350-018 Exam
CCIE Pre-Qualification Test for Security
- Exam Number/Code : 350-018
- Exam Name : CCIE Pre-Qualification Test for Security
- Questions and Answers : 199 Q&As
- Update Time: 2010-07-26
- Price:
$ 119.00$ 99.00
Free 350-018 Demo Download
Test4pass offers free demo for CCIE 350-018 exam (CCIE Pre-Qualification Test for Security). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Exam Description
It is well known that 350-018 exam test is the hot exam of Cisco certification. Test4pass offer you all the Q&A of the 350-018 real test . It is the examination of the perfect combination and it will help you pass 350-018 exam at the first time!
Why choose Test4pass 350-018 braindumps
Quality and Value for the 350-018 Exam
100% Guarantee to Pass Your 350-018 Exam
Downloadable, Interactive 350-018 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
Cisco CCIE 350-018 exam braindumps questions and answers
¡¡
Exam : Cisco 350-018
Title : CCIE Security Qualification Exam
1. Which three of these statements describe how DNSSEC prevents DNS cache poisoning attacks from succeeding? (Choose three.)
A. DNSSEC encrypts all records with domain-specific keys.
B. DNSSEC eliminates caching and forces all answers to be authoritative.
C. DNSSEC introduces KEY records that hold domain-specific public keys.
D. DNSSEC deprecates CNAME records and replaces them with DS records.
E. DNSSEC utilizes DS records to establish a trusted hierarchy of zones.
F. DNSSEC signs all records with domain-specific keys.
Answer: CEF
2. Which two of the following commands are required to implement a Cisco Catalyst 6500 Series FWSM? (Choose two.)
A. firewall multiple-vlan-interfaces
B. firewall module x vlan-group y
C. module x secure-traffic
D. firewall vlan-group
E. firewall module x secure-traffic
Answer: BD
3. When using Cisco SDM to manage a Cisco IOS device, what configuration statements are necessary to be able to use Cisco SDM?
A. ip http server
B. ip http secure-server
C. ip http server
sdm location X.X.X.X
D. ip http secure-server
sdm location X.X.X.X
E. ip http server
ip http secure-server
Answer: A
4. What are two key characteristics of VTP? (Choose two.)
A. VTP messages are sent out all switch-switch connections.
B. VTP Layer 2 messages are communicated to neighbors using CDP.
C. VTP manages addition, deletion, and renaming of VLANs 1 to 4094.
D. VTP pruning restricts flooded traffic, increasing available bandwidth.
E. VTPv2 can only be used in a domain consisting of VTPv2-capable switches.
F. VTPv2 performs consistency checks on all sources of VLAN information.
Answer: DE
5. When designing the addressing scheme of the internal routers at a company, many security professionals choose to use RFC 1918 addresses. Which three of the following addresses are RFC 1918 addresses? (Choose three.)
A. 0.0.0.0/8
B. 10.0.0.0/8
C. 172.16.0.0/12
D. 172.16.0.0/16
E. 192.168.0.0/16
F. 192.168.0.0/24
Answer: BCE
6. When initiating a new SSL/TLS session, the client receives the server SSL certificate and validates it. What does the client use the certificate for after validating it?
A. The client and server use the key in the certificate to encrypt all data in the following SSL session.
B. The server creates a separate session key and sends it to the client. The client has to decrypt the session key using the server public key from the certificate.
C. The client creates a separate session key and encrypts it with the server public key from the certificate before sending it to the server.
D. Nothing, the client and server switch to symmetric encryption using IKE to exchange keys.
E. The client generates a random string, encrypts it with the server public key from the certificate, and sends it to the server. Both the client and server derive the session key from the random data sent by the client.
Answer: E
7. Which three of the following are attributes of the RADIUS protocol? (Choose three.)
A. encrypts the password
B. hashes the password
C. uses UDP as the transport
D. uses TCP as the transport
E. combines authentication and authorization in a single request
F. commonly used to implement command authorization
Answer: BCE
8. In regards to private address space, which three of the following statements are true? (Choose three.)
A. Private address space is defined in RFC 1918.
B. These IP addresses are considered private:
10.0.0.0
172.15.0.0
192.168.0.0
C. Private address space is not supposed to be routed over the Internet.
D. 127.0.0.1 is also considered part of private address space, according to the RFC.
E. Using only private address space and NAT to the Internet is not considered as secure as having a stateful firewall.
Answer: ACE
9. Refer to the shown network diagram and configuration. You are hosting a web server at 10.1.1.90, which is under a denial of service attack. Use NBAR to limit web traffic to that server at 200 kb/s. Which of the following configurations is correct to complete the NBAR configuration?
A.
B.
C.
D.
E.
Answer: D
10. Which two of the following statements describe why TACACS+ is more desirable from a security standpoint than RADIUS? (Choose two.)
A. It uses UDP as its transport.
B. It uses TCP as its transport.
C. It encrypts the password field with a unique key between server and requester.
D. Encrypting the whole data payload is optional.
E. Authentication and authorization are combined into a single query for robustness.
Answer: BD
11. If an administrator is unable to connect to a Cisco ASA or PIX security appliance via Cisco ASDM, which four of the following items should be checked? (Choose four.)
A. The HTTPS server is enabled.
B. The HTTP server is enabled.
C. The user IP address is permitted in the interface ACL.
D. The user IP address is permitted in the HTTP statement.
E. The ASDM file resides in flash memory.
F. The asdm image command exists in the configuration.
Answer: BDEF
12. Which two of the following statements are attributed to stateless filtering? (Choose two.)
A. The first TCP packet in a flow must be a SYN packet.
B. It must process every packet against the inbound ACL filter.
C. It can look at sequence numbers to validate packets in flow.
D. It must implement an idle timeout.
E. It can be used in asymmetrical traffic flows.
Answer: BE
13. A firewall administrator received this syslog message from his adaptive security appliance. What can the firewall administrator infer from the message?
A. The server at 209.165.201.10 is under a smurf attack.
B. The server at 10.1.1.20 is under a SYN attack.
C. The client at 209.165.201.10 has been infected with a virus.
D. The server at 10.1.1.20 is under a smurf attack.
Answer: B
14. How do TCP SYN attacks take advantage of TCP to prevent new connections from being established to a host under attack?
A. sending multiple FIN segments, forcing TCP connection release
B. filling up a host listen queue by failing to ACK partially opened TCP connections
C. taking advantage of the host transmit backoff algorithm by sending jam signals to the host
D. incrementing the ISN of each segment by a random number, causing constant TCP retransmissions
E. sending TCP RST segments in response to connection SYN+ACK segments, forcing SYN retransmissions
Answer: B
Click Online chat to talk with us , get more informations about Cisco CCIE 350-018 practice exam study guides questions and answers
Test4pass 350-018 Exam Features
Quality and Value for the 350-018 Exam
Test4pass Practice Exams for Cisco 350-018 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 350-018 Exam
If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCIE 350-018 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Cisco 350-018 Downloadable, Printable Exams (in PDF format)
Our Exam 350-018 Preparation Material provides you everything you will need to take your 350-018 Exam. The 350-018 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
350-018 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 350-018 Exam will provide you with free 350-018 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 350-018 Exam:100% Guarantee to Pass Your CCIE exam and get your CCIE Certification.
Test4pass 350-018 examTest4pass 350-018 pdf exam
Test4pass 350-018 braindumps
Test4pass 350-018 study guides
Test4pass 350-018 trainning materials
Test4pass 350-018 simulations
Test4pass 350-018 testing engine
Test4pass 350-018 vce
Test4pass 350-018 torrent
Test4pass 350-018 dumps
free download 350-018
Test4pass 350-018 practice exam
Test4pass 350-018 preparation files
Test4pass 350-018 questions
Test4pass 350-018 answers
http://www.test4pass.com/350-018-exam.html The safer.easier way to get CCIE Certification
.
My Shopping Cart
