Testinside CCIE 350-018
Exam Number/Code: 350-018
Exam Name: CCIE Pre-Qualification Test for Security
Questions and Answers: 177 Q&As
Price: $120.00
Update Time: 2008-5-22
“CCIE Pre-Qualification Test for Security”, also known as 350-018 exam, is a Cisco certification.
Preparing for the 350-018 exam? Searching 350-018 Test Questions, 350-018 Practice Exam, 350-018 Dumps?
Free 350-018 Demo Download
TestInside offers free demo for 350-018 exam ( CCIE Pre-Qualification Test for Security). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
171. Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an
attack can be stopped with which of the following Cisco products? A. ASA syn protection
B. ASA ICMP application inspection
C. CSA quarantine lists
D. IPS syn attack signatures
E. Cisco Guard
Answer: C
172. Considering the following ASA rule samples, which one will send HTTP data to the AIP-SSM module to evaluate and stop HTTP attacks?
A.
B.
C.
D.
Answer: B
173. What is the best way to mitigate Browser Helper Objects (BHO) from being installed on your system?
A. Disable BHOs in your browser’s preferences.
B. A BHO is certificate protected and therefore safe to install on your system. C. A BHO is not a security concern.
D. A BHO is easily protected using default anti-virus or IPS signatures. E. A BHO installation can be stopped using CSA rules.
Answer: E
174. Since HTTP is one of the most common protocols used in the internet, what should be done at a firewall level
to ensure that the protocol is being used correctly?
A. Ensure that a stateful firewall allows only HTTP traffic destined for valid web server IP addresses.
B. Ensure that a firewall has SYN flood and DDoS protection applied specifically for valid web servers.
C. Ensure that your firewall enforces HTTP protocol compliance to ensure that only valid flows are allowed in and out of your network.
D. Ensure that HTTP is always authenticated.
E. Ensure that your web server is in a different zone than your backend servers such as SQL and DNS. Answer: C
175. When implementing internet standards you are required to follow RFC’s processes and procedures based on what RFC?
A. RFC 1769 and mere publications
B. Real standards of RFC 1918
C. RFC 1669 real standards and mere publications
D. Real standards and mere publications RFC 1796
E. None of the above
Answer: E
176. Which RFCs are used to establish internet connectivity from a private office with the following requirements?
254 users
Only one IP address provided by your ISP
Your IP address is assigned dynamically.
The CPE from the ISP is pre-provisioned and working. You are expected to make changes on your router.
A. IP Network Address Translator (NAT): Defined in RFC 1631
B. IP Network Address Translator (NAT) Terminology and Considerations: Defined in RFC 2663
C. Network Address Translator (NAT) – Friendly Application Design Guidelines: Defined in RFC 3235
D. Address Allocation for Private Internets: Defined in RFC 1918
E. PPP and IPCP: Defined in RFC 1332
F. DHCP: Defined in RFC 2131
Answer: ADF
177. When implementing best practices for IP Source Address Spoofing and Defeating Denial of Service Attacks with IP Source Address Spoofing, what RFC is commonly used to protect your network?
A. RFC 1149
B. RFC 3704
C. RFC 1918
D. RFC 2827
Answer: D
178. Select the current RFCs that cover the following items:
A. RFC 2402
B. RFC 2403
C. RFC 2408
D. RFC 2409
E. RFC 2401
Answer: CDE
179. In ISO 27001 ISMS what are the main certification process phases required to collect information for ISO
27001?
A. Discover
B. Certification audit
C. Post-audit
D. Observation
E. Pre-audit
F. Major compliance
Answer: BCE
180. Taking into consideration the shown configuration, what kind of attack are we attempting to mitigate?
A. Smurf Attack
B. Code Red Worm
C. SQL Slammer Worm
D. MSQL and JavaScript attack
E. This is not valid configuration
Answer: C
181. When configuring the FWSM for multiple security context in which context do you allocate interfaces?
A. Context A
B. System context C. Admin context D. Both b and c Answer: B
182. Figure 1 represents 3 security contexts all sharing a common VLAN (500) – a single IP subnet corresponds to
that VLAN. This is equivalent to connecting three security appliances using an Ethernet switch. A property of the FWSM makes all interfaces across the entire module use only one global MAC address (’M’ in Figure 1). This is usually not a problem, until multiple contexts start sharing an interface. Which operational function within the FWSM hanldes this issue?
A. Packetizer B. Classifier C. Normalizer
D. Session Manager
Answer: B
183. When configuring an intrusion prevention sensor in promiscuous mode what type of malicious traffic can
NOT be stopped ?
A. Sweep reconnaissance (such as ICMP sweeps) B. Atomic attacks (single packet attacks)
C. Flood attacks
D. Teardrop attacks E. All of the above Answer: B
184. What is Chain of Evidence in the context of security forensics?
A. The concept that evidence is controlled in locked down, but not necessarily authenticated
B. The concept that evidence is controlled and accounted for as to not disrupt its authenticity and integrity
C. The concept that the general whereabouts of evidence is known
D. The concept that if a person has possession of evidence someone knows where the evidence is and can say who had it if it is not logged
Answer: B
185. CS-MARS works with which IOS feature to accomplish anomaly detection? A. IOS IPS
B. Autosecure
C. CSA
D. Netflow
E. IOS Network Foundation Protection (NFP) F. IOS Firewall
Answer: D
186. In the example shown, Host A has attempted a D-COM attack using metasploit from Host A to Host B. Which answer best describes how event logs and IPS alerts can be used in conjunction with each other to determine if the attack was successful? (Choose 3)
A. CS-MARS will collect the syslog and the IPS alerts based on time.
B. The IPS event will suggest that an attack may have occurred because a signature was triggered.
C. IPS and ASA will use the Unified Threat Management protocol to determine that both devices saw the attack.
D. ASA will see the attack in both directions and will be able to determine if an attack was successful.
E. The syslog connection built event will indicate that an attack is likely because a TCP syn and an ack followed
the attempted attack. Answer: ABE
187. Which statement below is true about the command “nat control” on the ASA?
A. It requires traffic originating from the inside interface to match a NAT translation rule to pass through the firewall on the outside interface.
B. It allows traffic originating from the inside interface to pass through the firewall on the outside interface without a NAT translation rule being matched.
C. It requires traffic passing through the firewall on interfaces of the same security level to match a NAT
translation rule.
D. It allows traffic originating from the outside interface to pass through the firewall on the inside interface without a NAT translation rule being matched.
Answer: A
188. The following is an example of an IPSec error message:
What is the most common problem that this messsage can be attributed to? A. Router is missing the crypto map map-name local-address command
B. Crypto access-lists are not mirrored on each side
C. This is only an informational message, ipsec session will still succeed D. Crypto map is applied to the wrong interface or is not applied at all Answer: D
189. Which of the following is true for RFC 4301 – Security Architecture for the Internet Protocol (obsoletes RFC
2401) – (Select two)
A. Specifies the Security Architecture for the Internet
B. Specifies the base architecture for Key Management, the Internet Key Exchange (IKE)
C. Specifies the base architecture for IPsec-compliant systems
D. Designed to provide security services for traffic at the IP layer, in the IPv4 environment only.
E. Designed to provide security services for traffic at the IP layer, in both the IPv4 and IPv6 environments. Answer: CE
190. Match the 802.1x term on the left to the proper description on the right
191. Match the characteristics on the left to the correct protocol on the right
192. Match the CS-MARS terminology on the left to the descriptions that match the terms on the right.
193. Match the IKE functions on the left to the proper features on the right.
194. Match the protocol numbers or port numbers on the left to the correct protocols on the right (some items on the left are distractors).
195. Match the characteristics on the left to the correct encryption ciphering techniques on the right.
196. Match the steps an attacker use to perform Server attacks by predicting the Server’s TCP Initial Sequence No.
(ISN)
197. Match the security attack or threat with the correct layer of the OSI model at which it occurs?
Free download?pass4sure ccie 350-018
Free download?testking ccie 350-018
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
[...] SWITCHING QUALIFICATION (Written exam) Testinside Cisco 350-022 CCIE Written, Service Provider: DSL Testinside Cisco 350-018 CCIE Pre-Qualification Test for Security Testinside Cisco 350-020 CCIE SP Optical Qualification [...]
[...] SWITCHING QUALIFICATION (Written exam) Testinside Cisco 350-022 CCIE Written, Service Provider: DSL Testinside Cisco 350-018 CCIE Pre-Qualification Test for Security Testinside Cisco 350-020 CCIE SP Optical Qualification [...]