Exam : Cisco 350-018 Title : CCIE Security Qualification Exam
1. Which two of the following statements describe why TACACS+ is more desirable from a security standpoint than RADIUS? (Choose two.) A. It uses UDP as its transport. B. It uses TCP as its transport. C. It encrypts the password field with a unique key between server and requester. D. Encrypting the whole data payload is optional. E. Authentication and authorization are combined into a single query for robustness. Answer: BD
2. A firewall administrator received this syslog message from his adaptive security appliance. What can the firewall administrator infer from the message? A. The server at 209.165.201.10 is under a smurf attack. B. The server at 10.1.1.20 is under a SYN attack. C. The client at 209.165.201.10 has been infected with a virus. D. The server at 10.1.1.20 is under a smurf attack. Answer: B
3. In regards to private address space, which three of the following statements are true? (Choose three.) A. Private address space is defined in RFC 1918. B. These IP addresses are considered private: 10.0.0.0 172.15.0.0 192.168.0.0 C. Private address space is not supposed to be routed over the Internet. D. 127.0.0.1 is also considered part of private address space, according to the RFC. E. Using only private address space and NAT to the Internet is not considered as secure as having a stateful firewall. Answer: ACE
4. When using Cisco SDM to manage a Cisco IOS device, what configuration statements are necessary to be able to use Cisco SDM? A. ip http server B. ip http secure-server C. ip http server sdm location X.X.X.X D. ip http secure-server sdm location X.X.X.X E. ip http server ip http secure-server Answer: A
5. Which three of these statements describe how DNSSEC prevents DNS cache poisoning attacks from succeeding? (Choose three.) A. DNSSEC encrypts all records with domain-specific keys. B. DNSSEC eliminates caching and forces all answers to be authoritative. C. DNSSEC introduces KEY records that hold domain-specific public keys. D. DNSSEC deprecates CNAME records and replaces them with DS records. E. DNSSEC utilizes DS records to establish a trusted hierarchy of zones. F. DNSSEC signs all records with domain-specific keys. Answer: CEF
6. Which three of the following are attributes of the RADIUS protocol? (Choose three.) A. encrypts the password B. hashes the password C. uses UDP as the transport D. uses TCP as the transport E. combines authentication and authorization in a single request F. commonly used to implement command authorization Answer: BCE
7. Which two of the following statements are attributed to stateless filtering? (Choose two.) A. The first TCP packet in a flow must be a SYN packet. B. It must process every packet against the inbound ACL filter. C. It can look at sequence numbers to validate packets in flow. D. It must implement an idle timeout. E. It can be used in asymmetrical traffic flows. Answer: BE
8. When initiating a new SSL/TLS session, the client receives the server SSL certificate and validates it. What does the client use the certificate for after validating it? A. The client and server use the key in the certificate to encrypt all data in the following SSL session. B. The server creates a separate session key and sends it to the client. The client has to decrypt the session key using the server public key from the certificate. C. The client creates a separate session key and encrypts it with the server public key from the certificate before sending it to the server. D. Nothing, the client and server switch to symmetric encryption using IKE to exchange keys. E. The client generates a random string, encrypts it with the server public key from the certificate, and sends it to the server. Both the client and server derive the session key from the random data sent by the client. Answer: E
350-018 Exam Details
There is no time to lose! Buy your 350-018 exam notes today and be ready to pass your 350-018 test as soon as tomorrow! Our 350-018 practice exam is 100% 350-018 brain dump free and each and every 350-018 practice test comes with the GUARANTEE that you will pass your test on the first try. How many other 350-018 simulation sites can offer that promise?
You'll get perfect 350-018 exam questions geared to teach you by example in the actual style you will be tested in. 350-018 test questions come with correct 350-018 answers that have been validated by our online computer based trainers. You have absolutely nothing to lose and everything to gain with the 350-018 dumps free materials you will have instant access to.
What exactly is in an TestUnion 350-018 course? You get:
In depth and practical information like you would learn from 350-018 labs, without the cost and time commitment of attending the actual lab. A virtual 350-018 study guide in a convenient 350-018 pdf download for portability and convenience. 350-018 questions in the same format and covering the same topics as on the actual 350-018 test. 350-018 answers verified by 350-018 boot camp instructors who care about your passing. You get our 100% guarantee that you WILL pass your exam. On the first attempt!
TestUnion products come with a handy 350-018 exam engine to put you in the drivers seat, just like on test day. Unlike heavy 350-018 audio exams, you wont need specialized hardware to play or use our 350-018 tutorials - you'll be able to print or read them right away with any Acrobat compatible device or software.
Download 350-018 exam samples or buy the 350-018 practice exam today and be on the road to certification success!
