What’s the secret of easily passing new 350-018 exam? PassLeader have been updated the 350-018 617q exam dumps with the newest exam questions. We offer the latest 350-018 617q PDF dumps and VCE dumps with New Version VCE Player for free download to ensure your 350-018 exam pass. Now visit www.passleader.com and get the 100 percent pass ensure 350-018 617q braindump!
keywords: 350-018 exam,350-018 exam dumps,350-018 617q exam questions,350-018 617q pdf dumps,350-018 vce dumps,350-018 617q braindump,CCIE Security Written Exam, v4.0
NEW QUESTION 1
Which two items are required for LDAP authenticated bind operations? (Choose two.)
A. Root DN
NEW QUESTION 2
Which of the following two options can you configure to avoid iBGP full mesh? (Choose two.)
A. Route reflectors
C. BGP NHT
D. Local preference
E. Virtual peering
NEW QUESTION 3
Which three authentication types does OSPF support? (Choose three.)
NEW QUESTION 4
Which three steps are required to rekey the routers on a link without dropping OSPFv3 protocol packets or disturbing the adjacency? (Choose three.)
A. For every router on the link, create an additional inbound SA for the interface that is being rekeyed using a new SPI and the new key.
B. For every router on the link, replace the original outbound SA with one that uses the new SPI and key values.
C. For every router on the link, remove the original inbound SA.
D. For every router on the link, create an additional outbound SA for the interface that is being rekeyed using a new SPI and the new key.
E. For every router on the link, replace the original inbound SA with one that uses the new SPI and key values.
F. For every router on the link, remove the original outbound SA.
NEW QUESTION 5
Which BGP configuration forces the session to tear down when the learned routes from the neighbor exceed 10?
A. neighbor 10.0.0.1 maximum-prefix 10 80 warning-only
B. neighbor 10.0.0.1 maximum-prefix 10 80
C. neighbor 10.0.0.1 maximum-prefix 80 10 warning-only
D. neighbor 10.0.0.1 maximum-prefix 80 10
NEW QUESTION 6
Which command can be used on a Cisco IOS device to prevent it from being used as an amplifier in a fraggle attack?
A. no service tcp-small-servers
B. no service udp-small-servers
C. no ip directed-broadcast
D. no ip redirects
NEW QUESTION 7
Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation using tunnel protection?
A. Session token
B. One-time password
C. Time stamps
D. Sequence number
A. A NAT/PAT device is translating the local VPN endpoint.
B. A NAT/PAT device is translating the remote VPN endpoint.
C. A NAT/PAT device exists in the path between VPN endpoints.
D. No NAT/PAT device exists in the path between VPN endpoints.
NEW QUESTION 9
Interface tunnel 1
ip address 10.1.1.1 255.255.255.252
ip mtu 1400
Tunnel source 172.16.1.1
Tunnel destination 172.16.1.2
Tunnel key 1111
Based on the above configuration, if the input packet size is 1300 bytes, what is the size of the packet leaves the tunnel after encapsulation?
NEW QUESTION 10
You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?
A. ipv6 port-map port telnet 223
B. ipv6 port-map port 23 port 23223
C. ipv6 port-map telnet port 23 233
D. ipv6 port-map telnet port 223
NEW QUESTION 11
At the end of the Cisco TrustSec authentication process, which three pieces of information do both authenticator and supplicant know? (Choose three.)
A. Peer device ID
B. Peer Cisco TrustSec capability information
C. SAP key
D. Server device ID
E. Service ID
F. Server peers information
NEW QUESTION 12
You are preparing Control Plane Protection configurations for implementation on the router, which has the EBGP peering address 188.8.131.52. Which ACL statement can you use to classify the related traffic into the EBGP traffic compartment?
A. permit tcp host 184.108.40.206 gt 1024 host 220.127.116.11 eq bgp
permit tcp host 18.104.22.168 eq bgp host 22.214.171.124 gt 1024
B. permit tcp host 126.96.36.199 gt 1024 host 188.8.131.52 eq bgp
permit tcp host 184.108.40.206 eq bgp host 220.127.116.11 gt 1024
C. permit tcp host 10.1.1.1 gt 1024 host 10.1.1.2 eq bgp
permit tcp host 10.1.1.1 eq bgp host 10.1.1.2 gt
D. permit tcp host 18.104.22.168 gt 1024 host 22.214.171.124 eq bgp
permit tcp host 126.96.36.199 eq bgp host 188.8.131.52 gt 1024
NEW QUESTION 13
Which command enables fast-switched PBR?
A. Router(config-if)# ip route-cache policy
B. Router(config-if)# ip policy route-map map-tag
C. Router(config-if)# no ip route-cache policy
D. Router(config-if)# no ip policy route-map map-tag
NEW QUESTION 14
Which of these configurations shows how to configure MPP when only SSH, SNMP, and HTTP are allowed to access the router through the Gigabit Ethernet 0/3 interface and only HTTP is allowed to access the router through the Gigabit Ethernet 0/2 interface?
A. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh snmp Router(config- cp-host)# management-interface GigabitEthernet 0/2 allow http
B. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh tftp snmp Router (config-cp-host)# management-interface GigabitEthernet 0/2 allow http
C. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh snmp Router(config- cp-host)# management-interface GigabitEthernet 0/2 allow http ssh
D. Router(config-cp-host)# management-interface GigabitEthernet 0/3 http ssh snmp Router(config-cp- host)# management-interface GigabitEthernet 0/2 http
NEW QUESTION 15
Which three actions are advisable when implementing desktop security? (Choose three.)
A. Installing and maintaining anti-virus/anti-malware software
B. Educating users on the danger of opening files and attachments from un-trusted sources
C. Statically defining user password based on information like employee ID number to reduce incidence of forgotten passwords
D. Configuring multiple local network DHCP servers
E. Staying up to date with operating system patches and updates
F. Configuring client firewalls to automatically disable during business hours as not to impact production traffic and applications
NEW QUESTION 16
Why do you use a disk-image backup to perform forensic investigations?
A. The backup timestamps the files with the date and time during copy operations.
B. The backup creates a bit-level copy of the entire disk.
C. The backup includes areas that are used for the data store.
D. This is a secure way to perform a file copy.
NEW QUESTION 17
Which series of steps illustrates the correct flow for incident management?
A. Identify, log, categorize, prioritize, initial diagnosis, escalate, investigate and diagnose, resolve and recover, close
B. Categorize, log, identify, prioritize, initial diagnosis, escalate, investigate and diagnose, resolve and recover, close
C. Identify, log, categorize, prioritize, initial diagnosis, investigate and diagnose, escalate, resolve and recover, close
D. Identify, categorize, prioritize, log, initial diagnosis, escalate, investigate and diagnose, resolve and recover, close
NEW QUESTION 18
Of which IPS application is Event Action Rule a component?
NEW QUESTION 19
Which statement about the DH group is true?
A. It does not provide data authentication.
B. It provides data confidentiality.
C. It establishes a shared key over a secured medium.
D. It is negotiated in IPsec phase 2.
A. The message is observed on the NHS.
B. The remote VPN address is 184.108.40.206
C. The local non-routable address is 220.127.116.11
D. The remote routable address 18.104.22.168
E. The NHRP hold time is 3 hours.
F. The message is observed on the NHC.
NEW QUESTION 21
Which two statements about ASA transparent mode are true? (Choose two.)
A. It requires the inside and outside interface to be in different subnets.
B. It cannot pass multicast traffic.
C. It can pass IPv6 traffic.
D. It supports ARP inspection.
E. It drops ARP traffic unless it is permitted.
F. It does not support NAT.
NEW QUESTION 22
Which statement about Cisco ASA operations using software versions 8.3 and later is true?
A. The interface access list is matched first before the global access lists.
B. The interface and global access lists both can be applied in the input or output direction.
C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing “global” as the interface applies the access list entry globally.
D. NAT control is enabled by default.
E. The static CLI command is used to configure static NAT translation rules.
A. The uplink interface that is operating as the designated receiver for broadcast traffic
B. The uplink interface that is operating as the designated sender for broadcast traffic
C. The switching mode for which the Fabric Interconnect is configured
D. The uplink interface from which multicast traffic will be sourced
E. Whether the last respond code was accepted or not
A. The domain ID for SAN A is 0x64.
B. fc1/8 and fc1/9 on the MDS-A are configured as E Ports.
C. fc1/8 and fc1/9 on the MDS-A are configured as TE Ports.
D. fc1/8 and fc1/9 on the MDS-A are configured as F Ports.
E. FC trunking is enabled on the Fabric Interconnect.
A. FI-A is configured in FC switch mode.
B. VSAN trunking is enabled on FI-A.
C. The native VSAN should be VSAN 1.
D. Cisco UCS will allow all VSANs by default when FC trunking is enabled.
E. FI-A requires VSAN pruning.
F. Interface fc1/8 on MDS-A should be configured as a TE Port.
NEW QUESTION 26
Refer to the exhibit. You have associated a newly created service profile to a blade. When you examine the configured boot order and actual boot order, they do not match. Which two statements describe reasons for this mismatch? (Choose two.)
A. Having a single iSCSI boot target would prevent the profile from associating, and would generate a configuration error.
B. The server must complete a POST cycle before Cisco UCS Manager will update this information.
C. The blade needs to be reacknowledged.
D. The server is in the process of a firmware upgrade.
E. There may be a configuration error in the service profile.
NEW QUESTION 27
Refer to the exhibit. You are configuring a UCS C-Series server for SAN boot over FCoE. The server fails to boot after the HBA option ROM loads. Which option describes the most likely solution for this problem?
A. Decrease the vNIC MTU.
B. Set the vNIC Class of Service to a nonzero value.
C. Set the default VLAN to FCOE VLAN.
D. Set the vHBA Class of Service to 2.
E. Uncheck the PXE Boot option.
F. Disable Persistent LUN Binding.
NEW QUESTION 28
Refer to the exhibit. You are connecting a Cisco Nexus 2000 to an existing Cisco UCS Fabric Interconnect domain for C-Series integration. Which option describes the next Cisco Nexus 2000 that will be discovered?
A. Fabric interconnect B will reboot.
B. The expansion module on fabric interconnect B will reload.
C. The command will generate an error.
D. Both fabric A and B expansion modules will reload.
E. The expansion module on fabric interconnect B will reload according to the maintenance policy that is set by Cisco UCS Manager.
A. One or more of the VLANs that are assigned to the vNIC have been deleted from Cisco UCS Manager.
B. One or more of the VLANs that are assigned to the vNIC are assigned to different disjoint Layer 2 uplinks.
C. There are no Ethernet uplinks that are enabled.
D. The host to which the vNIC belongs is currently powered off.
E. The vNIC is currently active and uses the fabric failover peer vNIC.