Cisco 350-018 Exam Guide, Most Popular Cisco 350-018 Practice Questions For Download

Free Sharing –How to pass the Cisco 350-018 exam quickly? How to prepare for the changed exam? Free download Cisco 350-018 Exam practice test with all new exam questions.You can also get more new version on

What is the net effect of using ICMP Type 4 messages to attact RFC 1122 compliant hosts?
A. Hosts will perform a “soft” TCP reset and restart the connection.
B. Hosts will perform a “hard” TCP reset and tear down the connection.
C. Hosts will reduce the rate at which they inject traffic into the network.
D. Hosts will redirect packets to the IP address indicated in the ICMP type 4 message.
E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message.

Correct Answer: C
What is the best way to mitigate Browser Helper Objects (BHO) from being installed on your system?
A. Disable BHOs in your browser’s preferences.
B. A BHO is certificate protected and therefore safe to install on your system.
C. A BHO is not a security concern.
D. A BHO is easily protected using default anti-virus or IPS signatures.
E. A BHO installation can be stopped using CSA rules.

Correct Answer: E
Refer to the diagram and partial configuration. Based on the partial configuration, which of the following FTP application answers is correct?

A. If the FTP client is configured for passive FTP, the ASA partial configuration will enable remote user to “get” but not “put” FTP files.
B. If the FTP client is configured for passive FTP, ASA FTP protocol inspection is required before FTP data traffic can be returned through the ASA to the FTP client.
C. If the FTP client is configured for active FTP, the ASA partial configuration will enable the remote user to “get” and “put” FTP files.
D. If the FTP client is configured for active FTP, only the outside access-list and FTP server static statement are required before FTP data and control traffic can be passed through the ASA.

Correct Answer: C
Referring to the SDM screens shown, which two statements are true about the IOS Easy VPN Server configuration? (Choose two.)

A. Digital Certificate is used to authenticate the remote VPN client.
B. Split tunneling is enabled where traffic that matches ACL 100 will not be encrypted.
C. Split tunneling is disabled because no protected subnets have been defined.
D. To connect, the remote VPN client will use a groupname of “test.”
E. The remote VPN client will be assigned an internal IP address from the SDM_POOL_1 IP address pool
F. Pre-shared key (PSK) authentication will be used during the X-Auth phase.

Correct Answer: DE
You are configuring a Cisco switch in a NAC Framework solution, what is the resulting action of issuing the device authorize command have in the (config-identity-prof)# sub-configuration mode?
A. Enables an EOUoUPD identity profile for clientless hosts.
B. Statically authorizes and maps devices to an access policy.
C. Maps the NAD to clientless host for posture authorization.
D. Statically maps an access list to a NAC Agentless Host (NAH)

Correct Answer: B
Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment?
A. SSL Handshake Protocol
B. SSL Alert Protocol
C. SSL Record Protocol
D. SSL Change CipherSpec Protocol

Correct Answer: C
Which ones are the two types of ciphers?
A. Blocking cipher and non-blocking cipher.
B. CBC cipher and EBC cipher
C. Block cipher and Stream cipher
D. Blocker cipher and Streamer cipher
E. 3DES cipher and AES cipher

Correct Answer: C
Choose the correct security statements about the HTTP protocol and its use.
(Choose 2)
A. Long URLs are not used to provoke buffer overflows.
B. Cookies can not provide information about where you have been.
C. HTTP can provide server identification.
D. HTTP is NOT often used to tunnel communication for insecure clients such as P2P.
E. HTTP is often used to tunnel communication for insecure clients such as P2P.

Correct Answer: CE
Which three steps are required to enable SSH Server on an IOS router? (Choose three)
A. Configure a host name
B. Configure a domain name
C. Configure the Crypto PKI trustpoint (CA)
D. Specifies a fingerprint that can be matched against the fingerprint of a CA certificate during authentication.
E. Import the SSH client fingerprint.
F. Generate an RSA key pair.
Correct Answer: ABF
ARP cache poisoning can be best prevented by using which two Catalyst security features? (Choose two.)
A. Dynamic ARP Inspection (DAI)
B. Port Security
C. MAC Address Notification
D. DHCP Snooping
E. Port Fast
F. 802.1x Authentication
Correct Answer: AD
Which option describes the actions that can be taken when an IPS 5.x signature fires?
A. Deny Packet Inline – Produce Alert.
B. Drop Connection – Drop Packet.
C. Produce Alert – Produce Detailed Alert
D. Block Connection – Generate SNMP Trap.
E. Drop Packet – Suppress Alert

Correct Answer: A
access-list 111 permit udp any any eq 1434 class-map match-all bad_worm match access-group 111 match packet length min 404 max 404 policy-map drop-bad-worm class bad-worm police 1000000 22250 22250 conform-action drop exceed-action drop violate-action drop
Taking into consideration the shown configuration, what kind of attack are we attempting to mitigate?
A. Smurf Attack
B. Code Red Worm
C. SQL Slammer Worm
D. MSQL and JavaScript attack
E. This is not valid configuration.

Correct Answer: C
In ISO 27001 ISMS what are the main certification process phases required to collect information for ISO 27001?
A. Discover
B. Certification audit
C. Post-audit
D. Observation
E. Pre-audit
F. Major compliance.

Correct Answer: BCE
Which two statements are correct about the aaa authentication login default group tacacs+ local global configuration command? (Choose two)
A. this login authentication method list is automatically applied to all lines except those that have a named method list explicitly defined.
B. If the user fails the TACACS+ authentication then the local database on the router will be used to authenticate the user.
C. if the tacacs+ server fails to respond then the local database on the router will be used to authenticate the user
D. “login” is the name of the method list being configured.
E. if the tacacs+ server is unavailable, authentication will succeed automatically by default.
Correct Answer: AC
What does the Common Criteria (CC) standard define?
A. The current list of Common Vulnerabilities and Exposures (CVEs)
B. The U S standards for encryptions export regulations.
C. Tools to support the development of pirvotal, forward-looking information system technologies.
D. The international standards for evaluating trust in information systems and products.
E. The international standards for privacy laws.
F. The standards for establishing a security incident response systems.

Correct Answer: D
What new features were added to the PIX in version 7.0? (Choose 3)
B. Rate-Limiting
C. Support for multiple virtual firewalls.
D. Transparent firewall

Correct Answer: BCD
What is the main reason for using the “ip ips deny-action ips-interface” IOS command?
A. To selectively apply drop actions to specific interfaces.
B. To enable IOS to drop traffic for signatures configured with the Drop action.
C. To support load-balancing configurations in which traffic can arrive via multiple interfaces.
D. This is not a valid IOS command.

Correct Answer: C
How can Netflow be used to help identify a day-zero scanning worm?
A. Netflow statistics can show a huge increase in traffic on a specific day.
B. Netflow tracks destination address.
C. Netflow makes sure that only the correct applications are using their designated ports.
D. Netflow prevents buffer overflow attacks.
E. Netflow protects against unknown virus attacks.
Correct Answer: A
Which type of attacks can be monitored and mitigated by CS-MARS using NetFlow data?
A. Man-in-the middle attack
B. Spoof attack
C. Land.C attack
D. Buffer Overflow
E. Day zero attack
F. Trojan Horse

Correct Answer: E
Which Cisco security software product mitigates Day Zero attacks on desktops and servers – stopping known and unknown attacks without requiring reconfigurations or updates on the endpoints?
A. Cisco Secure Desktop (CSD)
B. NAC Appliance Agent (NAA)
C. Cisco Security Agent (CSA)
D. SSL VPN Client (SVC)
E. Cisco Trust Agent (CTA)

Correct Answer: C
Referring to the network diagram and the R1 router configurations shown in the exhibit, why remote users using their Cisco VPN software client are not able to reach the networks behind R1 once they successfully VPN into R1?

A. The Cisco VPN software client does not support DH group 2
B. Reverse Route Injection (RRI) is not enabled on R1
C. The R1 configuration is missing the crypto ACL
D. The dynamic crypto map on R1 is misconfigured.
E. The ACL 100 on R1 is misconfigured.

Correct Answer: E
Which of the following signatures was created by an IPS adminisrator using the custom signature creation capability of IPS?
A. 2000 – ICMP Echo Reply
B. 3050 – Half-open SYN attack
C. 12000 – Gator Spyware Beacon
D. 9000 – TCP Backdoor Probe.
E. 6000- BitTorrent File Download.

Correct Answer: E QUESTION 43
Refer to the exhibit. In the sample configuration file what does the ip verify unicast reverse-path interface command accomplish?

A. It verifies the route of outgoing traffic is an approved network.
B. It verifies the route of incoming traffic is from an approved network.
C. It verifies source address and source interface of all input traffic on an interface is in the routing table.
D. It verifies destination address and destination interface of all output traffic on an interface is in the routing table.

Correct Answer: C QUESTION 44
The following is an example of an IPSec error message:
IPSEC(validat_proposal): invalid local address
ISAKMP (0:3): atts not acceptable.

Next payload is 0
ISAKMP (0:3): SA not acceptable!

What is the most common problem that this message can be attributed to?
A. Router is missing the crypto map map-name local-address command.
B. Crypto access-lists are not mirrored on each side.
C. This is only an informational message, ipsec session will still succeed.
D. Crypto map is applied to the wrong interface or is not applied at all.

Correct Answer: D
Which RFCs are used to establish internet connectivity from a private office with the following requirements?
254 users

Only one IP address provided by your ISP.

Your IP address is assigned dynamically.

The CPE from the ISP is pre-provisioned and working.

You are expected to make changes on your router.
A. IP Network Address Translator (NAT): Defined in RFC 1631.
B. IP Network Address Translator (NAT) Terminology and Considerations: Defined in RFC 2663.
C. Network Address Translator (NAT) – Friendly Application Design Guidelines: Defined in RFC 3235.
D. Address Allocation for Private Internets: Defined in RFC 1918
E. PPP and IPCP: Defined in RFC 1332.
F. DHCP: Defined in RFC 2131

Correct Answer: ADF
Since HTTP is one of the most common protocols used in the internet, what should be done at a firewall level to ensure that the protocol is being used correctly?
A. Ensure that a stateful firewall allows only HTTP traffic destined for valid web server IP address.
B. Ensure that a firewall has SYN flood and DDoS protection applied specifically for valid web servers.
C. Ensure that your firewall enforces HTTP protocol compliance to ensure that only valid flows are allowed in and out of your network.
D. Ensure that HTTP is always authenticated.
E. Ensure that your web server is in a different zone than your backend servers such as SQL and DNS.
Correct Answer: C
CS-MARS works with which IOS feature to accomplish anomaly detection?
B. Autosecure
D. Netflow
E. IOS Network Foundation Protection (NFP)
F. IOS Firewall
Correct Answer: D
Drop A.


Correct Answer:
Referring to the ASDM screen shot shown in the exhibit, which of the following traffic is peritted based on the currect Access Rules?

A. Any IP traffic from any host on the outside to the server on the dmz2
B. Any IP traffic from any host on the dmz to any host on the outside.
C. Any IP traffic from any host on the inside to any host on the dmz or dmz2
D. Any IP traffic from the host to any host on the inside.
E. FTP traffic from any host on the outside to the host on the dmz.
F. HTTP traffic from the server to any host on the inside.

Correct Answer: E
When an IPS device in single interface VLAN-pairing mode fires a signature from the normalizer engine and TCP-based packets are dropped, which of the following would be a probable cause?
A. The IPS device identified an incorrect value in layer 7.
B. There was no information in the IPS state table for the connection.
C. The IPS device identified an incorrect value in layer 6.
D. There was a valid SYN ACK in the state table but the subsequent packets were fragmented and did not constitute a valid flow.
E. The IPS device identified an incorrect value in layer 5.
Correct Answer: BD
Which statement is true about SYN cookies?
A. State is kept on the server machine TCP stack.
B. No State is kept on the server machine state and is embedded in the systems Initial Sequence Number (ISN).
C. SYN cookies do not help to protect against SYN flood attacks.
D. A system has to check every incoming ACK against state tables.

Correct Answer: B QUESTION 52
Refer to the Exhibit. Which of the following R1 router configurations will correctly prevent R3 from becoming a PIM neighor with rendezvous point R1?

A. access-list 1 deny ! interface fa0/0 ip pim neighbor-filter 1
B. access-list 1 permit access-list 1 deny any ! interface fa0/0 ip pim bidir-neighbor-filter 1
C. access-list 1 deny ! interface fa0/0 ip igmp access-group 1
D. access-list 1 permit ! interface fa0/0 ip multicast boundary 1 filter-autorop
E. access-list 1 permit ip pim rp-announce-filter rp-list 1

Correct Answer: A
Asymmetric and symmetric ciphers differ in which of the following way(s)? (Choose 2)
A. Asymmetric ciphers use pre-shared keys.
B. Symmetric ciphers are faster to compute.
C. Asymmetric ciphers are faster to compute.
D. Asymmetric ciphers use public and private keys.
Correct Answer: BD
The key lengths for DES and 3DES, respectively, are:
A. 128 bits and 256 bits.
B. 128 bits and 384 bits.
C. 1024 bits and 3072 bits.
D. 64 bits and 192 bits.
E. 56 bits and 168 bits.
F. 128 bytes and 384 bytes.

Correct Answer: E
When enrolling a Cisco IOS router to a CA server using the SCEP protocol, which one of the following is NOT a required step?
A. Configure an ip domain-name on the router
B. Generate the RSA key pairs on the router.
C. Define the crypto pki trustpoint on the router.
D. Authenticate the CA server’s certificate.
E. Import the server certificate to the router using TFTP.

Correct Answer: E
RFC 2827 ingress filtering is used to help prevent which type of attacks?
A. Syn Flood.
B. Source IP address spoofing
C. Overlapping IP Fragments.
D. Tiny IP Fragments
E. Land.C
F. Network Reconnaissance.

Correct Answer: B
Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an attack can be stopped with which of the following Cisco products?
A. ASA syn protection
B. ASA ICMP application inspection.
C. CSA quarantine lists.
D. IPS syn attack signatures.
E. Cisco Guard
Correct Answer: C
Cisco Clean Access ensures that computers connecting to your network have which of the following?
A. No vulnerable applications or operating systems
B. No viruses or worms
C. Appropriate security applications and patch levels.
D. Current ips signatures.
E. Cisco Security Agent

Correct Answer: C QUESTION 59
The following ip protocols and ports are commonly used in IPSec protocols.
A. IP protocol 50 and 51, UDP port 500 and 4500
B. UDP ports 50, 51, 500, and 4500
C. TCP ports 50, 51, 500, and 4500
D. IP protocols 50, 51, 500, and 4500
E. IP protocols 50 and 51, UDP port 500, and TCP port 4500

Correct Answer: A QUESTION 60
Refer to the Exhibit. Router R1 is stuck in 2-WAY state with neighbors R2 and R3. As a result R1 has an incomplete routing table. To troubleshoot the issue, the show and debug commands in the exhibit are entered on R1. Based on the output of these commands what is the most likely cause of this problem?

A. The hello timers on the segment between these routers do not match.
B. All the routers on the Ethernet segment have been configured with “ip ospf priority 0”
C. R1 can not form an adjacency with R2 or R3 because it does not have a matching authentication key.
D. The Ethernet 0/0 interfaces on these routers are missing the “ip ospf network broadcast” command.
E. The Ethernet 0/0 interfaces on R1 has been configured with the command, “ip ospf network non-broadcast”.

Correct Answer: B
Based on the following partial configuration shown, which statement is true?
interface FastEthernet0/1 switchport access vlan 100 switchport mode access dot1x port-control auto dot1x guest-vlan 10
A. vlan 10, the guest vlan is also known as the restricted vlan
B. client without an 802.1x supplicant connecting to port fa0/1 will be assigned to the vlan 10
C. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan
D. client connecting to port fa0/1 with an 802.1x supplicant but fails authentication will be assigned to the vlan 100
E. EAP over LAN frames will flow over VLAN 10

Correct Answer: B
Referring to the network diagram and the partial router’s configuration shown, which packet will be permitted by ACL 101?

A. Any TCP packets with the initial SYN or ACK bit set destined to a host on the subnet.
B. A HTTP packet with the SYN bit set destined to a host on the subnet.
C. A TFTP packet with the RST bit set destined to a host on the subnet.
D. An ICMP echo-reply packet destined to a host on the subnet
E. Any TCP packet with the ACK bit set destined to a host on the subnet.
F. Any TCP return traffic destined to a host on the subnet that matches a corresponding outgoing TCP connection in the router’s firewall state table.

Correct Answer: E
What is the function of the switch(config-if)# switchport port-security mac-address sticky comand?
A. allows the switch to restrict the MAC addresses on the switchport based on the static MAC addresses configured in the startup configuration.
B. allows the administrator to manually configured the secured MAC addresses on the switchport.
C. allows the switch to permanently store the secured MAC addresses in the MAC Address Table (CAM Table)
D. allows the switch to perform sticky learning where the dynamically learned MAC addresses are copied from the MAC Address Table (CAM Table) to the startup configuration.
E. allows the switch to dynamically learn the MAC addresses on the switchport and the MAC addresses will be added to the running configuration.

Correct Answer: E


Correct Answer:
Which statement below is true about the command “nat control” on the ASA?
A. It requires traffic originating from the inside interface to match a NAT translation rule to pass through the firewall on the outside interface.
B. It allows traffic originating from the inside interface to pass through the firewall on the outside interface without a NAT translation rule being matched.
C. It requires traffic passing through the firewall on interfaces of the security level to match a NAT translation rule.
D. It allows traffic originating from the outside interface to pass through the firewall on the inside interface without a NAT translation rule being matched.

Correct Answer: A
What is the most probable cause of the SSH debug messages?

A. Unsupported cipher
B. bad password
C. wrong user
D. SSH client not supported

Correct Answer: B QUESTION 67
What statement is true concerning PAT?
A. PAT keeps ports but rewrites address.
B. PAT provides access control.
C. PAT rewrites the source address and port.
D. PAT is the preferred method to map servers to external networks.

Correct Answer: C QUESTION 68
When configuring system state conditions with the Cisco Security Agent, what is the resulting action when configuring more than one system state condition?
A. Any matching state condition will result with the state being triggered.
B. Once a state condition is met, the system ceases searching further conditions and will cause the state condition to trigger.
C. All specified state conditions are used as part of the requirements to be met to for the state to trigger.
D. Once the state conditions are met, they become persistent and can only be removed using the Reset feature.

Correct Answer: C QUESTION 69
Which of the following is the correct diagram for an IPsec Authentication Header?
A. C

Correct Answer: A QUESTION 70
In the example shown, Host A has attempted a D-COM attack using metasploit form Host A to Host B. Which answer best describes how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose 3)

A. CS-MARS will collect the syslog and the IPS alerts based on time.
B. The IPS event will suggest that an attack may have occurred because a signature was triggered.
C. IPS and ASA will use the Unified Threat Management protocol to determine that both devices saw the attack.
D. ASA will see the attack in both directions and will be able to determine if an attack was successful.
E. The syslog connection built event will indicate that an attack is likely because a TCP syn and an ack followed the attempted attack.
Correct Answer: ABE
Drop A.


Correct Answer:
When implementing internet standards you are required to follow RFC’s processes and procedures based on what RFC?
A. RFC 1769 and mere publications.
B. Real standards of RFC 1918
C. RFC 1669 real standards and mere publications.
D. Real standards and mere publications RFC 1769
E. None of the above.

Correct Answer: E
Which two of followings are correct regarding the Cisco Trust Agent (CTA)? (Choose two.)
A. Available on Windows operating systems only.
B. Provides the capability at the endpoint to apply QoS markings to application network traffic as specified by Cisco Trust Agent policy rules.
C. Can communicate the Cisco Security Agent (CSA) version, OS and patch version, as well as the presence, version, and other posture information of third-party applications that are part of the NAC initiative to the Authentication Server.
D. Includes both a Layer 3 communication component using EAP over UDP, as well as an 802.1x supplicant, allowing layer 2 EAP over LAN communications.
E. Resides between the applications and the Operating System Kernel to prevent day zero attacks.

Correct Answer: CD
ASDM on the ASA platform is executed as:
A. An active-x application or a java script application.
B. A java script application and a PHP application
C. A fully compiled NET framework applicaton.
D. A fully operational Visual Basic applicaton.
E. A java applet running in the context of your browser or a stand alone application using the java run-time environment.

Correct Answer: E
With the Cisco’s IOS Authentication Proxy feature, users can initiate network access via which three protocols? (Choose three)
A. IPSec

Correct Answer: BDE

Cisco 350-018 Questions & Answers with explanations is all what you surely want to have before taking Cisco 350-018 exam.Cisco Cisco 350-018 Interactive Testing Engine is ready to help you to get your Cisco 350-018 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 350-018 certification passed and are in search of some best and useful material,Cisco 350-018 Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices study.