confidentiality. 

D. The DH group is used to establish a shared key over an unsecured medium. 

E. The DH group is negotiated in IPsec phase-2. 

Answer: BD