350-018 braindump (161 to 170)

Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.

2016 Jun 350-018 Study Guide Questions:

Q161. What action will be taken by a Cisco IOS router if a TCP packet, with the DF bit set, is larger than the egress interface MTU? 

A. Split the packet into two packets, so that neither packet exceeds the egress interface MTU, and forward them out. 

B. Respond to the sender with an ICMP Type 3., Code 4. 

C. Respond to the sender with an ICMP Type 12,.Code 2. 

D. Transmit the packet unmodified. 

Answer: B 

Q162. Which domain is used for a reverse lookup of IPv4 addresses? 

A. in-addr.arpa 

B. ip4.arpa 

C. in-addr.net 

D. ip4.net 

Answer: A 

Q163. Refer to the exhibit. 

Which three command sets are required to complete this IPv6 IPsec site-to-site VTI? (Choose three.) 

A. interface Tunnel0 tunnel mode ipsec ipv6 

B. crypto isakmp-profile match identity address ipv6 any 

C. interface Tunnel0 ipv6 enable 

D. ipv6 unicast-routing 

E. interface Tunnel0 ipv6 enable-ipsec 

Answer: ACD 

350-018  question

Regenerate 350-018 forum:

Q164. Which ICMP message type code indicates fragment reassembly time exceeded? 

A. Type 4, Code 0 

B. Type 11, Code 0 

C. Type 11, Code 1 

D. Type 12, Code 2 

Answer: C 

Q165. Which statement is true about an SNMPv2 communication? 

A. The whole communication is not encrypted. 

B. Only the community field is encrypted. 

C. Only the query packets are encrypted. 

D. The whole communication is encrypted. 

Answer: A 

Q166. Which three statements are true about MACsec? (Choose three.) 

A. It supports GCM modes of AES and 3DES. 

B. It is defined under IEEE 802.1AE. 

C. It provides hop-by-hop encryption at Layer 2. 

D. MACsec expects a strict order of frames to prevent anti-replay. 

E. MKA is used for session and encryption key management. 

F. It uses EAP PACs to distribute encryption keys. 

Answer: BCE 

350-018  question

100% Guarantee cbt nuggets 350-018:

Q167. Which two statements about the fragmentation of IPsec packets in routers are true? (Choose two.) 

A. By default, the IP packets that need encryption are first encrypted with ESP. If the resulting encrypted packet exceeds the IP MTU on the egress physical interface, then the encrypted packet is fragmented and sent out. 

B. By default, the router knows the IPsec overhead to add to the packet. The router performs a lookup if the packet will exceed the egress physical interface IP MTU after encryption, then fragments the packet and encrypts the resulting IP fragments separately. 

C. increases CPU utilization on the decrypting device. 

D. increases CPU utilization on the encrypting device. 

Answer: BC 

Q168. During the establishment of an Easy VPN tunnel, when is XAUTH performed? 

A. at the end of IKEv1 Phase 2 

B. at the beginning of IKEv1 Phase 1 

C. at the end of Phase 1 and before Phase 2 starts in IKEv1 and IKEv2 

D. at the end of Phase 1 and before Phase 2 starts in IKEv1 

Answer: D 

Q169. Which four functionalities are built into the ISE? (Choose four.) 

A. Profiling Server 

B. Profiling Collector 

C. RADIUS AAA for Device Administration 

D. RADIUS AAA for Network Access 

E. TACACS+ for Device Administration 

F. TACACS+ for Network Access 

G. Guest Lifecycle Management 

Answer: ABDG 

Q170. What is the commonly known name for the process of generating and gathering initialization vectors, either passively or actively, for the purpose of determining the security key of a wireless network? 

A. WEP cracking 

B. session hijacking 

C. man-in-the-middle attacks 

D. disassociation flood frames 

Answer: A 

About 350-018 Information: 350-018 Dumps