Vendor: Cisco. Exam Code: Exam Name: CCIE Security Written Exam v4.0. Version: Demo

Similar documents
(d-5273) CCIE Security v3.0 Written Exam Topics

Implementing Cisco IOS Network Security

Cisco Certified Security Professional (CCSP)

CCIE Security Written Exam ( ) version 4.0

Securing Networks with Cisco Routers and Switches ( )

IINS Implementing Cisco Network Security 3.0 (IINS)

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

Cisco EXAM Implementing Cisco Secure Mobility Solutions (SIMOS) Buy Full Product.

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Managing Enterprise Security with Cisco Security Manager

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Implementing Cisco IOS Network Security v2.0 (IINS)

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

CISCO IOS NETWORK SECURITY (IINS)

Cisco Certified Network Expert (CCNE)

Implementing Core Cisco ASA Security (SASAC)

Fortinet Network Security NSE4 test questions and answers:

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Protocol Security Where?

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Configuring IPsec VPN with a FortiGate and a Cisco ASA

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Using IPsec VPN to provide communication between offices

INTRODUCTION TO FIREWALL SECURITY

Configuring the Transparent or Routed Firewall

MPLS VPN Security BRKSEC-2145

Exam Questions SY0-401

IINS Implementing Cisco IOS Network Security Exam.

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Personal Firewall Default Rules and Components

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Creating a VPN with overlapping subnets

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Securing Networks with PIX and ASA

Cisco EXAM Enterprise Network Unified Access Essentials. Buy Full Product.

Polycom. RealPresence Ready Firewall Traversal Tips

About Firewall Protection

Cisco ASA, PIX, and FWSM Firewall Handbook

Chapter 4 Firewall Protection and Content Filtering

PassGuide.PCNSE6 (48Q)

Firewalls und IPv6 worauf Sie achten müssen!

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Cisco Actualtests Exam Questions & Answers

Chapter 1 The Principles of Auditing 1

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Passguide q

Chapter 3 LAN Configuration

Network Access Security. Lesson 10

Managing Enterprise Security with Cisco Security Manager

Case Study for Layer 3 Authentication and Encryption

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

VPN_2: Deploying Cisco ASA VPN Solutions

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

IPv6 Fundamentals, Design, and Deployment

TABLE OF CONTENTS NETWORK SECURITY 2...1

Introduction of Intrusion Detection Systems

Networking for Caribbean Development

Tim Bovles WILEY. Wiley Publishing, Inc.

Secure Networks for Process Control

FIREWALLS & CBAC. philip.heimer@hh.se

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

U06 IT Infrastructure Policy

Virtual Private Networks

Interconnecting Cisco Networking Devices Part 2

Securing Cisco Network Devices (SND)

SolarWinds Log & Event Manager

Gigabit SSL VPN Security Router

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Cisco AnyConnect Secure Mobility Solution Guide

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Security of IPv6 and DNSSEC for penetration testers

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Course Contents CCNP (CISco certified network professional)

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Chapter 9 Monitoring System Performance

Securing the Connected Enterprise

Configuring Windows Server 2008 Network Infrastructure

C H A P T E R Management Cisco SAFE Reference Guide OL

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Deploying Cisco ASA VPN Solutions Exam.

Cisco Passguide Exam Questions & Answers

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Barracuda Link Balancer

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

Firewalls, Tunnels, and Network Intrusion Detection

Transcription:

Vendor: Cisco Exam Code: 350-018 Exam Name: CCIE Security Written Exam v4.0 Version: Demo

QUESTION 1 Which two statements about attacks against IPV4 and IPv6 network are true? (Choose two) A. Man-in-the-middle attacks are more common against IPv4 and IPv6 B. The multicast DHCPv6 replies on IPv6 network are easier to protect from attacks C. Rogue devices provide more risk to IPv4 networks than IPv6 networks D. It is easier to scan an IPv4 network than an IPv6 networks. E. Data can be captured in transit across both network types. F. Attacks performed at the application layer can compromise both types Correct Answer: AF QUESTION 2 Refer the exhibit. Two routers are connected using GRE through a WAN link. Your syslog server is logging the given error message. What is a possible reason for the errors? A. The loopback interface is configured as the source of the tunnel B. The connection is experiencing WAN link flapping C. The tunnel key is misconfigured D. Secondary addresses are being used on the physical interface E. The tunnel source and destination are advertised through the tunnel itself Correct Answer: E QUESTION 3 What ASA feature can you use to restrict a user to a specific VPN group? A. MPF B. A Webtype ACL C. group-lock D. A VPN filter Correct Answer: C QUESTION 4 Which two statements about DNSSEC are true? (Choose two) A. It support data confidentiality for DNS client B. It can protect bulk data as is it transmitted between DNS servers. C. It supports data integrity for DNS clients. D. It supports spilt-horizon DNS to prevent attackers from enumerating the names in a zone E. It can protect all types of data published in the DNS Correct Answer: CE

QUESTION 5 Which three statements about VRF-Aware Firewall are true? (Choose three) A. It can run as more than one instance B. It enables service providers to implement firewall on PE devices. C. It can generate syslog message that are visible only to individual VPNs D. It can support VPN network with overlapping address range without NAT E. It supports both global and per-vrf commands and DoS parameters F. It enables service providers to deploy firewall on customer device. Correct Answer: ABC QUESTION 6 Refer to the exhibit. What is the effect of the given service policy configuration? A. It blocks cisco.com, msn.com, and facebook.com and permits all other domains. B. It blocks all domains except facebook.com, msn.com, cisco.com and google.com C. It blocks all domains except cisco.com, msn.com, and facebook.com D. It blocks facebook.com, msn.com, cisco.com and google.com, and permits all other domains QUESTION 7 What is an RFC 2827 recommendation for protecting your network against DoS attacks with IP address spoofing? A. Advertise only assigned global IP addresses to the internet B. Use ingress traffic filtering to limit traffic from a downstream network to known advertised prefixes. C. Use the TLS protocol to secure the network against eavesdropping D. Brower-based applications should be filtered on the source to protect your network from know advertised prefix

QUESTION 8 Which two statements about the IPv6 OSPFv3 authentication Trailer are true (choose two) A. The AT-bit resides in the OSPFv3 Header field B. The IPv6 Payload length includes the length of the authentication Trailer C. It Provide an alternative option to OSPFv3 IPsec authentication D. The AT-bit must be set only in OSPFv3 Hello packets that include an Authentication Trailer E. The AT-bit must be set only in OSPFv3 Database Description packets that include an Authentication Trailer F. The OSPFv3 packet length includes the length of the Authentication Trailer Correct Answer: DE QUESTION 9 Which two statements about Cisco MQC are true? (Choose two) A. It can classify Layer 2 Packets from legacy protocols B. By default, its uses match-any matching C. A packet can match only one traffic class within an individual traffic policy D. It allows you to link multiple traffic policies to a single traffic class. E. Unclassified traffic is queued in a FIFO queue to be managed by the match not command configuration F. It can handle Layer2 packets from legacy protocol without classifying them. Correct Answer: EF QUESTION 10 Which two statements about DNSSEC are true? (Choose two) A. It support data confidentiality for DNS client B. It can protect bulk data as is it transmitted between DNS servers. C. It supports data integrity for DNS clients. D. It supports spilt-horizon DNS to prevent attackers from enumerating the names in a zone E. It can protect all types of data published in the DNS Correct Answer: CE QUESTION 11 Refer to the exhibit. Which two statements about the given configuration are true? (Choose two) A. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port. B. It will allow 209.165.202.129 to connect to 202.165.200.225 on a IMAP port C. It will allow 209.165.202.129 to connect to 202.165.200.225 on a RDP port D. It is an inbound policy

E. It is an outbound policy F. It will allow 202.165.200.225 to connect to 209.165.202.129 on a RDP port Correct Answer: CD QUESTION 12 Which statement about ACS rule-based policies is true? A. The permissions for rule-based policies are defined in authentication profile. B. Permission for rule-bases polices are associated with user group. C. Rule-based polices can apply different permission to the same user under different condition D. TACACS+ is one of the attributes included in the authorization profile QUESTION 13 What are the three probes supported by Cisco ISE profiling services? (Choose three) A. NetFlow (NetFlow Probe) B. DHCP (DHCP Probe) C. DHCP SPAN (DHCP SPAN Probe) D. HTTP (HTTP Probe) E. HTTP SPAN (HTTP SPAN Probe) F. RADIUS (RADIUS Probe) G. Network Scan (Network Scan Probe) H. DNS (DNS Probe) I. SNMP Query (SNMP Query Probe) J. SNMP Trap (SNMP Trap Probe) Correct Answer: ABD QUESTION 14 Which two statements about Flexible Packet Matching are true? (Choose two) A. It is supported by CSM management applications B. It can classify traffic at the bit level C. It can detected and filter malicious traffic D. It provides stateful classification for Layer 2 to Layer 7 traffic E. It can inspect non-ip protocol C QUESTION 15 Which three statements about Cisco Secure Desktop are true? (Choose three) A. It is interpretable with Clientless SSL VPN, AnyConnect, and the IPSec VPN client. B. Its supports shared network folder C. It validate PKI certificates D. It supports multiple prelogin checks, including IP address, certificate and OS

E. It supports unlimited CSD locations. F. It can be pre-installed to reduce download time. CE QUESTION 16 What is an example of a stream cipher? A. RC4 B. DES C. Blowfish D. RC6 Correct Answer: A QUESTION 17 Refer to the exhibit. What is the effect of the given configuration? A. It sets the number of neighbor solicitation message to 60 and sets the retransmission interval to 3600 milliseconds B. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 milliseconds C. It sets the duplicate address detection interval to 60 seconds and sets the IPv6 neighbor solicitation interval to 3600 milliseconds D. It sets the duplicate address detection interval 60 seconds and the IPv6 neighbor reachable time to 3600 milliseconds E. It sets the number of neighbor solicitation message to 60 and sets the duplicate address detection interval to 3600 seconds Correct Answer: C QUESTION 18 Which two statements about router advertisement message are true? (Choose two) A. Message are sent to the multicast address FF02::1 B. Local link prefixes are shared automatically C. Flag settings are shared in the message and retransmitted on the link D. Router solicitation message are sent in response to Router Advertisement message E. It support a configurable number of retransmission attempt for neighbor solicitation message F. Each prefix included in the advertisement carrier's lifetime information for that prefix D

QUESTION 19 What is the most common use of Scavenger-Class QoS? A. Mitigating DoS attacks B. Mitigating SQL injection attacks C. traffic shaping D. prioritizing traffic Correct Answer: A QUESTION 20 Which statement about the Cisco AnyConnect web Security module is true? A. It is VPN client software that works over the SSL protocol B. It is deployment on endpoints to route HTTP traffic to ScanSafe C. It is an endpoint component that is used with smart tunnels in a clientless SSL VPN D. It operates as an NAC Agent when it is configured with AnyConnect VPN client QUESTION 21 Which three statements about Cisco IPS Manager Express are true? (Choose three) A. It can provision policies based on Risk Ratings B. It uses vulnerability-focused signature to protect against zero-day attacks C. It can provision policies based on signatures D. It can provision policies based on IP address and ports. E. It provides a customizable view of event statistics F. it support up to 10 sensors Correct Answer: AEF QUESTION 22 Refer to the exhibit. What is the meaning of the given error message? A. The PFS groups are mismatched B. IKE is disabled on the remote peer C. The mirrored crypto ACLs are mismatched. D. The pre-shared keys are mismatched Correct Answer: D

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information