Download Free Testking CCIE 350-018 Dumps | Latest Cisco Certification Exams

Testking CCIE 350-018

CCIE Pre-Qualification Test for Security : 350-018 Exam
Question: 1.
Which addresses below would be valid IP addresses of hosts on the Internet? (Multiple answer)

A. 235.1.1.1
B. 223.20.1.1
C. 10.100.1.1
D. 127.0.0.1
E. 24.15.1.1
Answer: B, E Explanation:
When you create an internal network, we recommend you use one of the following address groups reserved by the Network Working Group (RFC 1918) for private network addressing:

Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255

Class D address start with the 1110 bit so the 223.20.1.1 is a legal class C address

Question: 2.
On an Ethernet LAN, a jam signal causes a collision to last long enough for all other nodes to recognize that:

A. A collision has occurred and all nodes should stop sending.
B. Part of a hash algorithm was computed, to determine the random amount of time the nodes should back off before retransmitting.
C. A signal was generated to help the network administrators isolate the fault domain between two Ethernet nodes.
D. A faulty transceiver is locked in the transmit state, causing it to violate CSMA/CD rules.
E. A high-rate of collisions was caused by a missing or faulty terminator on a coaxial Ethernet network.
Answer: A Explanation:
When a collision is detected the device will “transmit a jam signal” this will will inform all the devices on the network that there has been a collision and hence stop them initiating the
transmission of new data. This “jam signal” is a sequence of 32 bits that can have any value as
long as it does not equal the CRC value in the damaged frame’s FCS field. This jam signal is normally 32 1’s as this only leaves a 1 in 2^32 chance that the CRC is correct by chance. Because the CRC value is incorrect all devices listening on the network will detect that a collision has occurred and hence will not create further collisions by transmitting immediately. “Part of a hash algorithm was computed, to determine the random amount of time the nodes should back
off before retransmitting.” WOULD SEEM CORRECT BUT IT IS NOT After transmitting the jam signal the two nodes involved in the collision use an algorithm called the “truncated BEB
(truncated binary exponential back off)” to determine when they will next retransmit. The algorithm works as follows: Each device will wait a multiple of 51.2us (minimum time required for
signal to traverse network) before retransmitting. 51.2us is known as a “slot”. The device will wait wait a certain number of these time slots before attempting to retransmit. The number of time
slots is chosen from the set {0,…..,2^k-1} at random where k= number of collisions. This means k
is initialized to 1and hence on the first attempt k will be chosen at random from the set {0,1} then
on the second attempt the set will be {0,1,2,3} and so on. K will stay at the value 10 in the 11, 12,

Exam Name: CCIE Pre-Qualification Test for Security
Exam Type: Cisco
Exam Code: 350-018 Total Questions: 743

13, 14, 15 and 16th attempt but on the 17th attempt the MAC unit stops trying to transmit and
reports an error to the layer above.

Question: 3.
Which statements about TACACS+ are true? (multiple answer)

A. If more than one TCACS+ server is configured and the first one does not respond within a given timeout period, the next TACACS+ server in the list will be contacted.
B. The TACACS+ server’s connection to the NAS encrypts the entire packet, if a key is used at both ends.
C. The TACACS+ server must use TCP for its connection to the NAS.
D. The TACACS+ server must use UDP for its connection to the NAS.
E. The TACACS+ server may be configured to use TCP of UDP for its connection to the NAS
Answer: A, B, C Explanation:
PIXFirewall permits the following TCP literal names: bgp, chargen, cmd,daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323,hostname, http, ident, irc, klogin, kshell, lpd, nntp,
pop2, pop3, pptp,rpc, smtp, sqlnet, sunrpc, TACACS, talk, telnet, time, uucp, whois, and www. To
specify a TACACS host, use the tacacs-server host globalconfiguration command. Use the no form of this command to delete thespecified name or address. timeout= (Optional) Specify a timeout value. This overrides the global timeout value set with the tacacs-server timeout
command for this serveronly. tacacs-server key To set the authentication encryption key used for
all TACACS+ communicationsbetween the access server and the TACACS+ daemon, use the tacacs-server keyglobal configuration command. Use the no form of this command to disable the key. key = Key used to set authentication and encryption. This key must match the key used on
the TACACS+ daemon.

Question: 4.
A Network Administrator is trying to configure IPSec with a remote system. When a tunnel is initiated from the remote end, the security associations (SAs) come up without errors. However, encrypted traffic is never send successfully between the two endpoints. What is a possible
cause?

A. NAT could be running between the two IPSec endpoints.
B. A mismatched transform set between the two IPSec endpoints.
C. There is a NAT overload running between the two IPSec endpoints. D. Mismatched IPSec proxy between the two IPSec endpoints.
Answer: C Explanation:
This configuration will not work with port address translation (PAT). Note: NAT is a one-to-one address translation, not to be confused with PAT, which is a many (inside the firewall)-to-one
translation. IPSec with PAT may not work properly because the outside tunnel endpoint device
cannot handle multiple tunnels from one IP address. You will need to contact your vendor to determine if the tunnel endpoint devices will work with PAT Question- What is PAT, or NAT overloading? Answer- PAT, or NAT overloading, is a feature of Cisco IOS NAT and can be used
to translate internal (inside local) private addresses to one or more outside (inside global—usually registered) IP addresses. Unique source port numbers on each translation are used to distinguish between the conversations. With NAT overload, a translation table entry containing full address and source port information is created.

Question: 5.

Exam Name: CCIE Pre-Qualification Test for Security
Exam Type: Cisco
Exam Code: 350-018 Total Questions: 743

Which are the principles of a one way hash function? (Multiple answer)

A. A fixed length output is created from a variable length input by a hash function. B. A hash function cannot be random and the receiver cannot decode the hash.
C. A hash function is usually operated in an IPSec environment to provide a fingerprint for a packet.
D. A hash function must be easily decipherable by anyone who is listening to the exchange.
Answer: A, C Explanation:
Developers use a hash function on their code to compute a diges, which is also known as a one- way hash .The hash function securely compresses code of arbitrary length into a fixed-length
digest result.

Question: 6. Exhibit:

What is the expected behavior of IP traffic from the clients attached to the two Ethernet subnets?

A. Traffic between the Ethernet subnets on both routers will have to be decrypted. B. NAT will translate the traffic between the Ethernet subnets on both routers.
C. Traffic will successfully access the Internet, though it will have to be decrypted between the router’s Ethernet subnets.
D. Traffic will successfully access the Internet fully encrypted.
E. Traffic bound for the Internet will not be routed because the source IP addresses are private.
Answer: C Explanation:
NOT ENOUGH OF THE ESHIBIT TO MAKE A REAL CHOICE. THE ESHIBIT IS ONE OF IPSEC TAKE YOUR BEST SHOT.

Question: 7.
A ping of death is when:

Exam Name: CCIE Pre-Qualification Test for Security
Exam Type: Cisco
Exam Code: 350-018 Total Questions: 743

A. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the
“type”field in the ICMP header is set to 18 (Address Mask Reply).
B. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last
Fragment bit is set, and (IP offset ‘ + (IP data length) >65535. In other words, the IP offset
(which represents the starting position of this fragment in the original packet, and which is in 8- byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
C. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the
source equal to destination address.
D. The IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).
Answer: B Explanation:
“A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offest where (IP offset *8) + (IP data length)>65535. This means that when the packet is
reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine’s
OS (becouse the buffer sizes are defined only to accomodate the maximum allowed size of the packet based on RFC 791)…IDS can generally recongize such attacks by looking for packet fragments that have the IP header’s protocol field set to 1 (ICMP), the last bit set, and (IP offset
*8) +(IP data length)>65535″ CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 “Ping of Death” attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being data. Ping of Death attacks can cause crashing, freezing, and rebooting.

Question: 8.
Why would a Network Administrator want to use Certificate Revocation Lists (CRLs) in their
IPSec implementations?

A. They allow the ability to do “on the fly” authentication of revoked certificates.
B. They help to keep a record of valid certificates that have been issued in their network.
C. They allow them to deny devices with certain certificates from being authenticated to their network.
D. Wildcard keys are much more efficient and secure. CRLs should only be used as a last resort.
Answer: C Explanation:
A method of certificate revocation. A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPSec peers on a regular periodic
basis (for example, hourly, daily, or weekly). Each revoked certificate is identified in a CRL by its
certificate serial number. When a participating peer device uses a certificate, that system not only checks the certificate signature and validity but also acquires a most recently issued CRL and checks that the certificate serial number is not on that CRL.

Question: 9.
A SYN flood attack is when:

A. A target machine is flooded with TCP connection requests with randomized source address &
ports for the TCP ports.
B. A target machine is sent a TCP SYN packet (a connection initiation), giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.
Exam 350-018 Cisco CCIE Security Track

Number of questions: 100

Duration: 2 hours

Cost: $315

Exam Topics Include:

1. General Networking, including TCP/IP and the OSI model

2. Security Protocols, Ciphers and Hash Algorithms

3. Application Protocols

4. Security Technologies

5. Cisco Security Appliances and Applications

6. Cisco Security Management

7. General Cisco Security and Features

8. Security Solutions

9. General Security, including common attacks and exploits and security policy issues

Cisco revised the 350-018 exam in 2004. The Security 2.0 written exam reflects new advances in how enterprise customers create highly secure networks. The Security 2.0 written exam (350-018) will emphasize more on new Cisco products and services including:

Interactive Testing Engine Included!
736 Questions
Updated : 08/15/2008
Price : $87.99 $79.99
Free download?testking CCIE 350-018

Free download?pass4sure CCIE 350-018