최신 350-018v4 무료덤프 - Cisco CCIE Security Exam (4.0)

문제1

Which three EAP methods require a server-side certificate? (Choose three.)

A. EAP-TLS

B. EAP-TTLS

C. PEAP with MS-CHAPv2

D. EAP-FAST

E. EAP-GTP

정답: A,B,C

문제2

What are too important guidelines to follow when implementing VTP? (Choose two.)
When using secure-mode VTP, configure management domain passwords only on VTP servers.
Use of the VTP multidomain feature should be restricted to migration and temporary implementation.
Enabling VTP pruning on a server will enable the feature for the entire management domain.
All switches in the VTP domain must run the same version of VTP.
CDP must be enabled on all switches in the VTP management domain.

정답:

C,D
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-
eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the
VTP domain).
* All switches in a VTP domain must have the same domain name, but they do not need to run the same VTP version.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html#wp1225071

문제3

Many guidelines can be used to identify the areas that security policies should cover. In which four areas is coverage
most important? (Choose four.)

A. Incident handling and response

B. Document

C. Security awareness training

D. User

E. Host

F. Physical

정답: B,D,E,F

문제4

Which statement about the SYN flood attack is true?

A. The SYN flood attack is meant to completely deplete the TCB SYN-Received state backlog.

B. The SYN flood attack can be launched for both UDP and TCP open ports on the server.

C. SYN-Received state backlog for TCBs is meant to protect server CPU cycles.

D. The SYN flood attack is always directed from valid address.

E. The SYN flood attack target is to deplete server memory so that legitimate request cannot be served.

정답: A

문제5

Which two options correctly describe Remote Triggered Black Hole Filtering (RFC 5635)? (Choose two.)

A. RTBH source based filtering will drop traffic from a source destined to a host based on triggered entries in the RIB

B. Strict uRPF must be used in conjunction with RTBH source based filtering

C. Loose uRPF must be used in conjunction with RTBH destination based filtering

D. When setting the BGP community attribute in a route-map for RTBH use the no-export community unless BGP
confederations are used then use local-as to advertise to sub-as confederations

E. RTBH destination based filtering can drop traffic destined to a host based on triggered entries in the FIB.

F. RTBH uses a discard route on the edge devices of the network and a route server to send triggered route updates

정답: E,F

문제6

Which two statements about cisco ASA authentication using LDAP are ture:

A. It is a closed standard that manages directory-information services over distributed networks

B. It can combine AD attributes and LDAP attribute to configure group policies on the cisco ASA.

C. The cisco ASA can use more than one AD . member of attribute to match a user to multiple group policies.

D. it uses AD attribute maps to assign users to group policies configured under the webvpn contant.

E. It can assign a group policy to a user based on access credentials.

F. It uses attribute maps to map the AD member of attribute to the cisco ASA group policy attribute.

정답: E,F

문제7

Which item is not encrypted by ESP?

A. ESP trailer

B. TCP-UDP header

C. Data

D. ESP header

E. IP header

정답: D

문제8

What is the purpose of the SPI field in an IPsec packet?

A. identifies a transmission channel

B. contains a shared session key

C. ensures data integrity

D. provides anti-replay protection

정답: A

문제9

Which is a core function of the risk assessment process?

A. performing network posture validation

B. establishing network baselines

C. performing network optimization

D. prioritizing network roll-outs

E. performing regular network upgrades

정답: A

문제10

Which three types of traffic are processed by CoPP configured on the device? (Choose three.)

A. traffic from a management protocol such as Telnet or SNMP

B. routing protocol traffic

C. traffic that is destined to the device interface

D. IPsec traffic

E. any traffic filtered by the access list

F. tansient traffic

정답: A,B,C

문제11

Which feature can you implement to protect against SYN-flooding DoS attacks?

A. a null zero route

B. the ip verify unicast reverse-path command

C. TCP intercept

D. CAR applied to ICMP packets

정답: C

문제12

What is Cisco CKM (Centralized Key Management) used for?

A. to provide switch port security

B. to allow an access point to act as a TACACS server to authenticate the client

C. to allow authenticated client devices to roam from one access point to another without any perceptible delay
during re-association

D. to avoid configuring PSKs (Pre-Shared Key) locally on network access devices and to configure a PSK once on a
RADIUS server

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제13

Which three parameters does the HTTP inspection engine use to inspect the traffic on Cisco IOS firewall? (Choose
three.)

A. application

B. minimum header length

C. request method

D. transfer encoding type

E. destination address

F. source address

정답: A,C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제14

Refer to the exhibit.

Which statement about the exhibit is true?

A. A DMVPN session will fail to establish because R2 is missing the ISAKMP peer address.

B. The tunnel configuration is incomplete and the DMVPN session will fail between R1 and R2.

C. A DMVPN session will establish between R1 and R2 provided that the BGP configuration is correct.

D. A DMVPN session will establish between R1 and R2 provided that the BGP and EIGRP configurations are correct.

E. IPsec phase-2 will fail to negotiate due to a mismatch in parameters.

정답: D

최신 350-018v4 무료덤프 - Cisco CCIE Security Exam (4.0)

우리와 연락하기

유용한 링크

최신 업데이트