350-018 - CCIE Security Written Exam

Go back to Cisco

Example Questions

Which two of the following provide protect against man-in-the-middle attacks? (Choose two.) What is the default username and password set for Cisco Security Device Manager (SDM)? Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network? error: % Invalid input detected at '^' marker. Above error is received when generating RSA keys for SSH access on a router using the crypto key generate rsa command. What are the reasons for this error? (Choose two.) Which of the following types of traffic is NOT subject to inspection in the 105 Firewall Feature Set? Which of the following is true with respect to active/active failover on the adaptive security appliance? Select the best response. Which IPv6 Interior Gateway Protocol (IGP) relies entirely on IPsec to secure communications between neighbors? Which of these communications mechanisms can be used between Cisco Security Device Manager (SDM) and a Cisco router in addition to HTTP or HTTPS to read and write the router configurations? To prevent a potential attack on a Cisco IOS router with the echo service enabled, what action should you take? The communication between Cisco Configuration Professional and a Cisco router is secured using which of these? Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering? Which multicast capability is not supported by the Cisco ASA appliance? An attacker configures an access point to broadcast the same SSID that is used at a public hot-spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker. In addition to the deauthentication attack, what attack has been launched? What is the main reason for using the ip ips deny-action ips-interface Cisco IOS command? Why would a Network Administrator want to use Certificate Revocation Lists (CRLs) in their IPSec implementations? Which three statements are true about the Cisco NAC Appliance solution? (Choose three.) What is Chain of Evidence in the context of security forensics? Routers running OSPF and sharing a common segment become neighbors on that segment. What statement regarding OSPF neighbors is FALSE? What would be the best reason for selecting L2TP as a tunnel protocol for a VPN Client? Which three of these are performed by both RADIUS and TACACS+ servers?(choose three) Which three statements are true regarding the EIGRP update message? (Choose three.) An attacker is attempting to Telnet a specific host secured behind a firewall rule that only allows inbound connections on TCP port 25. What aspect of RFC 791 (Internet Protocol) can the attacker exploit to perform this attack? Which would be the best method to deploy on a Cisco ASA to detect and prevent viruses and worms? The following is an example of an IPSec error message: IPSEC(validat_proposal): invalid local address ISAKMP (0:3): atts not acceptable. Next payload is 0 ISAKMP (0:3): SA not acceptable! What is the most common problem that this message can be attributed to? A security System Administrator is reviewing the network system log files. The administrator notes that: - Network log files are at 5 MB at 12:00 noon. - At 14:00 hours, the log files at 3 MB. What should the System Administrator assume has happened and what should they do? What new features were added to the PIX in version 7.0? (Choose 3) Which of the following statements is true regarding SSL? How can Netflow be used to help identify a day-zero scanning worm? Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports? What is the recommended network MACSec policy mode for high security deployments? What does qos pre-classify provides in regard to implementing QoS over GRE/IPSec VPN tunnels? What two things must you do on the router before generating an SSH key with the "crypto key generate rsa "IOS command ? Which of these statements best describes the advantage of using cisco secure desktop which is part of the cisco ASA VPN solution? Which of the following are valid choices for ESP cipher algorithms in a Cisco IOS IPsec transform set? Select 2 response(s). Which three of these situations warrant engagement of a Security Incident Response team? (Choose three.) When configuring a Cisco adaptive security appliance in multiple context mode, which one of these capabilities is supported? How are the username and password transmitted if a basic HTTP authentication is used? Which two statements are correct regarding the AES encryption algorithm? (Choose two.) Which IPS appliance signature engine inspects IPv6 Layer 3 traffic? Which two of the following can you configure an IPS sensor with three sniffing interfaces as? (Choose two.) If the result of an attack left an ARP table in the state below, what address would you suspect of launching the attack? Internet - 000c.5a35.3c77 ARPA FastEthernet0/0 Internet 0 00bc.d1f5.f769 ARPA FastEthernet0/0 Internet 0 00bc.d1f5.f769 ARPA FastEthernet0/0 Internet 3 00bc.d1f5.f769 ARPA FastEthernet0/0 Internet 0 00bc.d1f5.f769 ARPA FastEthernet0/0 What service SHOULD be enabled on ISO firewall devices? Which three packet types will be used by TACACS+ authentication? (Choose three.) Which IOS QoS mechanism is used strictly to rate limit traffic destined to the router itself? Event Store is a component of which IPS application? In IPSec, what encapsulation protocol only encrypts the data and not the IP header? When configuring a multipoint GRE tunnel interface, which one of the following is not a valid configuration option? Select the best response. Which algorithms did TKIP add to the 802.11 specification? (Choose 3) Which statement below is true about the command "nat control" on the ASA? What is the best way to mitigate Browser Helper Objects (BHO) from being installed on your system?

Study Guides