★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.
2016 Apr 350-018 Study Guide Questions:
Q253. Which three statements about IKEv2 are correct? (Choose three.)
A. INITIAL_CONTACT is used to synchronize state between peers.
B. The IKEv2 standard defines a method for fragmenting large messages.
C. The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.
D. Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.
E. NAT-T is not supported.
F. Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.
Q254. A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue?
A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.
B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client.
C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.
D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.
E. The Cisco Easy VPN client machine needs to have multiple NICs to support this.
Q255. Which three object tracking options are supported by Cisco IOS policy-based routing? (Choose three.)
A. absence of an entry in the routing table
B. existence of a CDP neighbor relationship
C. existence of an entry in the routing table
D. results of an SAA operation
E. state of the line protocol of an interface
Q256. Refer to the exhibit.
Identify the behavior of the ACL if it is applied inbound on E0/0.
A. The ACL will drop both initial and noninitial fragments for port 80 only.
B. The ACL will pass both initial and non-initial fragments for port 80 only.
C. The ACL will pass the initial fragment for port 80 but drop the noninitial fragment for any port.
D. The ACL will drop the initial fragment for port 80 but pass the noninitial fragment for any port.
Q257. Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)
A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.
B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.
C. Infrastructure ACLs are used to block-permit the transit traffic.
D. Infrastructure ACLs only protect device physical management interface.
Q258. Which configuration is the correct way to change a GET VPN Key Encryption Key lifetime to 10800 seconds on the key server?
A. crypto isakmp policy 1 lifetime 10800
B. crypto ipsec security-association lifetime? seconds 10800
C. crypto ipsec profile getvpn-profile set security-association lifetime seconds 10800 ! crypto gdoi group GET-Group identity number 1234 server local sa ipsec 1 profile getvpn-profile
D. ?crypto gdoi group GET-Group identity number 1234 server local rekey lifetime seconds 10800
E. crypto gdoi group GET-Group identity number 1234 server local set security-association lifetime seconds 10800
Q259. Which two statements about ASA transparent mode are true? (Choose two.)
A. Transparent mose acts as a Layer-3 firewall.
B. The inside and outside interface must be in a different subnet.
C. IP traffic will not pass unless it is.permitted by an access-list.
D. ARP traffic is dropped unless it is permitted.
E. A configured route applies only to the.traffic that is originated by the ASA.
F. In multiple context mode, all contexts need to be in transparent mode.
Improve 350-018 exam answers:
Q260. A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes 20 B of IP header, which statement is true?
A. The first three packets will have a packet payload size of 1400.
B. The last packet will have a payload size of 560.
C. The first three packets will have a packet payload size of 1480.
D. The last packet will have a payload size of 20.
Q261. When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.)
A. TKIP uses an advanced encryption scheme based on AES.
B. TKIP provides authentication and integrity checking using CBC-MAC.
C. TKIP provides per-packet keying and a rekeying mechanism.
D. TKIP provides message integrity check.
E. TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset.
F. TKIP uses a 48-bit initialization vector.
Q262. Beacons, probe request, and association request frames are associated with which category?
Q263. Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)
Q264. Refer to the exhibit.
It shows the format of an IPv6 Router Advertisement packet. If the Router Lifetime value is set to 0, what does that mean?
A. The router that is sending the RA is not the default router.
B. The router that is sending the RA is the default router.
C. The router that is sending the RA will never power down.
D. The router that is sending the RA is the NTP master.
E. The router that is sending the RA is a certificate authority.
F. The router that is sending the RA has its time synchronized to an NTP source.
Q265. Refer to the exhibit.
What is the cause of the issue that is reported in this debug output?
A. The identity of the peer is not acceptable.
B. There is an esp transform mismatch.
C. There are mismatched ACLs on remote and local peers.
D. The SA lifetimes are set to 0.
Q266. Refer to the exhibit.
Which two statements correctly describe the debug output that is shown in the exhibit? (Choose two.)
A. The request is from NHS to NNC.
B. The request is from NHC to NHS.
C. 188.8.131.52 is the local non-routable address.
D. 192.168.10.2 is the remote NBMA address.
E. 192.168.10.1 is the local VPN address.
F. This debug output represents a failed NHRP request.
Certified 350-018 resource:
Q267. Which two pieces of information are communicated by the ASA failover link? (Choose two.)
A. unit state
B. connections State
C. routing tables
D. power status
E. MAC address exchange
Q268. Which IPV4 header field increments every time when packet is sent from a source to a destination?
B. Fragment Offset
D. Time To Live
Q269. crypto gdoi group gdoi_group identity number 1234 server local sa receive-only sa ipsec 1 profile gdoi-p match address ipv4 120
Which statement about the above configuration is true?
A. The key server instructs the DMVPN spoke to install SAs outbound only.
B. The key server instructs the GDOI group to install SAs inbound only.
C. The key server instructs the DMVPN hub to install SAs outbound only.
D. The key server instructs the GDOI spoke to install SAs inbound only.
Q270. Which four protocols are supported by Cisco IOS Management Plane Protection? (Choose four.)
A. Blocks Extensible Exchange Protocol (BEEP)
B. Hypertext Transfer Protocol Secure (HTTPS)
C. Secure Copy Protocol (SCP)
D. Secure File Transfer Protocol (SFTP)
E. Secure Shell (SSH)
F. Simple Network Management Protocol (SNMP)
Q271. Which statement is true about IKEv2 and IKEv1?
A. IKEv2 can be configured to use EAP, but IKEv1 cannot.
B. IKEv2 can be configured to use AES encryption, but IKEv1 cannot.
C. IKEv2 can be configured to interoperate with IKEv1 on the other end.
D. IKEv2 consumes more bandwidth than IKEv1.
Q272. Which protocol is superseded by AES?
Q273. Which three statements correctly describe the purpose and operation of IPv6 RS and RA messages? (Choose three.)
A. Both IPv6 RS and RA packets are ICMPv6 messages.
B. IPv6 RA messages can help host devices perform stateful or stateless address autoconfiguration; RS messages are sent by hosts to determine the addresses of routers.
C. RS and RA packets are always sent to an all-nodes multicast address.
D. RS and RA packets are used by the duplicate address detection function of IPv6.
E. IPv6 hosts learn connected router information from RA messages which may be sent in response to an RS message.
F. RS and RA packets are used for IPv6 nodes to perform address resolution that is similar to ARP in IPv4.