351-018 - CCIE Security Written Exam v4.0 (Beta)

Go back to Cisco

Example Questions

Which three types of information could be used during the incident response investigation phase? (Choose three.) Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment? How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet? When a Cisco IOS Router receives a TCP packet with a TTL value less than or equal to 1, what will it do? An attacker configures an access point to broadcast the same SSID that is used at a public hot- spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker. In addition to the deauthentication attack, what attack has been launched? Which two statements about an authoritative server in a DNS system are true? (Choose two.) Which two statements are true when comparing ESMTP and SMTP? (Choose two.) Which option is a desktop sharing application, used across a variety of platforms, with default TCP ports 5800/5801 and 5900/5901? Which of the following provides the features of route summarization, assignment of contiguous blocks of addresses, and combining routes for multiple classful networks into a single route? During a computer security forensic investigation, a laptop computer is retrieved that requires 35 content analysis and information retrieval. Which file system is on it, assuming it has the default installation of Microsoft Windows Vista operating system? Which three nonproprietary EAP methods do not require the use of a client-side certificate for mutual authentication? (Choose three.) Which layer of the OSI reference model typically deals with the physical addressing of interface cards? Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering? Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network? Which layer of the OSI model is referenced when utilizing http inspection on the Cisco ASA to filter Instant Messaging or Peer to Peer networks with the Modular Policy Framework?" Which of the following best describes Chain of Evidence in the context of security forensics? An exploit that involves connecting to a specific TCP port and gaining access to an administrative command prompt is an example of which type of attack? Which three statements are true about PIM-SM operations? (Choose three.) Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation? What term describes an access point which is detected by your wireless network, but is not a Which three statements about GDOI are true? (Choose three.) Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN configuration that only affect the local switch and are not propagated to other switches in the VTP domain? When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose three.) Which authentication mechanism is available to OSPFv3? Which two statements are correct regarding the AES encryption algorithm? (Choose two.) Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6? If a host receives a TCP packet with an SEQ number of 1234, an ACK number of 5678, and a length of 1000 bytes, what will it send in reply? What IP protocol number is used in the protocol field of an IPv4 header, when IPv4 is used to tunnel IPv6 packets? Which common Microsoft protocol allows Microsoft machine administration and operates over TCP port 3389? In an 802.11 WLAN, which option is the Layer 2 identifier of a basic service set, and also is typically the MAC address of the radio of the access point? Which two EIGRP packet types are considered to be unreliable packets? (Choose two.) Which option is a benefit of implementing RFC 2827? Which common FTP client command transmits a direct, byte-for-byte copy of a file? Which method of output queuing is supported on the Cisco ASA appliance? Which statement is true about the Cisco NEAT 802.1X feature? Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports? Which two of the following provide protect against man-in-the-middle attacks? (Choose two.) Which three statements about remotely triggered black hole filtering are true? (Choose three.) Which option correctly describes the security enhancement added for OSPFv3? Which Cisco ASA feature can be used to update non-compliant antivirus/antispyware definition files on an AnyConnect client? Which three statements about Cisco Flexible NetFlow are true? (Choose three.) Which three authentication methods does the Cisco IBNS Flexible Authentication feature support? (Choose three.) In the context of a botnet, what is true regarding a command and control server? Which traffic class is defined for non-business-relevant applications and receives any bandwidth that remains after QoS policies have been applied? Aggregate global IPv6 addresses begin with which bit pattern in the first 16-bit group? Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant are able to authenticate, but clients without the supplicant are not able to use web authentication. Which configuration option will correct this issue? Which option shows the correct sequence of the DHCP packets that are involved in IP address assignment between the DHCP client and the server? Which two IPv6 tunnel types support only point-to-point communication? (Choose two.) Which type of PVLAN ports can communicate among themselves and with the promiscuous port? Which of the following describes the DHCP "starvation" attack?