350-018 ccie security pdf [Jun 2016]

350-018 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

https://www.2passeasy.com/dumps/350-018/

Youll get the particular detailed explanation whenever you encounter difficulties on your 350-018 study. Examcollection give you the particular 350-018 CCIE Pre-Qualification Test for Security blueprint legibly inside the 350-018 dumps. These are tremendously saving your expenses to get acquainted with the particular Cisco classes.

2016 Jun 350-018 practice

Q274. What applications take advantage of a DTLS protocol? 

A. delay-sensitive applications, such as voice or video 

B. applications that require double encryption 

C. point-to-multipoint topology applications 

D. applications that are unable to use TLS 

Answer: A 


Q275. In the context of a botnet, what is true regarding a command and control server? 

A. It can launch an attack using IRC or Twitter. 

B. It is another name for a zombie. 

C. It is used to generate a worm. 

D. It sends the command to the botnets via adware. 

Answer: A 


Q276. Which statement regarding TFTP is not true? 

A. Communication is initiated over UDP port 69. 

B. Files are transferred using a secondary data channel. 

C. Data is transferred using fixed-size blocks. 

D. TFTP authentication information is sent in clear text. 

E. TFTP is often utilized by operating system boot loader procedures. 

F. The TFTP protocol is implemented by a wide variety of operating systems and network devices. 

Answer: D 


Q277. DHCPv6 is used in which IPv6 address autoconfiguration method? 

A. stateful autoconfiguration 

B. stateless autoconfiguration 

C. EUI-64 address generation 

D. cryptographically generated addresses 

Answer: A 


Q278. To prevent a potential attack on a Cisco IOS router with the echo service enabled, what action should you take? 

A. Disable the service with the no ip echo command. 

B. Disable the service with the no echo command. 

C. Disable tcp-small-servers. 

D. Disable this service with a global access-list. 

Answer: C 


Q279. Which three statements about triple DES are true? (Choose three.) 

A. For 3DES, ANSI X9.52 describes three options for the selection of the keys in a bundle, where all keys are independent. 

B. A 3DES key bundle is 192 bits long. 

C. A 3DES keyspace is168 bits. 

D. CBC, 64-bit CFB, OFB, and CTR are modes of 3DES. 

E. 3DES involves encrypting a 64-bit block of plaintext with the 3 keys of the key bundle. 

Answer: BCD 


Q280. After a client discovers a supportable wireless network, what is the correct sequence of operations that the client will take to join it? 

A. association, then authentication 

B. authentication, then association 

C. probe request, then association 

D. authentication, then authorization 

Answer: B 


Q281. Which statement about the ASA redundant interface is true? 

A. It is a logical interface that combines two physical interfaces, both of which are active. 

B. It can only be used for failover links. 

C. By default, the first physical interface that is configured in the pair is the active interface. 

D. The redundant interface uses the MAC address of the second physical interface in the pair. 

Answer: C 


Q282. Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering? 

A. HTTP inspection 

B. static entries in the botnet blacklist and whitelist 

C. global ACL 

D. NetFlow 

E. DNS inspection and DNS snooping 

Answer: E 


Q283. When configuring an Infrastructure ACL (iACL) to protect the IPv6 infrastructure of an enterprise network, where should the iACL be applied?? 

A. all infrastructure devices in both the inbound and outbound direction 

B. all infrastructure devices in the inbound direction 

C. all infrastructure devices in the outbound direction 

D. all parameter devices in both the inbound and outbound direction 

E. all parameter devices in the inbound direction 

F. all parameter devices in the outbound direction 

Answer: E 


350-018  answers

Up to the minute 350-018 braindump:

Q284. Which statement is true regarding Cisco ASA operations using software versions 8.3 and later? 

A. The global access list is matched first before the interface access lists. 

B. Both the interface and global access lists can be applied in the input or output direction. 

C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface will apply the access list entry globally. 

D. NAT control is enabled by default. 

E. The static CLI command is used to configure static NAT translation rules. 

Answer: A 


Q285. Which two statements about the RC4 algorithm are true? (Choose two.) 

A. The RC4 algorithm is an asymmetric key algorithm. 

B. The RC4 algorithm is a symmetric key algorithm. 

C. The RC4 algorithm.is slower in computation than DES. 

D. The RC4 algorithm.is used with wireless encryption protocols. 

E. The RC4 algorithm uses fixed-length keys. 

Answer: BD 


Q286. Which MPLS label is the signaled value to activate PHP (penultimate hop popping)? 

A. 0x00 

B. php 

C. swap 

D. push 

E. imp-null 

Answer: E 


Q287. Which common FTP client command transmits a direct, byte-for-byte copy of a file? 

A. ascii 

B. binary 

C. hash 

D. quote 

E. glob 

Answer: B 


Q288. Which three statements are true about DES? (Choose three.) 

A. A 56-bit key is used to encrypt 56-bit blocks of plaintext. 

B. A 56-bit key is used to encrypt 64-bit blocks of plaintext. 

C. Each block of plaintext is processed through 16 rounds of identical operations. 

D. Each block of plaintext is processed through 64 rounds of identical operations. 

E. ECB, CBC, and CBF are modes of DES. 

F. Each Block of plaintext is processed through 8 rounds of identical operations. 

G. CTR, CBC, and OFB are modes of DES. 

Answer: BCE 


Q289. Which four options could be flagged as potential issues by a network security risk assessment? (Choose four.) 

A. router hostname and IP addressing scheme 

B. router filtering rules 

C. route optimization 

D. database connectivity and RTT 

E. weak authentication mechanisms 

F. improperly configured email servers 

G. potential web server exploits 

Answer: BEFG 


Q290. Which statement about the AH is true? 

A. AH authenticates only the data. 

B. AH authenticates only the IP header. 

C. AH authenticates only the TCP-UDP header. 

D. AH authenticates the entire packet and any mutable fields. 

E. AH authenticates the entire packet except for any mutable fields. 

Answer: E 


Q291. Which option describes the main purpose of EIGRP authentication? 

A. to authenticate peers 

B. to allow faster convergence 

C. to provide redundancy 

D. to avoid routing table corruption 

Answer: D 


Q292. Review the exhibit. 


Which three statements about the Cisco IPS sensor are true? (Choose three.) 

A. A 

B. B 

C. C 

D. D 

E. E 

Answer: ACE 


Q293. In RFC 4034, DNSSEC introduced which four new resource record types? (Choose four.) 

A. DNS Public Key (DNSKEY) 

B. Next Secure (NSEC) 

C. Resource Record Signature (RRSIG) 

D. Delegation Signer (DS) 

E. Top Level Domain (TLD) 

F. Zone Signing Key (ZSK) 

Answer: ABCD 


Q294. Which statement about ISO/IEC 27001 is true? 

A. ISO/IEC 27001.is only intended to report security breaches to the management authority. 

B. ISO/IEC 27001 was reviewed by the International Organization for Standardization. 

C. ISO/IEC 27001 is intend to bring information security under management control. 

D. ISO/IEC 27001 was reviewed by the International Electrotechnical Commission. 

E. ISO/IEC 27001 was published by ISO/IEC. 

Answer: C 



see more CCIE Pre-Qualification Test for Security