Tactics to cbt nuggets 350-018

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 350-018 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/350-018-dumps.html

Act now and download your Cisco 350-018 test today! Do not waste time for the worthless Cisco 350-018 tutorials. Download Most recent Cisco CCIE Pre-Qualification Test for Security exam with real questions and answers and begin to learn Cisco 350-018 with a classic professional.

2021 Jan 350-018 ccie security book:

Q131. Which three authentication methods does the Cisco IBNS Flexible Authentication feature support? (Choose three.) 

A. cut-through proxy 

B. dot1x 

C. MAB 

D. SSO 

E. web authentication 

Answer: BCE 

Q132. Which three features describe DTLS protocol? (Choose three.) 

A. DTLS handshake does not support reordering or manage loss packets. 

B. DTLS provides enhanced security, as compared to TLS. 

C. DTLS provides block cipher encryption and decryption services. 

D. DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery. 

E. DTLS is used by application layer protocols that use UDP as a transport mechanism. 

F. DTLS does not support replay detection. 

Answer: CDE 

Q133. Which three statements are true about the Cisco NAC Appliance solution? (Choose three.) 

A. In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server. 

B. In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco router using the "NAC discovery-host" global configuration command. 

C. In a VRF-style OOB deployment of the Cisco NAC Appliance, the discovery host may be the IP address that is on the trusted side of the Cisco NAC Appliance Server. 

D. In a Layer 3 IB deployment of the Cisco NAC Appliance, the discovery host may be configured as the IP address of the Cisco NAC Appliance Manager. 

Answer: ACD 

Q134. class-map nbar_rtp 

match protocol rtp payload-type "0, 1, 4 - 0x10, 10001b - 10010b, 64" 

The above NBAR configuration matches RTP traffic with which payload types? 

A. 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 64 

B. 0, 1, 4, 5, 6, 7, 8, 9, 10 

C. 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 64 

D. 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 64 

Answer: A 

Q135. Aggregate global IPv6 addresses begin with which bit pattern in the first 16-bit group? 

A. 000/3 

B. 001/3 

C. 010/2 

D. 011/2 

Answer: B 

Rebirth 350-018 security:

Q136. Which option correctly describes the security enhancement added for OSPFv3? 

A. The AuType field in OSPFv3 now supports the more secure SHA-1 and SHA-2 algorithms in addition to MD5. 

B. The AuType field is removed from the OSPFv3 header since simple password authentication is no longer an option. 

C. The Authentication field in OSPFv3 is increased from 64 bits to 128 bits to accommodate more secure authentication algorithms. 

D. Both the AuType and Authentication fields are removed from the OSPF header in OSPFv3, since now it relies on the IPv6 Authentication Header (AH) and IPv6 Encapsulating Security Payload (ESP) to provide integrity, authentication, and/or confidentiality.? 

E. The Authentication field is removed from the OSPF header in OSPFv3, because OSPFv3 must only run inside of an authenticated IPSec tunnel. 

Answer: D 

Q137. When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.) 

A. TKIP uses an advanced encryption scheme based on AES. 

B. TKIP provides authentication and integrity checking using CBC-MAC. 

C. TKIP provides per-packet keying and a rekeying mechanism. 

D. TKIP provides message integrity check. 

E. TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset. 

F. TKIP uses a 48-bit initialization vector. 

Answer: CDF 

Q138. Which statement is true about an NTP server? 

A. It answers using UTC time. 

B. It uses the local time of the server with its time zone indication. 

C. It uses the local time of the server and does not indicate its time zone. 

D. It answers using the time zone of the client. 

Answer: A 

Q139. Which two statements are correct regarding the AES encryption algorithm? (Choose two.) 

A. It is a FIPS-approved symmetric block cipher. 

B. It supports a block size of 128, 192, or 256 bits. 

C. It supports a variable length block size from 16 to 448 bits. 

D. It supports a cipher key size of 128, 192, or 256 bits. 

E. The AES encryption algorithm is based on the presumed difficulty of factoring large integers. 

Answer: AD 

Q140. Refer to the exhibit. 

Which route will be advertised by the Cisco ASA to its OSPF neighbors? 

A. 10.39.23.0/24 

B. 10.40.29.0/24 

C. 10.66.42.215/32 

D. 10.40.29.0/24 

Answer: A