Pass4sure Cisco CCIE 350-018 lab
CCIE Pre-Qualification Test for Security (Lab exam) : 350-018 lab
Exam Number/Code: 350-018 lab
Exam Name: CCIE Pre-Qualification Test for Security (Lab exam)
Exam : Cisco 350018
Title :
CCIE PreQualification Test for
Security
Update : Demo
1. How do TCP SYN attacks take advantage of TCP to prevent new connections from being established to
a host under attack?
A. These attacks send multiple FIN segments forcing TCP connection release.
B. These attacks fill up a hosts’ listen queue by failing to ACK partially opened TCP connections.
C. These attacks take advantage of the hosts transmit backoff algorithm by sending jam signals to the host.
D. These attacks increment the ISN of each segment by a random number causing constant TCP
retransmissions.
E. These attacks send TCP RST segments in response to connection SYN+ACK segments forcing SYN
retransmissions. Answer: B
2. What are two key characteristics of VTP? (Choose 2)
A. VTP messages are sent out all switchswitch connections.
B. VTP L2 messages are communicated to neighbors using CDP.
C. VTP manages addition, deletion, and renaming of VLANs 1 to 4094. D. VTP pruning restricts flooded traffic, increasing available bandwidth.
E. VTP V2 can only be used in a domain consisting of V2 capable switches.
F. VTP V2 performs consistency checks on all sources of VLAN information. Answer: DE
3. Refer to the Exhibit. Switch SW2 has just been added to FastEthernet 0/23 on SW1. After a few seconds, interface Fa0/23 on SW1 is placed in the errordisabled state. SW2 is removed from port 0/23 and inserted into SW1 port Fa0/22 with the same result. What is the most likely cause of this problem?
A. The spanningtree portfast feature has been configured on SW1.
B. BPDU filtering has been enabled either globally or on the interfaces of SW1.
C. The BPDU guard feature has been enabled on the FastEthernet interfaces of SW1.
D. The FastEthernet interfaces of SW1 are unable to autonegotiate speed and duplex with SW2.
E. PAgP is unable to correctly negotiate VLAN trunk characteristics on the link between SW1 and SW2. Answer: C
4. What are two important guidelines to follow when implementing VTP? (Choose 2)
A. CDP must be enabled on all switches in the VTP management domain. B. All switches in the VTP domain must run the same version of VTP.
C. When using secure mode VTP, only configure management domain passwords on VTP servers.
D. Enabling VTP pruning on a server will enable the feature for the entire management domain. E. Use of the VTP multidomain feature should be restricted to migration and temporary implementation.
Answer: BD
5. Refer to the Exhibit. The Cisco IOSbased switches are configured with VTP and VLANs as shown. The network administrator wants to quickly add the VLANs defined on SW1 to SW2’s configuration and so he copies the vlan.dat file from the flash on SW1 to the flash of SW2. After the file is copied to SW2, it is rebooted. What is the VLAN status of SW2 after the reboot?
A. The VLAN information on SW2 will remain the same since it has been configured for transparent VTP
mode.
B. SW2 will clear the vlan.dat file and load its VLAN information from the configuration file stored in
NVRAM.
C. A VTP mode mismatch will occur causing the VLANS in the startup config to be ignored and all VLANs above 1005 to be erased.
D. The VLANs in the vlan.dat file will be copied to the running config and merged with the extended
VLANs defined in the startup config.
E. All VLANs will be erased and all ports will be moved into the default VLAN 1. Answer: C
6. Refer to the Exhibit. A Cisco security appliance has been inserted between routers R1 and R2 for security reasons. Unfortunately, BGP stopped working after the appliance was inserted in the network. What three configuration tasks must be completed to restore BGP connectivity? (Choose 3)
A. Configure BGP on the security appliance as an iBGP peer to R1 and R2 in AS 65500.
B. Configure a static NAT translation to allow inbound TCP connections from R2 to R1.
C. Configure an ACL on the security appliance allowing TCP, port 179 between R1 and R2.
D. Configure a static routes on R1 and R2 using the appliance inside and outside interfaces as gateways.
E. Configure the BGP fixup feature on the security appliance to permit BGP TCP connections between R1
and R2. Answer: BCD
7. Refer to the Exhibit. A Cisco security appliance has been correctly configured and inserted between routers R1 and R2. The security appliance allows iBGP connectivity between R1 and R2 and BGP is fully functional. To increase security, MD5 neighbor authentication is correctly configured on R1 and R2. Unfortunately, BGP stops working after the MD5 configuration is added. What configuration task must be completed on the security appliance to restore BGP connectivity?
A. Configure authenticationproxy on the security appliance.
B. Configure the MD5 authentication key on the security appliance.
C. Add the MD5 key to the security appliance BGP fixup configuration.
D. Add norandomseq to the static NAT translation on the security appliance.
E. Configure a GRE tunnel to allow authenticated BGP connections to traverse the security appliance. Answer: D
8. According to RFC 3180, what is the correct GLOP address for AS 456? A. 224.0.4.86
B. 224.4.86.0
C. 233.1.200.0
D. 239.2.213.0
E. 239.4.5.6
Answer: C
9. A network administrator is using a LAN analyzer to troubleshoot OSPF router exchange messages sent
to ALL OSPF ROUTERS. To what MAC address are these messages sent? A. 00001CEF0000
B. 01005E000005
C. 01005EEF0000
D. EFFFFF000005
E. EF0000FFFFFF F. FFFFFFFFFFFF
Answer: B
10.Which two IP multicast addresses belong to the group represented by the MAC address of
0×01005E156A2C? A. 224.21.106.44
B. 224.25.106.44
C. 233.149.106.44
D. 236.25.106.44
E. 239.153.106.44
Answer: AC
11. Refer to the Exhibit. A Cisco security appliance has been inserted between a multicast source and its receiver, preventing multicast traffic between them. What is the best solution to address this problem?
A. Configure the security appliance as an IGMP multicast client.
B. Configure a GRE tunnel to allow the multicast traffic to bypass the security appliance.
C. Configure the security appliance as the rendezvous point of the multicast network so that all (*,G) trees traverse it.
D. Create a static route on the multicast source and receiver pointing to the outside and inside interfaces
of the security appliance respectively.
E. Configure SMR so the security appliance becomes an IGMP proxy agent, forwarding IGMP messages from hosts to the upstream multicast router.
Answer: E
12. Refer to the Exhibit. Which of the following R1 router configurations will correctly prevent R3 from becoming a PIM neighbor with rendezvous point R1?
A.
B.
C.
D.
E.
Answer: A
13. How is the Cisco sensor software version 5.0 different from the version 4.0 release? A. The monitoring system pulls events from the sensor
B. The sensor supports intrusion prevention functinality
C. The sensor pushes events to the monitoring system
D. The sensor uses RDEP E. The sensor software calculates a Risk Rating for alerts to reduce false
positives
Answer: BE
14. What is SDEE?
A. A Cisco proprietary protocol to transfer IDS events across the network
B. A protocol used by multiple vendors to transmit IDS events across the network
C. A queuing mechanism to store alerts
D. A mechanism to securely encode intrusion events in an event store E. A multipurpose encryption engine to symmetrically encrpt data across the network
Answer: B
15. Refer to the Exhibit. Under normal conditions, SW1 is spanning tree root and the link between SW2 and SW3 is in the blocking state. This network transports large amounts of traffic and is heavily loaded. After a software upgrade to these switches, users are complaining about slow performance. To
troubleshoot, the commands shown in the exhibit are entered. What two are the most likely causes of this
issue?
A. Lack of BPDUs from high priority bridge SW1 causes SW3 to unblock Fa1/1.
B. Duplex mismatch on the link between SW1 and SW3 causing high rate of collisions.
C. The Max Age timers on SW1 and SW2 have been changed and no longer match the MAX Age timer on
SW3.
D. UDLD has not been configured between SW1 and SW3 so SW3 errantly sees its link to SW1 as up and operational.
E. The bridge priority of SW1 was changed to be greater than 32768 allowing SW2 to become the new root of the spanning tree.
Answer: AB
16. What is true about a PreBlock ACL configured when setting up your sensor to perform IP Blocking?
A. The PreBlock ACL is overwritten when a blocking action is initiatied by the sensor
B. The blocking ACL entries generated by the sensor override the PreBlock ACL entries C. The
PreBlock ACL entries override the blocking ACL entries generated by the sensor D. The PreBlock ACL is replaced by the PostBlock ACL when a blocking action is initiated by the sensor
E. You can not configure a PreBlock ACL when configuring IP Blocking on your sensor
Answer: C
17. Which of the following is true about the Cisco IOSIPS functionality? (Choose 2) A. The signatures available are built into the IOS code.
B. To update signatures you need to install a new IOS image
C. To activate new signatures you download a new Signature Defiition File (SDF) from Cisco’s web site
D. Loading and enabling selected IPS signatures is user configurable
E. Cisco IOS only provides Intrusion Detection functionality
F. Cisco IOSIPS requires a network module installed in your router running sensor software
Answer: CD
18. What is the main reason for using the “ip ips denyaction ipsinterface” IOS command? A. To selectively apply drop actions to specific interfaces
B. To enable IOS to drop traffic for signatures configured with the Drop action
C. To support loadbalancing configurations in which traffic can arrive via multiple interfaces
D. This is not a valid IOS command
Answer: C
19. By default, to perform IPS deny actions, where is the ACL applied when using IOSIPS? A. To the ingress interface of the offending packet
B. To the ingress interface on which IOSIPS is configured C. To the egress interface on which IOSIPS is configured D. To the egress interface of the offending packet
E. To the ingress interface of the offending packet and the ingress interface on which IOSIPS is configured
Answer: A
20. Refer to the Exhibit. Router R1 is stuck in 2WAY state with neighbors R2 and R3. As a result R1 has
an incomplete routing table. To troubleshoot the issue, the show and debug commands in the exhibit are entered on R1. Based on the output of these commands what is the most likely cause of this problem?
A. The hello timers on the segment between these routers do not match.
B. All the routers on the Ethernet segment have been configured with “ip ospf priority 0″.
C. R1 can not form an adjacency with R2 or R3 because it does not have a matching authentication key.
D. The Ethernet 0/0 interfaces on these routers are missing the “ip ospf network broadcast” command.
E. The Ethernet 0/0 interface on R1 has been configured with the command, “ip ospf network nonbroadcast”.
Answer: B
21. What two things must you do on the router before generating an SSH key with the “crypto key generate rsa” IOS command?
A. Configure the SSH version that the router will use
B. Configure the host name of the router
C. Enable AAA Authentication
D. Configure the default IP domain name that the router will use
E. Enable SSH transport support on the vty lines
Answer: BD
22. Refer to the Exhibit. What aspath accesslist regular expression should be applied on R2 as a neighbor filterlist to only allow updates with an origin of AS65503?
A. 65503
B. _65503_ C. ^65503$ D. _65503$ E. ^65503 .* F. _65503.?$ Answer: E
23. Refer to the Exhibit. A router running EIGRP with the “no ip classless” command contains the routing table as shown in the exhibit. What will happen to a packet destined for 172.16.254.1?
A. The packet is forwarded to 192.168.1.1.
B. The packet is forwarded to 192.168.1.2. C. The packet is forwarded to 192.168.1.3. D. The packet is dropped.
Answer: D
24. Refer to the Exhibit. What aspath accesslist regular expression should be applied on R2 to only allow updates originated from AS65501 or autonomous systems directly attached to AS65501?
A. _65501_.*
B. _65501_*$ C. ^65501_*$
D. _65501+[0.9]$ E. ^65501_[09]*$
F. \[09]*+65501_+\[09]$ Answer: E
25. Refer to the Exhibit. What is the correct configuration on R1 to enable message digest authentication
between routers R1 and R2?
A.
B.
C.
D.
E.
Answer: A
26. When applying MD5 route authentication on routers running RIP or EIGRP, what two important key chain considerations should be accounted for?
A. The lifetimes of the keys in the chain should overlap.
B. No more than three keys should be configured in any single chain. C. Routers should be configured for NTP to synchronize their clocks.
D. Key 0 of all key chains must match for all routers in the autonomous system.
E. Link compression techniques should be disabled on links transporting any MD5 “hash”. Answer: AC
27. Whenever a failover takes place on the ASA running in failover mode, all active connections are
dropped and clients must reestablish their connections unless
A. the ASA is configured for ActiveStandby failover. B. the ASA is configured for ActiveActive failover.
C. the ASA is configured for ActiveActive failover and a state failover link has been configured.
D. the ASA is configured for ActiveStandby failover and a state failover link has been configured.
E. the ASA is configured to use a serial cable as the failover link. F. the ASA is configured for LANBased failover.
Answer: CD
28. Which of the following is true with respect to activeactive failover on the ASA?
A. Activeactive failover is available only for systems running in single context mode
B. Activeactive failover is available only for systems running in transparent mode
C. Activeactive failover is available only for systems running in routed mode
D. Activeactive failover is available only for systems running in multiple context mode
E. Activeactive failover is available for systems running in multiple or single context mode Answer: D
29. Whenever a failover takes place on the ASA (configured for failover), all active connections are dropped and clients must reestablish their connections unless: (Choose 2)
A. The ASA is configured for ActiveStandby failover. B. The ASA is configured for ActiveActive failover.
C. The ASA is configured for ActiveActive failover and a state failover link has been configured.
D. The ASA is configured for ActiveStandby failover and a state failover link has been configured.
E. The ASA is configured to use a serial cable as the failover link. F. The ASA is configured for LANBased failover
Answer: CD
30. Which algorithms did TKIP add to the 802.11 specification? (Choose 3) A. key mixing
B. AESbased encryption
C. antireplay sequence counter
D. message integrity check E. cyclic redundancy check Answer: ACD
KillTest.com was founded in 2006. The safer,easier way to help you pass any IT
Certification exams . We provide high quality IT Certification exams practice questions and answers(Q&A). Especially Adob e, Apple, Cit rix, Compt ia, EM C,
HP, Hu aW ei, LPI, No rtel, Oracle , SUN, Vmw are and so on. And help you pass any IT Certification exams at the first try.
You can reach us at any of the email addresses listed below. English Customer: Chinese Customer: Sales : sales@Killtest.com sales@Killtest.net
Support: support@Killtest.com support@Killtest.com
“CCIE Pre-Qualification Test for Security (Lab exam)”, also known as 350-018 lab exam, is a Cisco certification.
Preparing for the 350-018 lab exam? Searching 350-018 lab Test Questions, 350-018 lab Practice Exam, 350-018 lab Dumps?
To become certified of CCIE expert in CCIE Pre-Qualification Test for Security, the candidate must pass both a written qualification 350-018 exam. With the complete collection of questions and answers, Pass4sure has assembled to take you through 4 cases to your CCIE Pre-Qualification Test for Security lab Exam preparation. In the 350-018 lab exam resources, you will cover every field and category in CCIE helping to ready you for your successful Cisco Certification.
Updated: 11/27/2007
Market Price: 1299.99
Member Price: 599.99
Free download:pass4sure Cisco CCIE 350-018 lab
Free download:testking Cisco CCIE 350-018 lab
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Related Posts
hi,
where is download link for this..pls send to me..i need it