★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 350-018 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/350-018-dumps.html
Act now and download your Cisco 350-018 test today! Do not waste time for the worthless Cisco 350-018 tutorials. Download Renewal Cisco CCIE Pre-Qualification Test for Security exam with real questions and answers and begin to learn Cisco 350-018 with a classic professional.
2021 Oct cbt nuggets 350-018:
Q221. In order to implement CGA on a Cisco IOS router for SeND, which three configuration steps are required? (Choose three.)
A. Generate an RSA key pair.
B. Define a site-wide pre-shared key.
C. Define a hash algorithm that is used to generate the CGA.
D. Generate the CGA modifier.
E. Assign a CGA link-local or globally unique address to the interface.
F. Define an encryption algorithm that is used to generate the CGA.
Answer: ADE
Q222. Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.)
A. It prevents rogue APs from being wired into the network.
B. It provides encryption capability of data traffic between APs and controllers.
C. It prevents rogue clients from accessing the wired network.
D. It ensures that 802.1x requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place.
Answer: AD
Q223. Which ICMP message could be used with traceroute to map network topology?
A. Echo Reply
B. Redirect
C. Time Exceeded
D. Echo
E. Router Selection
F. Address Mask Request
Answer: C
Q224. Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN configuration that only affect the local switch and are not propagated to other switches in the VTP domain?
A. transparent
B. server
C. client
D. local
E. pass-through
Answer: A
Q225. Which Category to Protocol mapping for NBAR is correct?
A. Category: Enterprise Applications Protocol: Citrix ICA, PCAnywhere, SAP, IMAP
B. Category: Internet Protocol: FTP, HTTP, TFTP
C. Category: Network Management Protocol: ICMP, SNMP, SSH, Telnet
D. Category: Network Mail Services
Protocol: MAPI, POP3, SMTP
Answer: B
Update ccie written exam 350-018 exam collection:
Q226. Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)
A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.
B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.
C. Infrastructure ACLs are used to block-permit the transit traffic.
D. Infrastructure ACLs only protect device physical management interface.
Answer: BD
Q227. Which statement is true about the TFTP protocol?
A. The client is unable to get a directory listing from the server.
B. The client is unable to create a new file on a server.
C. The client needs to log in with a username and password.
D. The client needs to log in using "anonymous" as a username and specifying an email address as a password.
Answer: A
Q228. Which three types of information could be used during the incident response investigation phase? (Choose three.)
A. netflow data
B. SNMP alerts
C. encryption policy
D. syslog output
E. IT compliance reports
Answer: ABD
Q229. Which three statements about GDOI are true? (Choose three.)
A. GDOI uses TCP port 848.
B. The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange.
C. The KEK protects the GROUPKEY_PUSH message.
D. The TEK is used to encrypt and decrypt data traffic.
E. GDOI does not support PFS.
Answer: BCD
Q230. Which two statements about SNMP are true? (Choose two)
A. SNMP operates at Layer-6 of the OSI model.
B. NMS sends a request to the agent at TCP port 161.
C. NMS sends request to the agent from any source port.
D. NMS receives notifications from the agent on UDP 162.
E. MIB is a hierarchical representation of management data on NMS.
Answer: CD