Realistic of 350-018 exam topics materials and free demo for Cisco certification for IT candidates, Real Success Guaranteed with Updated 350-018 pdf dumps vce Materials. 100% PASS CCIE Pre-Qualification Test for Security exam Today!
2016 Jun 350-018 Study Guide Questions:
Q169. During the establishment of an Easy VPN tunnel, when is XAUTH performed?
A. at the end of IKEv1 Phase 2
B. at the beginning of IKEv1 Phase 1
C. at the end of Phase 1 and before Phase 2 starts in IKEv1 and IKEv2
D. at the end of Phase 1 and before Phase 2 starts in IKEv1
Q170. Refer to the exhibit.
Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)
A. The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.
B. Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.
C. Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.
D. Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.
E. Interface FastEthernet 5/1 is the community port.
F. Interface FastEthernet 5/4 is the isolated port.
Q171. Refer to the exhibit.
What is the reason for the failure of the DMVPN session between R1 and R2?
A. tunnel mode mismatch
B. IPsec phase-1 configuration is missing peer address on R2
C. IPsec phase-1 policy mismatch
D. IPsec phase-2 policy mismatch
E. incorrect tunnel source interface on R1
Q172. Refer to the exhibit.
What is this configuration designed to prevent?
A. Man in the Middle Attacks
B. DNS Inspection
C. Backdoor control channels for infected hosts
D. Dynamic payload inspection
Q173. Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.)
A. static NAT
B. dynamic NAT
C. dynamic NAT with overloading
Q174. Which two statements about RFC 2827 are true? (Choose two.)
A. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.
B. A corresponding practice is documented by the IEFT in BCP 38.
C. RFC 2827 defines ingress packet filtering for the multihomed network.
D. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.
E. A corresponding practice is documented by the IEFT in BCP 84.
Q175. A network administrator uses a LAN analyzer to troubleshoot OSPF router exchange messages sent to all OSPF routers. To which one of these MAC addresses are these messages sent?
Up to date ccie security written 350-018:
Q176. Refer to the exhibit of an ISAKMP debug.
Which message of the exchange is failing?
A. main mode 1
B. main mode 3
C. aggressive mode 1
D. main mode 5
E. aggressive mode 2
Q177. Which three statements are true about MACsec? (Choose three.)
A. It supports GCM modes of AES and 3DES.
B. It is defined under IEEE 802.1AE.
C. It provides hop-by-hop encryption at Layer 2.
D. MACsec expects a strict order of frames to prevent anti-replay.
E. MKA is used for session and encryption key management.
F. It uses EAP PACs to distribute encryption keys.
Q178. Which three LSA types are used by OSPFv3? (Choose three.)
A. Link LSA
B. Intra-Area Prefix LSA
C. Interarea-prefix LSA for ASBRs
D. Autonomous system external LSA
E. Internetwork LSA
Q179. Which ICMP message could be used with traceroute to map network topology?
A. Echo Reply
C. Time Exceeded
E. Router Selection
F. Address Mask Request
Q180. What is the size of a point-to-point GRE header, and what is the protocol number at the IP layer?
A. 8 bytes, and protocol number 74
B. 4 bytes, and protocol number 47
C. 2 bytes, and protocol number 71
D. 24 bytes, and protocol number 1
E. 8 bytes, and protocol number 47
Q181. Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation?
A. session token
B. one-time password
C. time stamps
D. sequence number
Q182. An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?
A. NAT overload
B. NAT extendable
C. NAT TCP load balancing
D. NAT service-type DNS
E. NAT port-to-application mapping
Accurate 350-018 dumps download:
Q183. Which ICMP message type code indicates fragment reassembly time exceeded?
A. Type 4, Code 0
B. Type 11, Code 0
C. Type 11, Code 1
D. Type 12, Code 2
Q184. Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?
A. ! ipv6 access-list test deny ipv6 FF05::/16 any deny ipv6 any FF05::/16 ! output omitted permit ipv6 any any !
B. ! ipv6 access-list test permit ipv6 any FF05::/16 ! output omitted deny ipv6 any any !
C. ! ipv6 access-list test deny ipv6 any any eq dns deny ipv6 any any eq dhcp ! output omitted permit ipv6 any any !
D. ! ipv6 access-list test deny ipv6 any 2000::/3 ! output omitted permit ipv6 any any !
E. ! ipv6 access-list test deny ipv6 any FE80::/10 ! output omitted permit ipv6 any any !
Q185. Refer to the exhibit.
Which two statements correctly describe the debug output that is shown in the exhibit? (Choose two.)
A. The request is from NHS to NNC.
B. The request is from NHC to NHS.
C. 220.127.116.11 is the local non-routable address.
D. 192.168.10.2 is the remote NBMA address.
E. 192.168.10.1 is the local VPN address.
F. This debug output represents a failed NHRP request.
Q186. Which three statements about VXLANs are true? (Choose three.)
A. It requires that IP protocol 8472 be opened to allow traffic through a firewall.
B. Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
C. A VXLAN gateway maps VXLAN IDs to VLAN IDs.
D. IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
E. A VXLAN ID is a 32-bit value.
Q187. Which protocol provides the same functions in IPv6 that IGMP provides in IPv4 networks?
Q188. Refer to the exhibit.
According to this DHCP packet header, which field is populated by a DHCP relay agent with its own IP address before the DHCPDISCOVER message is forwarded to the DHCP server?
Q189. If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)
A. Configure the Call Station ID Type to be: "IP Address".
B. Configure the Call Station ID Type to be: "System MAC Address".
C. Configure the Call Station ID Type to be: "MAC and IP Address".
D. Enable DHCP Proxy.
E. Disable DHCP Proxy.
see more CCIE Pre-Qualification Test for Security