New VCE and PDF– If you want to pass Cisco 350-018 exam successfully,do not miss to test Cisco latest Cisco 350-018 brain dumps.All Cisco 350-018 the new questions and answers were timely added, visit to free download VCE player and PDF files.

Which three of these are true statesments about?(choose three)
A. It is a secure protocol encapsulated within SSL
B. It is a more recent version of SSl
C. It allows for client authentication via certificates
D. If a third-party(man i-the-middle) observes the entire handshake bwtween clinet and server. The third-party can decrypt the encrypted data the passes between them
E. It can be used to secure SIP
F. It cannot be used for HTTPS
Correct Answer: BCE

All of these tools are available from the Cisco IPS manager Express(Cisco IME) GUI except which one?
B. Traceroute
C. Telnet
D. DNS lookup
E. ping

Correct Answer: C
When a client that is configured for DHCP is powered on and requests an IP address, which is the first DHCP message the client sends?
A. DHCP Acknowledgement
B. DHCP Request
C. DHCP Discovery
D. DHCP inform
E. DHCP Offer

Correct Answer: C
Which two of these properties does the UDP protocol itself provide? (Choos two)
A. reliable delivery of data
B. data rate negotiation
C. checksum to prevent data errors
D. preventation of data interception
E. efficient data transfer

Correct Answer: CE
Referring to the debug output shown below, what is causing the IKE Main Mode failure? 1d00h: ISAKMP
(0:1): atts are not acceptable. Next payload is 0 1d00h: ISAKMP (0:1): no offers accepted!
1d00h: ISAKMP (0:1): SA not acceptable!
1d00h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main Mode failed with peer at

A. The Crypto ACL is not a mirror image of the peer.
B. The IKE Phase I policy does not match on both sides.
C. The IPSec transform set on the peers do not match.
D. The receivedIPsec packet specifies a Security Parameters Index (SPI) that does not exist in the security associations database (SADB).
E. The pre-shared keys on the peers do not match.

Correct Answer: B
ip address ip nat inside no shutdown ! ip nat inside source list NAT interface fastEthernet0/0 overload extended ! ip access-list extended crypto _ACL permit ip any
You issue the show crypto ipsec sa command and see that the tunnel is up, but no packets are encrypted or decrypted on either side. To test connectivity, you sourced a ping from the private interface of each router , destined to the private interface of the far-end router. You ask a VPN expert to help you troubleshoot. The expert has verified that ESP is not being blocked , and the routing is correct. After some troubleshooting, the expert makes which of these determinations?
A. The problem is with the encryption ACL. As you were testing with ICMP, you reeded to allow ICMP in both encryption ACLs Router1:permit icmp Router2:permit icmp
B. The problem is with the NAT ACL. VPN traffic should be denied in the NAT ACL so that the ACL looks like the following Router1: ip access-list ext NAT deny ip permit ip any Router2: ip access-list ext NAT deny ip permit ip any
C. The problem is that it is not possible to do NAT along with VPN on a XXX
D. The problem is NAT Transparency is enabled. Dxxxxxxx no crypto ipsec nat-transparency udp-encapsulation.

Correct Answer: B
Which of these authentication combinations would provide the highest level of security for an IPsec remote-access VPN client?
A. pre-shared key and xauth (RADIUS server)
B. certificate and xauth (local server)
C. certificate and xauth (RSA SecurID token)
D. pre-shared key and xauth (RSA SecurID token)
E. pre-shared key and xauth (local server)
F. certificate and xauth (RADIUS server)

Correct Answer: C
What does this log message indicate? 4w6d: %PM-4-ERR_DISABLE: Psecure-Violation Error Detected on Gi3/2, Putting Gi3/2 in Err-Disable State
A. The port has been disabled because the traffic rate limit has been exceeded.
B. The port has been temporarily disabled because the broadcast packet limit has been exceeded.
C. The port has been disabled because the MAC address limit has been exceeded.
D. The port has been disabled due to a DHCP OFFER packet.
E. The port has been disabled due to detection of a gratuitous ARP packet.
F. The port has been disabled due to an invalid MAC address.

Correct Answer: F
You work as a network engineer, study the exhibit carefully. Your company has just configured Cisco security appliance between R1 and R2 to enhance security and apply advanced protocol inspection. Unluckily, BGP stopped working after inserting the appliance in the network. How to restore BGP connectivity? (Choose three.)

A. Configure BGP on the security appliance as an IBGP peer to R1 and R2 in AS 65500.
B. Configure a static NAT translation to allow inbound TCP connections from R2 to R1.
C. Configure an ACL on the security appliance allowing TCP port 179 between R1 and R2.
D. Configure a static route on R1 and R2 using the appliance inside and outside interfaces as gateways.

Correct Answer: BCD
What Cisco Switch feature best protects against CAM table overflow attacks?
A. CAM table size definition
B. Storm Control
C. Port security
D. Network Based Application Recognition
E. IP spoof prevention

Correct Answer: C
When configuring an intrusion prevention sensor in promiscuous mode what type of malicious traffic can NOT be stopped?
A. Atomic attacks (single packet attacks)
B. Teardrop attacks
C. All of the above
D. Sweep reconnaissance (such as ICMP sweeps)
E. Flood attacks
Correct Answer: A

Asymmetric and symmetric ciphers differ in which of the following way(s)? (Choose two)
A. Asymmetric ciphers use public and private keys.
B. Symmetric ciphers are faster to compute.
C. Asymmetric ciphers are faster to compute.
D. Asymmetric ciphers use pre-shared keys.

Correct Answer: AB
Which algorithms did TKIP add to the 802.11 specification? (Choose 3)
A. cyclic redundancy check
B. AES-based encryption
C. key mixing
D. message integrity check
E. anti-replay sequence counter

Correct Answer: CDE
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?
A. ASAsyn protection
B. ASA ICMP application inspection.
C. CSA quarantine lists.
D. IPSsyn attack signatures.
E. Cisco Guard

Correct Answer: C
ASDM on the ASA platform is executed as:
A. A fully operational Visual Basicapplicaton.
B. An active-x application or a java script application.
C. A java applet running in the context of your browser or a stand alone application using the java run-time environment.
D. A java script application and a PHP application
E. A fully compiled NET frameworkapplicaton.

Correct Answer: C
Which of the following signatures was created by an IPS adminisrator using the custom signature creation capability of IPS?
A. 2000 – ICMP Echo Reply
B. 3050 – Half-open SYN attack
C. 12000 – Gator Spyware Beacon
D. 9000 – TCP Backdoor Probe.
E. 6000-BitTorrent File Download.
Correct Answer: E

Which of these is the best way to provide sender non-repudiation?
A. secure hash
C. pre-shared key
D. RSA signature

Correct Answer: D
What statement is true concerning PAT?
A. PAT provides access control.
B. PAT is the preferred method to map servers to external networks.
C. PAT rewrites the source address and port.
D. PAT keeps ports but rewrites address.

Correct Answer: C
When configuring IOS firewall (CBAC) operations on Cisco routers, the “inspectin rule” could be applied at which two locations? (Choose two.)
A. at theuntrusted interface in the outbound direction
B. at the trusted interface in the inbound direction
C. at the trusted anduntrusted interface in the inbound direction
D. at the trusted interface in the outbound direction
E. at theuntrusted interface in the inbound direction
F. at the trusted anduntrusted interface in the outbound direction

Correct Answer: AB
With the Cisco’s IOS Authentication Proxy feature, users can initiate network access via which three protocols? (Choose three)
D. IPSec
Correct Answer: ACF Exam B

Which four of these areas can be characterized for network risk assessment testing methodology? (Choose four)
A. Router hostname and IP addressing scheme
B. Router filtering rules
C. Route optimization
D. Database connectivity and RTT
E. Weak authentication mecharisms
F. Improperly configured email servers
G. Potential web server exploits

Correct Answer: BEFG
What does the “authoritative” flag in the show ip nhrp command output indicate?
A. It indicates that information was learned from the source mapping information of an NHRP resolution request received by the local router or from an NHRP resolution packet being forwarded through the local router.
B. It indicates an NHRP mapping entry for networks local to this router for which this router has answered an NHRP resolution request
C. It indicates that the NHRP information was obtained from the next-hop server or router that maintains the NBMA-to-IP address mapping for a particular destination
D. It indicates that this NHRP mapping entry must be unique; it cannot be overwritten with a mapping entry that has the same IP address but a different NBMA address.
Correct Answer: C

Refer to the exhibit From the ASDM NAT Rules table, inside host is translated to which IP address on the outside?

Correct Answer: E
Unicast Reverse Path Forwarding(Uncast RPF) is a protection mechanism that can be used against which of these?
A. TCP session hijacking attacks
B. Brute-force attacks
C. Teardrop attacks
D. Password attacks
E. Birthday attacks
F. Spoofing attacks

Correct Answer: F
You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?
A. Ipv6 port-map port telnet 223
B. Ipv6 port-map port 23 port 23223
C. Ipv6 port-map telnet port 23 223
D. Ipv6 port-map telnet port 223

Correct Answer: D
Which three of these are among the implicit IPv6 ACL rules in Cisco IOS allowing ICMPv6 neighbor discovery? (Choose three)
A. permit icmp any any nd-na
B. deny icmp any any nd-na
C. permit icmp any any nd-ns
D. deny icmp any any nd-nn
E. permit ipv6 any any
F. deny ipv6 any any

Correct Answer: ACF
Hypertext Transfer Protocol (HTTP) version 1.1 introduced several improvements over HTTP 1.0, which resulted in improved performance (faster page displays) for end users. Which three of these of these enhancements were added to the HTTP 1.1 protocol over the HTTP 1.0 protocol? (Choose three)
A. GET requests
B. Persistent connections
C. Selective acknowledgements
D. Chunked encoding
E. HTTP pipelining

Correct Answer: BDE
What is the default TCP port used to remotely manage a Cisco Secure ACS v4.x software application server?
A. 2000
B. 2001
C. 2002
D. 2005
E. 2020
Correct Answer: C

Before you can configuration Professional, you must do what?
A. Create a default password, and then attach it to the router list in the community map
B. Create a community, and then add devices to that community
C. Create a discovery map, and then bind this map to the community
D. Create a hostname-to-IP-address mapping, and then add this map reference in the community

Correct Answer: B
Which two of these correctly describe the following command?(Choose two) Aaa authentication ppp user-radius if-needed group radius
A. RADIUS authentication will be used for lines using PPP with CHAP only
B. RADIUS authentication will be used for lines using PPP with CHAP or PAP
C. RADIUS authentication is not performed if the user has been authenticated/authorized
D. If the action returns an error, the user will be allowed access without authentication
E. The user radius keyword specifies that all RADIUS servers are to be used

Correct Answer: BC
Which three of these are security properties that TLS v1 .2 provides?(Choose three)
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
E. Authorization

Correct Answer: ABD
Which three of these are performed by both RADIUS and TACACS+ servers?(choose three)
A. Login authentication
B. EXEC authorization
C. Command authorization
D. EXEC accounting
E. Command accounting

Correct Answer: ABD
In the context of Cisco Configuration Professional, to discover a router means to establish a session to the router using either secure or nonsecure means, do which of the following, and populate a screen with the information obtained?
A. read the configuration present in the router
B. read the IOS version in the router
C. read the interface(s) information in the router
D. read the CPU information in the router
E. check if the router is UP or Down

Correct Answer: A
When a failover takes place on an adaptive security appliance configured for failover, all active connections are dropped and clients must reestablish their connections, unless the adaptive security appliance is configured in which two of the following ways?(Choose two)
A. active/standby failover
B. active/active failover
C. active/active failover and a state failover link has been configured
D. active/standby failover and a state failover link has been configured
E. to use a serial cable as the failover link F LAN-based failover
Correct Answer: CD QUESTION 15

What is the main purpose of FlexConfig in Cisco Security Manager?
A. to share configuration between multiple devices
B. to configure device commands that are not supported by Cisco Security Manager
C. to duplicate/clone basic configuration of a device
D. to merge multiple policies into a simplified view
E. to configure complex commands for a device

Correct Answer: B
The communication between Cisco Configuration Professional and a Cisco router is secured using which of these?
A. IPsec
E. Cisco proprietary encryption

Correct Answer: C
Which of these is a core function of the risk assessment process?
A. performing regular network upgrades
B. performing network optimization
C. performing network posture validation
D. establishing network baselines
E. performing network roll-outs

Correct Answer: D
Which two of these statements about SMTP and ESMTP are the most correct?(Choose two)
A. Open mail relays are often used for spamming
B. ESMTP does not provide more security features than SMTP
C. SMTP provides authenticated e-mail sending
D. Worms often spread via SMTP
Correct Answer: AD

Which two of these are valid TACACS+ Accounting packets?(Choose two)
Correct Answer: AC
Using FTP passive mode, after the client opens the command channel (port 21) to the FTP server and requests passive mode, what will be the next step?
A. The FTP server sends back an acknowledgment (ACK) to the client
B. The FTP server allocates a port to use for the data channel and transmit that port number to the client
C. The FTP server opens the data channel to the client using the port number indicated by the client
D. The FTP client opens the data channel to the FTP server on Port 20
E. The FTP client opens the data channel to the FTP server on Port 21

Correct Answer: B
All of these correctly describe SNMPv3 except which one?
A. does not provide any protection against denial of service attacks
B. provides a mechanism for verification that messages have not been altered in transit
C. requires the use of NTP to correctly synchronize timestamps and generate public/private key pairs used for encryption of messages
D. provides a mechanism for verivication of the identily of the device that generated the message E includes timeliness indicators in each message so the receiving SNMP engine can determine if it was sent recently

Correct Answer: C
A DNS open resolver is vulnerable to which three of these malicious activities?(choose three)
A. cache poisoning attack
B. amplification attack
C. ping of death attack
D. resource utilization attack
E. Blue screen of death
F. nachi worm attack

Correct Answer: ABD
Which of these statements best describes the advantage of using cisco secure desktop which is part of the cisco ASA VPN solution?
A. Secure desktop will create a completely separate computing environment that will be deleted when you are done. This ensures that no confidential data has been left on the shared/public computer.
B. Secure desktop is used to protect access to your registry and system files when browsing to SSL/VPN protected pages.
C. Secure Desktop ensures that an SSL protected password cannot be exploited by a main in the middle attack using a spoofed certificate.
D. Secure desktop hardens the operating system of the machines you are using at the time secure desktop is launched.

Correct Answer: A
For a router to obtain a certificate from a CA (Certificate Authority) , what is the first step of the certificate enrollment process ?
A. the router generates a certificate request and forwards it to the CA
B. the router generates an RSA key pair
C. the router sends its public key to the CA
D. the CA sends its public key to the router
E. the CA verifies the identity of the router
F. the CA generates a certificate request and forwards it to the router

Correct Answer: B
What is the default username and password set for cisco security deyice manager(SDM)?
A. sdm/sdm
B. sdm/cisco
C. cisco/sdm
D. cisco/cisco
E. cisco/cisco123

Correct Answer: D
The BPDU guard feature disables which kind of port when the port receives a BPDU packet?
A. any port
B. nonegotiate port
C. access port
D. portfast port
E. root port
Correct Answer: D

Refer to the exhibit the exhibit illustrates which type of attack?
A. virus infection
B. worm propagation
C. port scanning D. denial of service (Dos)
E. distributed Dos (DDos)

Correct Answer: E
All of these phases of the Security Incident Response methodology except which one?
A. planning
B. preparation
C. identification
D. classification
E. reaction
F. restructuring
G. post-mortem

Correct Answer: F
Which four routing protocols are supported when using Cisco Configuration Professional? (Choose four.)
A. RIPv1
B. RIPv2
Correct Answer: ABDE

Refer to the exhibit. Switch SW2 has just been added to Fa0/23 on SW1. After a few seconds, interface Fa0/23 on SW1 is placed in the error-disabled state. SW2 is removed from port Fa0/23 and inserted into SW1 port Fa0/22 with the same result. What is the most likely cause of this problem?
A. The Spanning-tree PortFast feature has been conigured on SW1.
B. BPDU filtering has been enable either globally or on the interfaces of SW1.
C. The BPDU guard feature has been enabled on the FastEthernet interfaces of SW1.
D. The FastEthernet interfaces of SW1 are unable to autonegotiate speed and duplex with SW2.
E. PAgP is unable to correctly negotiate VLAN trunk characteristics on the link between SW1 and SW2

Correct Answer: C
Application layer protocol inspection is available for the Cisco ASA 5500 Series Adaptive Security Appliance. This feature performs which type of action on traffic traversing the firewall?
A. classification and policing (for QoS)
B. deep packet inspection
C. flexible packet matching
D. reverse path forwarding
E. remote triggering of a black hole

Correct Answer: B
Which two of these are true about TFTP? (Choose two.)
A. TFTP includes a basic username/password authentication mechasim.
B. While “putting” files via TFTP is possible. It is good practice to disallow it, because TFTP lacks access control mechanisms.
C. TFTP uses a very basic “stop and wait” mechanism for flow control, for which each packet needs to be acknowledged before the next one is sent.
D. TFTP root directories need to be world-readable and -writable due to the lack of security controls in the protocol.
E. TFTP can list remote directory contents, but only if advanced options (as defined in RFC 2347) are negotiated between client and server at initial connection time.

Correct Answer: BC
Routing loops can occurs in distance vector routing protocols if the network has inconsistent routing entries. Which three of these methods can be used to avoid them? (Choose three.)
A. split horizon
B. route poisoning
C. route suppression
D. route splitting
E. hold-down timers

Correct Answer: ABE
CustomerA has set up a central syslog server to receive all syslog messages from its routers. The IP address of this central server is, and the customer wants all messages of level “error” and above to be sent there. In addition, it wants all messages of level “warning” and above to be stored locally on the router. Assuming logging is already enabled, which three commands on the router would accomplish these goals? ( Choose three.)
A. logging host level errors
B. logging buffered warnings
C. logging device
D. logging buffer enable
E. logging host
F. logging facility local-buffer
G. logging trap errors

Correct Answer: BEG
When using Cisco Easy VPN Remote (hardware client deployment) in the client-mode setup, all of the following statements are correct except which one?
A. Perform split tunneling on the Cisco Easy VPN Remote device.
B. Initiate a connection from a network behind the Cisco Easy VPN Server to the network behind the Cisco Easy VPN Remote client.
C. Set the Cisco Easy VPN Remote to allow an administrator or user to manually initiate a connection.
D. Set the Cisco Easy VPN Remote to automatically connect to the Cisco Easy VPN Serer.

Correct Answer: B
Which three of these are properties of the Authentication Header (AH) protocol?(choose three)
A. Provides data integrity
B. Provides data confidentiality
C. Provides data authentication
D. Use IP protocol number 50
E. Optionally provides replay protection

Correct Answer: ACE
Which two of these statements regarding Authentication Header (AH) are true?(choose two)
A. AH requires the use of Encapsulation Security Payload (ESP) to work correctly
B. AH provides authentication for most of the “outer” IP header, as well as the upper layer protocols
C. AH can be deployed in tunnel mode only
D. AH is not commonly used, because it can only encrypt the original packet using a DES encryption algorithm.
E. AH will work through a NAT (one-to-one) device, but not through a PAT(one-to-many) device
F. AH use an IP protocol number of 51

Correct Answer: BF
DNS Security Extension (DNSSEC) adds security functionality to the Domain Name System for which three purposes? (Choose three)
A. Origin authentication of DNS data
B. Protection against denial of service (DoS) attacks
C. Integrated data encryption using ESP
D. Inclusion of the authorization flag in the DNS lookup
E. Providing of confidentiality of data
F. Data integrity
Correct Answer: ADF QUESTION 39

What is the net effect of using ICMP type 4 messages to attack RFC 1122-compliant hosts?
A. Hosts will perform a .soft. TCP reset and restart the connection.
B. Hosts will perform a .oehard. TCP reset and tear down the connection
C. Hosts will reduce the rate at which they inject traffic into the network
D. Hosts will redirect packets to the IP address indicated in the ICMP type 4 message
E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message

Correct Answer: C
All of these are available from Cisco IPS Device Manager (Cisco IDM) except which one?
A. Interface Status
B. Global Correlation Reports
C. Sensor Information
D. CPU, Memory, and Load
E. Top Signatures
F. Top Applications

Correct Answer: E
Which three of these protocols are supported when using TACACS+?(choose three)
A. Apple Talk
E. Kerberos

Correct Answer: ACD
Which are the three benefits of Cisco IPS Manager Express (Cisco IME) compared to Cisco IPS Device Manager (Cisco IDM) ? (Choose three)
A. Advanced Cisco IPS signatures can be configured with Cisco IME, while only base Cisco IPS signatures can be configured with Cisco IDM.
B. Cisco IME can manage up to 10 Cisco IPS device while Cisco IDM can only manage a single Cisco IPS device.
C. A live RSS feed for cisco security alert can be set up on Cisco IME, but not on Cisco IDM.
D. The sensor health dashboard can only be viewed on Cisco IME, not on Cisco IDM
E. Email notification can be set from Cisco IME if an event is being triggered by Cisco IPS, but cannot be sent from Cisco IDM
F. Automatic signature updating can can only be provisioned from Cisco IME, not from Cisco IDM.
Correct Answer: BCE

Identity NAT translates which of these?
A. The source IP address to the interface IP address
B. The local IP address to a global IP address
C. An IP address to itself
D. The destination IP address to an RFC 1918 address
E. The local IP address to a DNS-resolved IP address
F. The global IP address to a local IP address

Correct Answer: C
Which two of these commands are required to implement a Cisco Catalyst 6500 Series Firewall Services Module (FWSM) in a Catalyst 6500 running Cisco IOS?(Choose two).
A. firewall multiple-vlan-interfaces
B. firewall module xvlan-groupy
C. Module xsecure-traffic
D. Firewall vlan-groupy <vlan-x>
E. Firewall module xsecure-traffic

Correct Answer: BD
Which of these statements is true about EIGRP?
A. It conserves network bandwidth by using periodic, incremental updates to propagate network changes to its neighbors
B. It can install up to eight equal-cost paths to a given destination in its routing table
C. It is possible for two EIGRP routers to become neighbors even if the hello and hold timers do not match.
D. EIGRP updates can be sent between two discontinuous autonomous systems via a virtual link.
E. EIGRP packets can be both authenticated and encrypted to ensure that the information exchange is reliable and confidential

Correct Answer: A
In ISO 27001 ISMS, which three of these certification process phases are required to collect information for ISO 27001? (Choose three.)
A. discover
B. certification audit
C. post-audit
D. observation
E. pre-audit
F. major compliance

Correct Answer: BCE
The Internet Engineering Task Force (IETF) is a collaborative effort by the international community of Internet professionals to improve the design.use,and management of the Internet. Which international organization charters the activity of IETF?
Correct Answer: C QUESTION 48

When configuring a Cisco adaptive security appliance in multiple context mode, which one of these capabilities is supported?
A. multicast
B. dynamic routing protocols
C. VPN configurations
D. static routes

Correct Answer: D
What is the main purpose of a denial of service attack?
A. unauthorized data manipulation
B. the gaining of system access
C. privilege escalation on a victim or compromised host
D. impeding of the availability of a resource to authorized users
E. unauthorized discovery and mapping of systems, services, or vulnerabilities

Correct Answer: D
When sending an e-mail message using Simple Mail Transfer(SMTP),the client must signal to the mail server that the message is complete by terminating the message with which of these?
C. <CR><F>
D. <CR><LF>.<CR><LF>

Correct Answer: D

Flydumps Cisco 350-018 exam dumps are audited by our certified subject matter experts and published authors for development. Flydumps Cisco 350-018 exam dumps are one of the highest quality Cisco 350-018 Q&As in the world. It covers nearly 96% real questions and answers, including the entire testing scope. Flydumps guarantees you pass Cisco 350-018 exam at first attempt.

Previous post Cisco 350-018 Prep Guide, Most Reliable Cisco 350-018 Test Software With 100% Pass Rate
Next post Cisco 350-018 Exam Practice PDF, Best Cisco 350-018 Brain Dump With The Knowledge And Skills