New Updated Cisco CCIE Security 350-018 Real Exam Download 61-70



Refer to the exhibit. Which statement best describes the problem?


A.      Context vpn1 is not inservice.

B.      There is no gateway that is configured under context vpn1.

C.      The config has not been properly updated for context vpn1.

D.      The gateway that is configured under context vpn1 is not inservice.


Correct Answer: A




Which three statements are true about the transparent firewall mode in Cisco ASA? (Choose three.)


A.      The firewall is not a routed hop.

B.      The firewall can connect to the same Layer 3 network on its inside and outside interfaces.

C.      Static routes are supported.

D.      PAT and NAT are not supported.

E.       Only one global address per device is supported for management.

F.       SSL VPN is supported for management.


Correct Answer: ABC




Which three statements about Cisco IOS RRI are correct? (Choose three.)


A.      RRI is not supported with ipsec-profiles.

B.      Routes are created from ACL entries when they are applied to a static crypto map.

C.      Routes are created from source proxy IDs by the receiver with dynamic crypto maps.

D.      VRF-based routes are supported.

E.       RRI must be configured with DMVPN.


Correct Answer: BCD




Which of the following describes the DHCP “starvation” attack?


A.      Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.

B.      Saturate the network with DHCP requests to prevent other network services from working.

C.      Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names.

D.      Send DHCP response packets for the purpose of overloading CAM tables.

Correct Answer: A




Which Cisco technology protects against Spanning Tree Protocol manipulation?


A.      spanning-tree protection

B.      root guard and BPDU guard

C.      Unicast Reverse Path Forwarding

D.      MAC spoof guard

E.       port security


Correct Answer: B




Refer to the exhibit. Which two statements about this Cisco Catalyst switch configuration are correct? (Choose two.)


A.      The default gateway for VLAN 200 should be attached to the FastEthernet 5/1 interface.

B.      Hosts attached to the FastEthernet 5/1 interface can communicate only with hosts attached to the FastEthernet 5/4 interface.

C.      Hosts attached to the FastEthernet 5/2 interface can communicate with hosts attached to the FastEthernet 5/3 interface.

D.      Hosts attached to the FastEthernet 5/4 interface can communicate only with hosts attached to the FastEthernet 5/2 and FastEthernet 5/3 interfaces.

E.       Interface FastEthernet 5/1 is the community port.

F.       Interface FastEthernet 5/4 is the isolated port.


Correct Answer: BC




Which three configuration components are required to implement QoS policies on Cisco routers using MQC? (Choose three.)


A.      class-map

B.      global-policy

C.      policy-map

D.      service-policy

E.       inspect-map


Correct Answer: ACD




Which type of PVLAN ports can communicate among themselves and with the promiscuous port?


A.      isolated

B.      community

C.      primary

D.      secondary

E.       protected


Correct Answer: B




Which statement is true about the Cisco NEAT 802.1X feature?


A.      The multidomain authentication feature is not supported on the authenticator switch interface.

B.      It allows a Cisco Catalyst switch to act as a supplicant to another Cisco Catalyst authenticator switch.

C.      The supplicant switch uses CDP to send MAC address information of the connected host to the authenticator switch.

D.      It supports redundant links between the supplicant switch and the authenticator switch.


Correct Answer: B




Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?


A.      PKI

B.      TACACS+

C.      multi-auth host mode

D.      port security

E.       802.1x


Correct Answer: E


Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers



You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by