New Updated Cisco CCIE Security 350-018 Real Exam Download 11-20



Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.)


A.      static NAT

B.      dynamic NAT

C.      dynamic NAT with overloading

D.      PAT

E.       VAT


Correct Answer: CD




Which authentication mechanism is available to OSPFv3?


A.      simple passwords

B.      MD5

C.      null

D.      IKEv2

E.       IPsec AH/ESP


Correct Answer: E




Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)


A.      manually configured

B.      automatic 6to4

C.      ISATAP

D.      GRE


Correct Answer: AD




Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)


A.      update

B.      query

C.      reply

D.      hello

E.       acknowledgement


Correct Answer: DE




Before BGP update messages may be sent, a neighbor must stabilize into which neighbor state?


A.      Active

B.      Idle

C.      Connected

D.      Established


Correct Answer: D




Which three statements are correct when comparing Mobile IPv6 and Mobile IPv4 support? (Choose three.)


A.      Mobile IPv6 does not require a foreign agent, but Mobile IPv4 does.

B.      Mobile IPv6 supports route optimization as a fundamental part of the protocol; IPv4 requires extensions.

C.      Mobile IPv6 and Mobile IPv4 use a directed broadcast approach for home agent address discovery.

D.      Mobile IPv6 makes use of its own routing header; Mobile IPv4 uses only IP encapsulation.

E.       Mobile IPv6 and Mobile IPv4 use ARP for neighbor discovery.

F.       Mobile IPv4 has adopted the use of IPv6 ND.


Correct Answer: ABD




Refer to the exhibit. Which message could contain an authenticated initial_contact notify during IKE main mode negotiation?



A.      message 3

B.      message 5

C.      message 1

D.      none, initial_contact is sent only during quick mode

E.       none, notify messages are sent only as independent message types


Correct Answer: B




Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?


A.      SNMP

B.      TACACS+

C.      RADIUS

D.      EAP over LAN

E.       PPPoE


Correct Answer: D




Which two statements are correct regarding the AES encryption algorithm? (Choose two.)


A.      It is a FIPS-approved symmetric block cipher.

B.      It supports a block size of 128, 192, or 256 bits.

C.      It supports a variable length block size from 16 to 448 bits.

D.      It supports a cipher key size of 128, 192, or 256 bits.

E.       The AES encryption algorithm is based on the presumed difficulty of factoring large integers.


Correct Answer: AD




What are two benefits of using IKEv2 instead of IKEv1 when deploying remote-access IPsec VPNs? (Choose two.)


A.      IKEv2 supports EAP authentication methods as part of the protocol.

B.      IKEv2 inherently supports NAT traversal.

C.      IKEv2 messages use random message IDs.

D.      The IKEv2 SA plus the IPsec SA can be established in six messages instead of nine messages.

E.       All IKEv2 messages are encryption-protected.


Correct Answer: AB


Download Latest Cisco CCIE Security 350-018 Real Free Tests ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers


You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by