351-018 - CCIE Security Written Exam v4.0 (Beta)
Go back to Cisco
Which three types of information could be used during the incident response investigation phase? (Choose three.)
Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment?
SSL Record Protocol
How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?
It is included as DHCP Option 50 in the OPTIONS field.
When a Cisco IOS Router receives a TCP packet with a TTL value less than or equal to 1, what will it do?
Drop the packet and reply with an ICMP Type 11, Code 0 (Time Exceeded, Hop Count Exceeded)
An attacker configures an access point to broadcast the same SSID that is used at a public hot- spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker. In addition to the deauthentication attack, what attack has been launched?
Which two statements about an authoritative server in a DNS system are true? (Choose two.)
It indicates that it is authoritative for a name by setting the AA bit in responses.
It has a ratio of at least one authoritative name server per domain.
Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.
ESMTP servers can identify the maximum email size they can receive by using the SIZE command.
Which option is a desktop sharing application, used across a variety of platforms, with default TCP ports 5800/5801 and 5900/5901?
Which of the following provides the features of route summarization, assignment of contiguous blocks of addresses, and combining routes for multiple classful networks into a single route?
classless interdomain routing
During a computer security forensic investigation, a laptop computer is retrieved that requires 35 content analysis and information retrieval. Which file system is on it, assuming it has the default installation of Microsoft Windows Vista operating system?
Which three nonproprietary EAP methods do not require the use of a client-side certificate for mutual authentication? (Choose three.)
Which layer of the OSI reference model typically deals with the physical addressing of interface cards?
Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?
DNS inspection and DNS snooping
Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?
EAP over LAN
Which layer of the OSI model is referenced when utilizing http inspection on the Cisco ASA to filter Instant Messaging or Peer to Peer networks with the Modular Policy Framework?"
Which of the following best describes Chain of Evidence in the context of security forensics?
Evidence is controlled and accounted for to maintain its authenticity and integrity.
An exploit that involves connecting to a specific TCP port and gaining access to an administrative command prompt is an example of which type of attack?
Which three statements are true about PIM-SM operations? (Choose three.)
PIM-SM supports RP configuration using static RP, Auto-RP, or BSR.
Different RPs can be configured for different multicast groups to increase RP scalability.
Candidate RPs and RP mapping agents are configured to enable Auto-RP.
Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation?
What term describes an access point which is detected by your wireless network, but is not a
Which three statements about GDOI are true? (Choose three.)
The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange.
The KEK protects the GROUPKEY_PUSH message.
The TEK is used to encrypt and decrypt data traffic.
Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN configuration that only affect the local switch and are not propagated to other switches in the VTP domain?
When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose three.)
a message integrity check
avoidance of weak Initialization vectors
a rekeying mechanism
Which authentication mechanism is available to OSPFv3?
Which two statements are correct regarding the AES encryption algorithm? (Choose two.)
It is a FIPS-approved symmetric block cipher.
It supports a cipher key size of 128, 192, or 256 bits.
Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?
! ipv6 access-list test deny ipv6 FF05::/16 any deny ipv6 any FF05::/16 ! output omitted permit ipv6 any any !
If a host receives a TCP packet with an SEQ number of 1234, an ACK number of 5678, and a length of 1000 bytes, what will it send in reply?
a TCP packet with SEQ number: 5678, and ACK number 2234
What IP protocol number is used in the protocol field of an IPv4 header, when IPv4 is used to tunnel IPv6 packets?
Which common Microsoft protocol allows Microsoft machine administration and operates over TCP port 3389?
remote desktop protocol
In an 802.11 WLAN, which option is the Layer 2 identifier of a basic service set, and also is typically the MAC address of the radio of the access point?
Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)
Which option is a benefit of implementing RFC 2827?
defeats DoS attacks which employ IP source address spoofing
Which common FTP client command transmits a direct, byte-for-byte copy of a file?
Which method of output queuing is supported on the Cisco ASA appliance?
Which statement is true about the Cisco NEAT 802.1X feature?
It allows a Cisco Catalyst switch to act as a supplicant to another Cisco Catalyst authenticator switch.
Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?
Which two of the following provide protect against man-in-the-middle attacks? (Choose two.)
Secure Sockets Layer
Which three statements about remotely triggered black hole filtering are true? (Choose three.)
It filters undesirable traffic.
It provides a rapid-response technique that can be used in handling security-related events and incidents.
It requires uRPF.
Which option correctly describes the security enhancement added for OSPFv3?
Both the AuType and Authentication fields are removed from the OSPF header in OSPFv3, since now it relies on the IPv6 Authentication Header (AH) and IPv6 Encapsulating Security Payload (ESP) to provide integrity, authentication, and/or confidentiality.?
Which Cisco ASA feature can be used to update non-compliant antivirus/antispyware definition files on an AnyConnect client?
dynamic access policies with Host Scan and advanced endpoint assessment
Which three statements about Cisco Flexible NetFlow are true? (Choose three.)
It supports IPv4 and IPv6 packet fields.
It tracks all fields of an IPv4 header as well as sections of the data payload.
It can be a useful tool in monitoring the network for attacks.
Which three authentication methods does the Cisco IBNS Flexible Authentication feature support? (Choose three.)
In the context of a botnet, what is true regarding a command and control server?
It can launch an attack using IRC or Twitter.
Which traffic class is defined for non-business-relevant applications and receives any bandwidth that remains after QoS policies have been applied?
Aggregate global IPv6 addresses begin with which bit pattern in the first 16-bit group?
Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant are able to authenticate, but clients without the supplicant are not able to use web authentication. Which configuration option will correct this issue?
switch(config)# ip http server
Which option shows the correct sequence of the DHCP packets that are involved in IP address assignment between the DHCP client and the server?
DISCOVER, OFFER, REQUEST, ACK
Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)
Which type of PVLAN ports can communicate among themselves and with the promiscuous port?
Which of the following describes the DHCP "starvation" attack?
Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.