Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.
2016 Jun 350-018 Study Guide Questions:
Q101. Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?
A. SNMP
B. TACACS+
C. RADIUS
D. EAP over LAN
E. PPPoE
Answer: D
Q102. A router has four interfaces addressed as 10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, and 10.1.4.1/24. What is the smallest summary route that can be advertised covering these four subnets?
A. 10.1.2.0/22
B. 10.1.0.0/22
C. 10.1.0.0/21
D. 10.1.0.0/16
Answer: C
Q103. When is the supplicant considered to be clientless?
A. when the authentication server does not have credentials to authenticate.
B. when the authenticator is missing the dot1x guest VLAN under the port with which the supplicant is connected.
C. when the supplicant fails EAP-MD5 challenge with the authentication server.
D. when the supplicant fails to respond to EAPOL messages from the authenticator.
E. when the authenticator is missing the reauthentication timeout configuration under the port with which the supplicant is connected.
Answer: D
Most recent cisco 350-018 exam:
Q104. As defined by Cisco TrustSec, which EAP method is used for Network Device Admission Control authentication?
A. EAP-FAST
B. EAP-TLS
C. PEAP
D. LEAP
Answer: A
Q105. Which three security features were introduced with the SNMPv3 protocol? (Choose three.)
A. Message integrity, which ensures that a packet has not been tampered with in-transit
B. DoS prevention, which ensures that the device cannot be impacted by SNMP buffer overflow
C. Authentication, which ensures that the message is from a valid source
D. Authorization, which allows access to certain data sections for certain authorized users
E. Digital certificates, which ensure nonrepudiation of authentications
F. Encryption of the packet to prevent it from being seen by an unauthorized source
Answer: ACF
Q106. Which two ISE Probes would be required to distinguish accurately the difference between an iPad and a MacBook Pro? (Choose two.)
A. DHCP or DHCPSPAN
B. SNMPTRAP
C. SNMPQUERY
D. NESSUS
E. HTTP
F. DHCP TRAP
Answer: AE
Certified ccie written exam 350-018 exam collection:
Q107. Which three statements about VXLANs are true? (Choose three.)
A. It requires that IP protocol 8472 be opened to allow traffic through a firewall.
B. Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
C. A VXLAN gateway maps VXLAN IDs to VLAN IDs.
D. IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
E. A VXLAN ID is a 32-bit value.
Answer: BCD
Q108. How are the username and password transmitted if a basic HTTP authentication is used?
A. Base64 encoded username and password
B. MD5 hash of the combined username and password
C. username in cleartext and MD5 hash of the password
D. cleartext username and password
Answer: A
Q109. crypto isakmp profile vpn1
vrf vpn1
keyring vpn1
match identity address 172.16.1.1 255.255.255.255
crypto map crypmap 1 ipsec-isakmp
set peer 172.16.1.1
set transform-set vpn1
set isakmp-profile vpn1
match address 101
!
interface Ethernet1/2
crypto map crypmap
Which statements apply to the above configuration? (Choose two.)
A. This configuration shows the VRF-Aware IPsec feature that is used to map the crypto ISAKMP profile to a specific VRF.
B. VRF and ISAKMP profiles are mutually exclusive, so the configuration is invalid.
C. An IPsec tunnel can be mapped to a VRF instance.
D. Peer command under the crypto map is redundant and not required.
Answer: AC
Q110. Refer to the exhibit.
What is this configuration designed to prevent?
A. Man in the Middle Attacks
B. DNS Inspection
C. Backdoor control channels for infected hosts
D. Dynamic payload inspection
Answer: C
see more 350-018 dumps