The Cisco certificates give you possibility to work in any country of the world because they are acknowledged in all countries equally. This 350-018 torrent certificate helps not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of 350-018 exams products under different conditions. The majority of companies in the sphere of information technologies require the presence of Cisco exam for the work in the company, and that makes obtaining this Cisco certificate necessary. Many IT specialists were not able to obtain the Cisco certificate from the first attempt, which was the result of poor preparation for the examination, using preparatory 350-018 study guide of poor quality.
350-018 Braindumps with Complete Answers, Purchase now!!!

Free Sample Printable PDF VCE Download: Click Me Free download:
The Cisco Certification leader among the providers of Cisco Braindumps preparatory materials is 350-018 products such as Cisco Braindumps, 350-018 Study Guides, 350-018 Tutorial, 350-018 pdf Exam Questions with Answers, 350-018 Trainings, 350-018 Online Course and free PDF. It obtained its leadership and trust of the users from the very beginning of its work on the 350-018 vce training materials market. All the 350-018 Cisco aids have been created by people who are personally familiar with 350-018 exams and who know all the difficulties and popular mistakes made by those who take a Cisco test. The entire material is logically composed in such a way that everything becomes easy to understand for anyone. Many Cisco 350-018 Braindumps guides include audio and video material. It is really easy to acquire 350-018 Cisco exams becausy of great variety of methods of payment.

Search Help For Free 350-018 dumps
Pass4sure p4s 350-018 Torrent
testking tk 350-018 test Questons and Answers(Q & As with Expert Explanations)
actualtest 350-018 real exams

Note:
The IPS sensor can be configured using CLI and managed through the IPS Device Manager.

Software Versions
• Cisco ISR Series running IOS Software Version 12.4T Advanced Enterprise Services
feature set is used on all routers
• Cisco Catalyst 3560 Series Switches running Cisco IOS Software Release 12.2(44)SE or
above
• Cisco ASA 5500 Series Adaptive Security Appliances OS Software Version 8.x
• Cisco IPS Software Release 6.1.x
• Cisco VPN Client Software for Windows, Release 5.x
• Cisco Secure ACS for Windows Version 4.1

CCIE Security Lab Blueprint v3.0

1.00 Implement secure networks using Cisco ASA Firewall
1.01 Perform basic firewall Initialization
1.02 Configure device management
1.03 Configure address translation (nat, global, static)
1.04 Configure ACLs
1.05 Configure IP routing
1.06 Configure object groups
1.07 Configure VLANs
1.08 Configure filtering
1.09 Configure failover
1.10 Configure Layer 2 Transparent Firewall
1.11 Configure security contexts (virtual firewall)
1.12 Configure Modular Policy Framework
1.13 Configure Application-Aware Inspection
1.14 Configure high availability solutions
1.15 Configure QoS policies
2.00 Implement secure networks using Cisco IOS Firewalls
2.1 Configure CBAC
2.2 Configure Zone-Based Firewall
2.3 Configure Audit
2.4 Configure Auth Proxy
2.5 Configure PAM
2.6 Configure access control
2.7 Configure performance tuning
2.8 Configure advanced IOS Firewall features
3.00 Implement secure networks using Cisco VPN solution
3.01 Configure IPsec LAN-to-LAN (IOS/ASA)
3.02 Configure SSL VPN (IOS/ASA)
3.03 Configure Dynamic Multipoint VPN (DMVPN)
3.04 Configure Group Encrypted Transport (GET) VPN
3.05 Configure Easy VPN (IOS/ASA)
3.06 Configure CA (PKI)
3.07 Configure Remote Access VPN
3.08 Configure Cisco Unity Client
3.09 Configure Clientless WebVPN
3.10 Configure AnyConnect VPN
3.11 Configure XAuth, Split-Tunnel, RRI, NAT-T
3.12 Configure High Availability
3.13 Configure QoS for VPN
3.14 Configure GRE, mGRE
3.15 Configure L2TP
3.16 Configure advanced Cisco VPN features
4.00 Configure Cisco IPS to mitigate network threats
4.01 Configure IPS 4200 Series Sensor Appliance
4.02 Initialize the Sensor Appliance
4.03 Configure Sensor Appliance management
4.04 Configure virtual Sensors on the Sensor Appliance
4.05 Configure security policies
4.06 Configure promiscuous and inline monitoring on the Sensor Appliance
4.07 Configure and tune signatures on the Sensor Appliance
4.08 Configure custom signatures on the Sensor Appliance
4.09 Configure blocking on the Sensor Appliance
4.10 Configure TCP resets on the Sensor Appliance
4.11 Configure rate limiting on the Sensor Appliance
4.12 Configure signature engines on the Sensor Appliance
4.13 Use IDM to configure the Sensor Appliance
4.14 Configure event action on the Sensor Appliance
4.15 Configure event monitoring on the Sensor Appliance
4.16 Configure advanced features on the Sensor Appliance
4.17 Configure and tune Cisco IOS IPS
4.18 Configure SPAN & RSPAN on Cisco switches
5.00 Implement Identity Management
5.1 Configure RADIUS and TACACS+ security protocols
5.2 Configure LDAP
5.3 Configure Cisco Secure ACS
5.4 Configure certificate-based authentication
5.5 Configure proxy authentication
5.6 Configure 802.1x
5.7 Configure advanced identity management features
5.8 Configure Cisco NAC Framework
6.00 Implement Control Plane and Management Plane Securit
6.01 Implement routing plane security features (protocol authentication, route filtering)
6.02 Configure Control Plane Policing
6.03 Configure CP protection and management protection
6.04 Configure broadcast control and switchport security
6.05 Configure additional CPU protection mechanisms (options drop, logging interval)
6.06 Disable unnecessary services
6.07 Control device access (Telnet, HTTP, SSH, Privilege levels)
6.08 Configure SNMP, Syslog, AAA, NTP
6.09 Configure service authentication (FTP, Telnet, HTTP, other)
6.11 Configure RADIUS and TACACS+ security protocols
6.12 Configure device management and security
7.00 Configure Advanced Security
7.01 Configure mitigation techniques to respond to network attacks
7.02 Configure packet marking techniques
7.03 Implement security RFCs (RFC1918/3330, RFC2827/3704)
7.04 Configure Black Hole and Sink Hole solutions
7.05 Configure RTBH filtering (Remote Triggered Black Hole)
7.06 Configure Traffic Filtering using Access-Lists
7.07 Configure IOS NAT
7.08 Configure TCP Intercept
7.09 Configure uRPF
7.10 Configure CAR
7.11 Configure NBAR
7.12 Configure NetFlow
7.13 Configure Anti-Spoofing solutions
7.14 Configure Policing
7.15 Capture and utilize packet captures
7.16 Configure Transit Traffic Control and Congestion Management
7.17 Configure Cisco Catalyst advanced security features
8.00 Identify and Mitigate Network Attacks
8.01 Identify and protect against fragmentation attacks
8.02 Identify and protect against malicious IP option usage
8.03 Identify and protect against network reconnaissance attacks
8.04 Identify and protect against IP spoofing attacks
8.05 Identify and protect against MAC spoofing attacks
8.06 Identify and protect against ARP spoofing attacks
8.07 Identify and protect against Denial of Service (DoS) attacks
8.08 Identify and protect against Distributed Denial of Service (DDoS) attacks
8.09 Identify and protect against Man-in-the-Middle (MiM) attacks
8.10 Identify and protect against port redirection attacks
8.11 Identify and protect against DHCP attacks
8.12 Identify and protect against DNS attacks
8.13 Identify and protect against Smurf attacks
8.14 Identify and protect against SYN attacks
8.15 Identify and protect against MAC Flooding attacks
8.16 Identify and protect against VLAN hoping attacks
8.17 Identify and protect against various Layer2 and Layer3 attacks

Pass4sure cisco ccie 350-018

CCIE Pre-Qualification Test for Security
Exam Number: 350-018 Exam
Associated Certifications: CCIE Pre-Qualification Test for Security
Duration: 220 Q&As
Available Language(s): English
Free 350-018 Exams’s PDF Download
Free Actualtests offers free demo for 350-018 PDF(CCIE Pre-Qualification Test for Security). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all CCIE Pre-Qualification Test for Security.

Recommended Training about 350-018 exam PDF
The following courses are the recommended training for 350-018 exam PDF.
350-018 Q & A with Explanations
350-018 Audio Exam
350-018 Study Guide
350-018 Preparation Lab
350-018 Exam Preparation from Actualtests with FULL explanations include:
Comprehensive questions with complete details
Detailed explanations of all the questions
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE.
Like actual certification exams our product is in multiple-choice questions (MCQs).
350-018 Exam: Actualtests’s CCIE Pre-Qualification Test for Security PDF
The CCIE Pre-Qualification Test for Security PDF for preparing for the 350-018 exam – Actualtests’s CCIE Pre-Qualification Test for Security. Actualtests is your premier source for practice tests, and true testing environment. Nothing will prepare you for your next exam like a Actualtests. You find it all here at ciscoexams.org.

QUESTION 1:
What IE is not mandatory in a Q.931 Service msg?
A. Bearer capability
B. Channel ID
C. Message Type
D. Change Status
E. Call Reference
Answer: A
QUESTION 2:
The purpose of Administrative Distance, as used by Cisco routers, is:
A. To choose between routes from different routing protocols when receiving
updates for the same network
B. To identify which routing protocol forwarded the update
C. To define the distance to the destination used in deciding the best path
D. To be used only for administrative purposes
Answer: A
QUESTION 3:
What is the maximum PMD value of a 100km fiber segment if the cable is specified
with 0.5ps/km ? (worst case)?
A. 0.005ps
B. .05ps
C. 5ps
D. 50ps
E. 500ps
Answer: C
QUESTION 4:
What is the equivalent of 50 GHz spacing in DWDM in terms of nm?
A. 1.6 nm
B. 0.8 nm
C. 0.4 nm
D. 0.2 nm

Actualtests.com – The Power of Knowing
Answer: C
QUESTION 5:
Exhibit:
Router CK1 has a 512K-access port into the frame relay cloud. Router CK2 has
128K-access port into the frame relay cloud. The two routers are connected with
symmetrical PVCs that are configured for 64K committed information rate (CIR).
What Frame Relay Traffic Shaping map-class sub-command should be entered on
Router A to prevent workstation A from overrunning the access port on Router B?
A. frame-relay traffic-rate 128000 512000
B. frame-relay traffic-rate 64000 512000
C. frame-relay traffic-rate 512000 64000
D. frame-relay traffic-rate 128000 64000
E. frame-relay traffic-rate 64000 128000
Answer: E
QUESTION 6:
If a host sends a TCP segment with the RST flag set, it means:
A. The receiver should send all data in the reassembly buffer to the application
receiving it immediately.
B. The receiver should reset the session.
C. Any routers between the source and destination hosts should reset the state of the
connection in their buffers.
D. The receiver should make certain its send buffer is pushed onto the wire.
Answer: B
QUESTION 7:
How many E1 channels can STM-1 frame transport?

Actualtests.com – The Power of Knowing
A. 7
B. 21
C. 63
D. 84
Answer: C
QUESTION 8:
BGP can implement a policy of ‘Route Dampening’ to control route instability.
What statement about route dampening is NOT correct?
A. A numeric penalty is applied to a route each time it flaps.
B. The penalty is exponentially decayed according to parameters, such as
half-life-time.
C. The history of unstable routes is forwarded back to the sender to control future
updates.
D. The route is eventually suppressed based on a configurable ’suppress limit’.
Answer: C
QUESTION 9:
MPLS traffic engineering data is carried by:
A. Opaque LSAs or IS-IS TLVs
B. BGP MEDs
C. RTP or RTCP packets
D. MBGP
Answer: A
QUESTION 10:
Exhibit:
350-020
Actualtests.com – The Power of Knowing
In the diagram, if a resilient packet ring (RPR) is built between ML-series cards,
____ restoration exists on the ring, while the redundant connections to the 7609 rely
on _____protection.
A. 50 ms, STP
B. STP, STP
C. STP, 1+1 APS
D. 50ms, 50ms
Answer: A

Free download?pass4sure CCIE 350-018
Free download?testking CCIE 350-018

“CCIE Pre-Qualification Test for Security”, also known as 350-018 exam, is a Cisco certification.
Preparing for the 350-018 exam? Searching 350-018 Test Questions, 350-018 Practice Exam, 350-018 Dumps?

Free 350-018 Demo Download
TestInside offers free demo for 350-018 exam ( CCIE Pre-Qualification Test for Security). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

171. Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an

attack can be stopped with which of the following Cisco products? A. ASA syn protection
B. ASA ICMP application inspection

C. CSA quarantine lists

D. IPS syn attack signatures

E. Cisco Guard

Answer: C

172. Considering the following ASA rule samples, which one will send HTTP data to the AIP-SSM module to evaluate and stop HTTP attacks?
A.

B.

C.

D.

Answer: B

173. What is the best way to mitigate Browser Helper Objects (BHO) from being installed on your system?

A. Disable BHOs in your browser’s preferences.

B. A BHO is certificate protected and therefore safe to install on your system. C. A BHO is not a security concern.
D. A BHO is easily protected using default anti-virus or IPS signatures. E. A BHO installation can be stopped using CSA rules.
Answer: E

174. Since HTTP is one of the most common protocols used in the internet, what should be done at a firewall level

to ensure that the protocol is being used correctly?

A. Ensure that a stateful firewall allows only HTTP traffic destined for valid web server IP addresses.

B. Ensure that a firewall has SYN flood and DDoS protection applied specifically for valid web servers.

C. Ensure that your firewall enforces HTTP protocol compliance to ensure that only valid flows are allowed in and out of your network.
D. Ensure that HTTP is always authenticated.

E. Ensure that your web server is in a different zone than your backend servers such as SQL and DNS. Answer: C

175. When implementing internet standards you are required to follow RFC’s processes and procedures based on what RFC?
A. RFC 1769 and mere publications

B. Real standards of RFC 1918

C. RFC 1669 real standards and mere publications

D. Real standards and mere publications RFC 1796

E. None of the above

Answer: E

176. Which RFCs are used to establish internet connectivity from a private office with the following requirements?
254 users

Only one IP address provided by your ISP

Your IP address is assigned dynamically.

The CPE from the ISP is pre-provisioned and working. You are expected to make changes on your router.
A. IP Network Address Translator (NAT): Defined in RFC 1631

B. IP Network Address Translator (NAT) Terminology and Considerations: Defined in RFC 2663

C. Network Address Translator (NAT) – Friendly Application Design Guidelines: Defined in RFC 3235

D. Address Allocation for Private Internets: Defined in RFC 1918

E. PPP and IPCP: Defined in RFC 1332

F. DHCP: Defined in RFC 2131

Answer: ADF

177. When implementing best practices for IP Source Address Spoofing and Defeating Denial of Service Attacks with IP Source Address Spoofing, what RFC is commonly used to protect your network?
A. RFC 1149

B. RFC 3704

C. RFC 1918

D. RFC 2827

Answer: D

178. Select the current RFCs that cover the following items:

A. RFC 2402

B. RFC 2403

C. RFC 2408

D. RFC 2409

E. RFC 2401

Answer: CDE

179. In ISO 27001 ISMS what are the main certification process phases required to collect information for ISO

27001?

A. Discover

B. Certification audit

C. Post-audit

D. Observation

E. Pre-audit

F. Major compliance

Answer: BCE

180. Taking into consideration the shown configuration, what kind of attack are we attempting to mitigate?

A. Smurf Attack

B. Code Red Worm

C. SQL Slammer Worm

D. MSQL and JavaScript attack

E. This is not valid configuration

Answer: C

181. When configuring the FWSM for multiple security context in which context do you allocate interfaces?

A. Context A

B. System context C. Admin context D. Both b and c Answer: B

182. Figure 1 represents 3 security contexts all sharing a common VLAN (500) – a single IP subnet corresponds to

that VLAN. This is equivalent to connecting three security appliances using an Ethernet switch. A property of the FWSM makes all interfaces across the entire module use only one global MAC address (’M’ in Figure 1). This is usually not a problem, until multiple contexts start sharing an interface. Which operational function within the FWSM hanldes this issue?

A. Packetizer B. Classifier C. Normalizer
D. Session Manager

Answer: B

183. When configuring an intrusion prevention sensor in promiscuous mode what type of malicious traffic can

NOT be stopped ?

A. Sweep reconnaissance (such as ICMP sweeps) B. Atomic attacks (single packet attacks)
C. Flood attacks

D. Teardrop attacks E. All of the above Answer: B

184. What is Chain of Evidence in the context of security forensics?

A. The concept that evidence is controlled in locked down, but not necessarily authenticated

B. The concept that evidence is controlled and accounted for as to not disrupt its authenticity and integrity

C. The concept that the general whereabouts of evidence is known

D. The concept that if a person has possession of evidence someone knows where the evidence is and can say who had it if it is not logged
Answer: B

185. CS-MARS works with which IOS feature to accomplish anomaly detection? A. IOS IPS
B. Autosecure

C. CSA

D. Netflow

E. IOS Network Foundation Protection (NFP) F. IOS Firewall
Answer: D

186. In the example shown, Host A has attempted a D-COM attack using metasploit from Host A to Host B. Which answer best describes how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose 3)

A. CS-MARS will collect the syslog and the IPS alerts based on time.

B. The IPS event will suggest that an attack may have occurred because a signature was triggered.

C. IPS and ASA will use the Unified Threat Management protocol to determine that both devices saw the attack.

D. ASA will see the attack in both directions and will be able to determine if an attack was successful.

E. The syslog connection built event will indicate that an attack is likely because a TCP syn and an ack followed

the attempted attack. Answer: ABE

187. Which statement below is true about the command “nat control” on the ASA?

A. It requires traffic originating from the inside interface to match a NAT translation rule to pass through the firewall on the outside interface.
B. It allows traffic originating from the inside interface to pass through the firewall on the outside interface without a NAT translation rule being matched.
C. It requires traffic passing through the firewall on interfaces of the same security level to match a NAT

translation rule.

D. It allows traffic originating from the outside interface to pass through the firewall on the inside interface without a NAT translation rule being matched.
Answer: A

188. The following is an example of an IPSec error message:

What is the most common problem that this messsage can be attributed to? A. Router is missing the crypto map map-name local-address command
B. Crypto access-lists are not mirrored on each side

C. This is only an informational message, ipsec session will still succeed D. Crypto map is applied to the wrong interface or is not applied at all Answer: D

189. Which of the following is true for RFC 4301 – Security Architecture for the Internet Protocol (obsoletes RFC

2401) – (Select two)

A. Specifies the Security Architecture for the Internet

B. Specifies the base architecture for Key Management, the Internet Key Exchange (IKE)

C. Specifies the base architecture for IPsec-compliant systems

D. Designed to provide security services for traffic at the IP layer, in the IPv4 environment only.

E. Designed to provide security services for traffic at the IP layer, in both the IPv4 and IPv6 environments. Answer: CE

190. Match the 802.1x term on the left to the proper description on the right

191. Match the characteristics on the left to the correct protocol on the right

192. Match the CS-MARS terminology on the left to the descriptions that match the terms on the right.

193. Match the IKE functions on the left to the proper features on the right.

194. Match the protocol numbers or port numbers on the left to the correct protocols on the right (some items on the left are distractors).

195. Match the characteristics on the left to the correct encryption ciphering techniques on the right.

196. Match the steps an attacker use to perform Server attacks by predicting the Server’s TCP Initial Sequence No.

(ISN)

197. Match the security attack or threat with the correct layer of the OSI model at which it occurs?

Free download?pass4sure ccie 350-018
Free download?testking ccie 350-018

A. 235.1.1.1
B. 223.20.1.1
C. 10.100.1.1
D. 127.0.0.1
E. 24.15.1.1
Answer: B, E Explanation:
When you create an internal network, we recommend you use one of the following address groups reserved by the Network Working Group (RFC 1918) for private network addressing:

Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255

Class D address start with the 1110 bit so the 223.20.1.1 is a legal class C address

Question: 2.
On an Ethernet LAN, a jam signal causes a collision to last long enough for all other nodes to recognize that:

A. A collision has occurred and all nodes should stop sending.
B. Part of a hash algorithm was computed, to determine the random amount of time the nodes should back off before retransmitting.
C. A signal was generated to help the network administrators isolate the fault domain between two Ethernet nodes.
D. A faulty transceiver is locked in the transmit state, causing it to violate CSMA/CD rules.
E. A high-rate of collisions was caused by a missing or faulty terminator on a coaxial Ethernet network.
Answer: A Explanation:
When a collision is detected the device will “transmit a jam signal” this will will inform all the devices on the network that there has been a collision and hence stop them initiating the
transmission of new data. This “jam signal” is a sequence of 32 bits that can have any value as
long as it does not equal the CRC value in the damaged frame’s FCS field. This jam signal is normally 32 1’s as this only leaves a 1 in 2^32 chance that the CRC is correct by chance. Because the CRC value is incorrect all devices listening on the network will detect that a collision has occurred and hence will not create further collisions by transmitting immediately. “Part of a hash algorithm was computed, to determine the random amount of time the nodes should back
off before retransmitting.” WOULD SEEM CORRECT BUT IT IS NOT After transmitting the jam signal the two nodes involved in the collision use an algorithm called the “truncated BEB
(truncated binary exponential back off)” to determine when they will next retransmit. The algorithm works as follows: Each device will wait a multiple of 51.2us (minimum time required for
signal to traverse network) before retransmitting. 51.2us is known as a “slot”. The device will wait wait a certain number of these time slots before attempting to retransmit. The number of time
slots is chosen from the set {0,…..,2^k-1} at random where k= number of collisions. This means k
is initialized to 1and hence on the first attempt k will be chosen at random from the set {0,1} then
on the second attempt the set will be {0,1,2,3} and so on. K will stay at the value 10 in the 11, 12,

TK

Exam Name: CCIE Pre-Qualification Test for Security
Exam Type: Cisco
Exam Code: 350-018 Total Questions: 743

13, 14, 15 and 16th attempt but on the 17th attempt the MAC unit stops trying to transmit and
reports an error to the layer above.

Question: 3.
Which statements about TACACS+ are true? (multiple answer)

A. If more than one TCACS+ server is configured and the first one does not respond within a given timeout period, the next TACACS+ server in the list will be contacted.
B. The TACACS+ server’s connection to the NAS encrypts the entire packet, if a key is used at both ends.
C. The TACACS+ server must use TCP for its connection to the NAS.
D. The TACACS+ server must use UDP for its connection to the NAS.
E. The TACACS+ server may be configured to use TCP of UDP for its connection to the NAS
Answer: A, B, C Explanation:
PIXFirewall permits the following TCP literal names: bgp, chargen, cmd,daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323,hostname, http, ident, irc, klogin, kshell, lpd, nntp,
pop2, pop3, pptp,rpc, smtp, sqlnet, sunrpc, TACACS, talk, telnet, time, uucp, whois, and www. To
specify a TACACS host, use the tacacs-server host globalconfiguration command. Use the no form of this command to delete thespecified name or address. timeout= (Optional) Specify a timeout value. This overrides the global timeout value set with the tacacs-server timeout
command for this serveronly. tacacs-server key To set the authentication encryption key used for
all TACACS+ communicationsbetween the access server and the TACACS+ daemon, use the tacacs-server keyglobal configuration command. Use the no form of this command to disable the key. key = Key used to set authentication and encryption. This key must match the key used on
the TACACS+ daemon.

Question: 4.
A Network Administrator is trying to configure IPSec with a remote system. When a tunnel is initiated from the remote end, the security associations (SAs) come up without errors. However, encrypted traffic is never send successfully between the two endpoints. What is a possible
cause?

A. NAT could be running between the two IPSec endpoints.
B. A mismatched transform set between the two IPSec endpoints.
C. There is a NAT overload running between the two IPSec endpoints. D. Mismatched IPSec proxy between the two IPSec endpoints.
Answer: C Explanation:
This configuration will not work with port address translation (PAT). Note: NAT is a one-to-one address translation, not to be confused with PAT, which is a many (inside the firewall)-to-one
translation. IPSec with PAT may not work properly because the outside tunnel endpoint device
cannot handle multiple tunnels from one IP address. You will need to contact your vendor to determine if the tunnel endpoint devices will work with PAT Question- What is PAT, or NAT overloading? Answer- PAT, or NAT overloading, is a feature of Cisco IOS NAT and can be used
to translate internal (inside local) private addresses to one or more outside (inside global—usually registered) IP addresses. Unique source port numbers on each translation are used to distinguish between the conversations. With NAT overload, a translation table entry containing full address and source port information is created.

Question: 5.

TK

Exam Name: CCIE Pre-Qualification Test for Security
Exam Type: Cisco
Exam Code: 350-018 Total Questions: 743

Which are the principles of a one way hash function? (Multiple answer)

A. A fixed length output is created from a variable length input by a hash function. B. A hash function cannot be random and the receiver cannot decode the hash.
C. A hash function is usually operated in an IPSec environment to provide a fingerprint for a packet.
D. A hash function must be easily decipherable by anyone who is listening to the exchange.
Answer: A, C Explanation:
Developers use a hash function on their code to compute a diges, which is also known as a one- way hash .The hash function securely compresses code of arbitrary length into a fixed-length
digest result.

Question: 6. Exhibit:

What is the expected behavior of IP traffic from the clients attached to the two Ethernet subnets?

A. Traffic between the Ethernet subnets on both routers will have to be decrypted. B. NAT will translate the traffic between the Ethernet subnets on both routers.
C. Traffic will successfully access the Internet, though it will have to be decrypted between the router’s Ethernet subnets.
D. Traffic will successfully access the Internet fully encrypted.
E. Traffic bound for the Internet will not be routed because the source IP addresses are private.
Answer: C Explanation:
NOT ENOUGH OF THE ESHIBIT TO MAKE A REAL CHOICE. THE ESHIBIT IS ONE OF IPSEC TAKE YOUR BEST SHOT.

Question: 7.
A ping of death is when:

TK

Exam Name: CCIE Pre-Qualification Test for Security
Exam Type: Cisco
Exam Code: 350-018 Total Questions: 743

A. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the
“type”field in the ICMP header is set to 18 (Address Mask Reply).
B. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last
Fragment bit is set, and (IP offset ‘ + (IP data length) >65535. In other words, the IP offset
(which represents the starting position of this fragment in the original packet, and which is in 8- byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
C. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the
source equal to destination address.
D. The IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).
Answer: B Explanation:
“A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offest where (IP offset *8) + (IP data length)>65535. This means that when the packet is
reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine’s
OS (becouse the buffer sizes are defined only to accomodate the maximum allowed size of the packet based on RFC 791)…IDS can generally recongize such attacks by looking for packet fragments that have the IP header’s protocol field set to 1 (ICMP), the last bit set, and (IP offset
*8) +(IP data length)>65535″ CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 “Ping of Death” attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being data. Ping of Death attacks can cause crashing, freezing, and rebooting.

Question: 8.
Why would a Network Administrator want to use Certificate Revocation Lists (CRLs) in their
IPSec implementations?

A. They allow the ability to do “on the fly” authentication of revoked certificates.
B. They help to keep a record of valid certificates that have been issued in their network.
C. They allow them to deny devices with certain certificates from being authenticated to their network.
D. Wildcard keys are much more efficient and secure. CRLs should only be used as a last resort.
Answer: C Explanation:
A method of certificate revocation. A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPSec peers on a regular periodic
basis (for example, hourly, daily, or weekly). Each revoked certificate is identified in a CRL by its
certificate serial number. When a participating peer device uses a certificate, that system not only checks the certificate signature and validity but also acquires a most recently issued CRL and checks that the certificate serial number is not on that CRL.

Question: 9.
A SYN flood attack is when:

A. A target machine is flooded with TCP connection requests with randomized source address &
ports for the TCP ports.
B. A target machine is sent a TCP SYN packet (a connection initiation), giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.
Exam 350-018 Cisco CCIE Security Track

Number of questions: 100

Duration: 2 hours

Cost: $315

Exam Topics Include:

1. General Networking, including TCP/IP and the OSI model

2. Security Protocols, Ciphers and Hash Algorithms

3. Application Protocols

4. Security Technologies

5. Cisco Security Appliances and Applications

6. Cisco Security Management

7. General Cisco Security and Features

8. Security Solutions

9. General Security, including common attacks and exploits and security policy issues

Cisco revised the 350-018 exam in 2004. The Security 2.0 written exam reflects new advances in how enterprise customers create highly secure networks. The Security 2.0 written exam (350-018) will emphasize more on new Cisco products and services including:

Interactive Testing Engine Included!
736 Questions
Updated : 08/15/2008
Price : $87.99 $79.99
Free download?testking CCIE 350-018

Free download?pass4sure CCIE 350-018

Download CCIE Security Exam Quick Reference Sheets 2007 part1
Download CCIE Security Exam Quick Reference Sheets 2007 part2
Download CCIE Security Exam Quick Reference Sheets 2007 part3