Cisco CODE: 350-018 Exam Name: Cisco CCIE Security written (Version 4.0)
http://www.testsexpert.com/350-018.html
Type
Microsoft
1
IBM
Demo
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Question: 1 Which two of these Cisco Catalyst security features offer the best ways to prevent ARP cache poisoning? (Choose two.) A. Dynamic ARP Inspection B. port security C. MAC address notification D. DHCP snooping E. PortFast F. 802.1x authentication
Answer: A,D
Question: 2 Which one of the following is not a valid RADIUS packet type? A. access-reject B. access-response C. access-challenge D. access-reply E. access-accept
Answer: B
Question: 3 Which two of these statements about SMTP and ESMTP are the most correct? (Choose two.) A. Open mail relays are often used for spamming. B. ESMTP does not provide more security features than SMTP. C. SMTP provides authenticated e-mail sending. D. Worms often spread via SMTP.
Microsoft
2
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Answer: A,D
Question: 4 Refer to the exhibit.
Which three of the following statements are correct? (Choose three.) A. The exhibit shows an example of a NAC Framework network. B. The exhibit shows an example of a NAC Appliance network. C. The network utilizes in-band admission control. D. The network utilizes out-of-band admission control. E. Cisco NAC Appliance Agent is used to verify end-user PC compliance with the security policy F. Cisco Trust Agent is used to verify end-user PC compliance with the security policy.
Answer: B,D,E Microsoft
3
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Question: 5 Referring to the partial debug output shown in the exhibit, which of these values is contained inside the brackets [4] in line 1? A. RADIUS identifier field value B. RADIUS attribute type value C. RADIUS VSA number D. RADIUS VSA length E. vendor ID F. Company
Answer: B
Question: 6 What is the net effect of using ICMP type 4 messages to attack RFC 1122-compliant hosts? A. Hosts will perform a soft TCP reset and restart the connection. B. Hosts will perform a hard TCP reset and tear down the connection. C. Hosts will reduce the rate at which they inject traffic into the network. D. Hosts will redirect packets to the IP address indicated in the ICMP type 4 messages. E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message.
Answer: C
Question: 7 Refer to the exhibit.
Microsoft
4
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Switch SW2 has just been added to Fa0/23 on SW1. After a few seconds, interface Fa0/23 on SW1 is placed in the error-disabled state. SW2 is removed from port 0/23 and inserted into SW1 port Fa0/22 with the same result. What is the most likely cause of this problem? A. The spanning-tree PortFast feature has been configured on SW1. B. BPDU filtering has been enabled either globally or on the interfaces of SW1. C. The BPDU guard feature has been enabled on the Fast Ethernet interfaces of SW1. D. The Fast Ethernet interfaces of SW1 are unable to autonegotiate speed and duplex with SW2. E. PAgP is unable to correctly negotiate VLAN trunk characteristics on the link between SWI and SW2.
Answer: C
Question: 8 ASDM on the Cisco ASA adaptive security appliance platform is executed as which of the following? A. an ActiveX application or a JavaScript application B. a JavaScript application and a PHP application C. a fully compiled .Net Framework application D. a fully operational Visual Basic application E. a Java applet or a standalone application using the Java Runtime Environment
Microsoft
5
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Answer: E
Question: 9 After the client opens the command channel (port 21) to the FTP server and requests passive mode, what will be the next step? A. The FTP server sends back an ACK to the client. B. The FTP server allocates a port to use for the data channel and transmits that port number to the client. C. The FTP server opens the data channel to the client using the port number indicated by the client. D. The FTP client opens the data channel to the FTP server on port 20. E. The FTP client opens the data channel to the FTP server on port 21.
Answer: B
Question: 10 In ISO 27001 ISMS, which three of these certification process phases are required to collect information for ISO 27001? (Choose three.) A. discover B. certification audit C. post-audit D. observation E. pre-audit F. major compliance
Answer: B,C,E
Question: 11 How do TCP SYN attacks take advantage of TCP to prevent new connections from being established to a host under attack?
Microsoft
6
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
A. sending multiple FIN segments, forcing TCP connection release B. filling up a host listen queue by failing to ACK partially opened TCP connections C. taking advantage of the host transmit backoff algorithm by sending jam signals to the host D. incrementing the ISN of each segment by a random number, causing constant TCP retransmissions E. sending TCP RST segments in response to connection SYN+ACK segments, forcing SYN retransmissions
Answer: B
Question: 12 For a router to obtain a certificate from a CA, what is the first step of the certificate enrollment process? A. The router generates a certificate request and forwards it to the CA. B. The router generates an RSA key pair. C. The router sends its public key to the CA. D. The CA sends its public key to the router. E. The CA verifies the identity of the router. F. The CA generates a certificate request and forwards it to the router.
Answer: B
Question: 13 When a failover takes place on an adaptive security appliance configured for failover, all active connections are dropped and clients must reestablish their connections, unless the adaptive security appliance is configured in which two of the following ways? (Choose two.) A. active/stand by failover B. active/active failover C. active/active failover and a state failover link has been configured D. active/standby failover and a state failover link has been configured E. to use a serial cable as the failover link F. LAN-based failover
Microsoft
7
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Answer: C,D
Question: 14 Which of these best represents a typical attack that takes advantage of RFC 792, ICMP type 3 messages? A. blind connection-reset B. large packet echo request C. packet fragmentation offset D. broadcast-based echo request E. excessive bandwidth consumption
Answer: A
Question: 15 Which of these statements best describes the advantage of using Cisco Secure Desktop, which is part of the Cisco ASA VPN solution? A. Cisco Secure Desktop creates a separate computing environment that is deleted when you finish, ensuring that no confidential data is left on the shared or public computer. B. Cisco Secure Desktop is used to protect access to your registry and system files when browsing to SSL VPN protected pages. C. Cisco Secure Desktop ensures that an SSL protected password cannot be exploited by a manin-the-middle attack using a spoofed certificate D. Cisco Secure Desktop hardens the operating system of the machines you are using at the time it is launched.
Answer: A
Question: 16 In the example shown, Host A has attempted a DCOM attack using Metasploit from Host A to Host B. Which three statements best describe how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose three.)
Microsoft
8
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
A. Cisco Security MARS will collect the syslog and the IPS alerts based on time. B. The IPS event will suggest that an attack may have occurred because a signature was triggered. C. IPS and Cisco ASA adaptive security appliance will use the Unified Threat Management protocol to determine that both devices saw the attack D. Cisco ASA adaptive security appliance will see the attack in both directions and will be able to determine if an attack was successful. E. The syslog event will indicate that an attack is likely because a TCP SYN and an ACK followed the attempted attack.
Answer: A,B,E
Question: 17 When using Cisco Easy VPN Remote (hardware client deployment) in the client-mode setup, all of the following statements are correct except which one? A. Perform split tunneling on the Cisco Easy VPN Remote device. B. Initiate a connection from a network behind the Cisco Easy VPN Server to the network behind the Cisco Easy VPN Remote client. C. Set the Cisco Easy VPN Remote to allow an administrator or user to manually initiate a connection. D. Set the Cisco Easy VPN Remote to automatically connect to the Cisco Easy VPN Server.
Answer: B
Question: 18 Which method is used by Cisco Security Agent to get user state information from the operating
Microsoft
9
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
system? A. secure SSL using HTTPS session B. application (Layer 7)-based (Cisco proprietary) encryption C. NetBIOS socket on TCP port 137-139 and UDP port 137-139 D. Win32 application binary interface (ABI) E. Win32 application programming interface (API)
Answer: E
Question: 19 Which two of these commands are required to implement a Cisco Catalyst 6500 Series Firewall Services Module (FWSM) in a Catalyst 6500 running Cisco IOS? (Choose two.) A. firewall multiple-vlan-interfaces B. firewall module vlan-group C. module secure-traffic D. firewall vlan-group <vlan-x> E. firewall module secure-traffic
Answer: B,D
Question: 20 Cisco ASA 5500 Series Adaptive Security Appliance application layer protocol inspection is implemented using which of these? A. Protocol Header Definition File (PHDF) B. Cisco Modular Policy Framework C. Reverse Path Forwarding (RPF) D. NetFlow version 9 E. Traffic Classification Definition File (TCDF)
Answer: B Microsoft
10
IBM
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec
Cisco CODE: 350-018 Exam Name: Cisco CCIE Security written (Version 4.0)
http://www.testsexpert.com/350-018.html Microsoft
Cisco
IBM
MCTS 70-337
CCNA 640-802 640-822 640-816 640-460
MBS 98-361 70-332
CCNP 642-832 642-813 642-825 642-845
000-G01 000-M44
MCAS 77-602
CCSP 642-627 642-637 642-647 642-545
000-444 000-910
MCSE 70-282
CCIE 350-001 350-018 350-029 350-060
COG-105 COG-185
MCSA 2003 70-461 70-620
DATA CENTER 642-972 642-973 642-974 642-975
70-336 70-462
MB3-861
77-601 77-604 70-281 70-284 70-680
70-463
MB3-862
77-605 70-285
70-291
Microsoft
11
IBM
IBM Lotus
000-M42 000-M60
000-M41 000-M62
IBM Mastery
000-M43 000-M45
Solutions Expert
000-640 000-913
IBM Cognos
COG-180 COG-200
IBM Specialist
000-005 000-032
000-015 000-042
HP
Other
AIS
70-323 9L0-063 9L0-010 9L0-517 HP2-E53 70-321 650-179 1Y0-A20 00M-646 MB2-876 646-206 9L0-314 MB6-884 220-701 650-196 3305 MB6-871 HP2-Z22 9L0-407 9A0-146 HP2-H23 000-184 1Z0-527 HP2-B91 000-781 M70-201 M70-101 7004 HP3-X11 HP3-X08
HP0-311
HP0-M28
HP0-A25
HP0-M30
APC
HP0-D11 HP0-S29
HP0-J37 HP0-P14
MASE HP0-J33 HP0-M48 HP0-M49 HP0-M50 ASE
HP0-066 HP0-781
HP0-082 HP0-782
CSE
HP0-090 HP0-277
HP0-276 HP0-760
HP Cisco Oracle Instant download after purchase
http://www.testsexpert.com/350-018.html
Symantec