New Updated Cisco CCIE Security 350-018 Real Exam Download 311-320



Which transport mechanism is used between a RADIUS authenticator and a RADIUS

authentication server?


A.      UDP, with only the password in the Access-Request packet encrypted

B.      UDP, with the whole packet body encrypted

C.      TCP, with only the password in the Access-Request packet encrypted

D.      EAPOL, with TLS encrypting the entire packet

E.       UDP RADIUS encapsulated in the EAP mode enforced by the authentication server.


Correct Answer: A




Which three statements about the TACACS protocol are correct? (Choose three.)


A.      TACACS+ is an IETF standard protocol.

B.      TACACS+ uses TCP port 47 by default.

C.      TACACS+ is considered to be more secure than the RADIUS protocol.

D.      TACACS+ can support authorization and accounting while having another separate

authentication solution.

E.       TACACS+ only encrypts the password of the user for security.

F.       TACACS+ supports per-user or per-group for authorization of router commands.


Correct Answer: CDF




Which three EAP methods require a server-side certificate? (Choose three.)


A.      PEAP with MS-CHAPv2

B.      EAP-TLS

C.      EAP-FAST

D.      EAP-TTLS

E.       EAP-GTP


Correct Answer: ABD




Which statement is true about EAP-FAST?


A.      It supports Windows single sign-on.

B.      It is a proprietary protocol.

C.      It requires a certificate only on the server side.

D.      It does not support an LDAP database.


Correct Answer: A




Which four attributes are identified in an X.509v3 basic certificate field? (Choose four.)


A.      key usage

B.      certificate serial number

C.      issuer

D.      subject name

E.       signature algorithm identifier

F.       CRL distribution points

G.      subject alt name


Correct Answer: BCDE




What is the purpose of the OCSP protocol?


A.      checks the revocation status of a digital certificate

B.      submits a certificate signing request

C.      verifies a signature of a digital certificate

D.      protects a digital certificate with its private key


Correct Answer: A




What are two reasons for a certificate to appear in a CRL? (Choose two.)


A.      CA key compromise

B.      cessation of operation

C.      validity expiration

D.      key length incompatibility

E.       certification path invalidity


Correct Answer: AB




Which transport method is used by the IEEE 802.1X protocol?


A.      EAPOL frames

B.      802.3 frames

C.      UDP RADIUS datagrams

D.      PPPoE frames


Correct Answer: A




Which encryption mechanism is used in WEP?


A.      RC4

B.      RC5

C.      DES

D.      AES


Correct Answer: A




Which three statements about Security Group Tag Exchange Protocol are true? (Choose three.)


A.      SXP runs on UDP port 64999.

B.      A connection is established between a “listener” and a “speaker.”

C.      It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform SGT tagging at Layer 2 to devices that support it.

D.      SXP is supported across multiple hops.

E.       SXPv2 introduces connection security via TLS.


Correct Answer: BCD


Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.