• Recent Posts

  • AmazonExam

  • Braindumps

    Easy Pass Exams!
  • Testking

    Easy Pass Exams!
  • ExamCollection

    Easy Pass Exams!
  •  

    HOT 70-410 Exam VCE Dumps >> Free Download

    HOT 70-411 Exam VCE Dumps >> Free Download

    HOT 70-412 Exam VCE Dumps >> Free Download

    HOT 70-413 Exam VCE Dumps >> Free Download

    HOT 70-414 Exam VCE Dumps >> Free Download

    HOT 70-415 Exam VCE Dumps >> Free Download

    HOT 70-416 Exam VCE Dumps >> Free Download

    HOT 70-417 Exam VCE Dumps >> Free Download

    NEW 70-432 Exam VCE Dumps >> Free Download

    NEW 70-448 Exam VCE Dumps >> Free Download

    NEW 70-457 Exam VCE Dumps >> Free Download

    NEW 70-458 Exam VCE Dumps >> Free Download

    NEW 70-459 Exam VCE Dumps >> Free Download

    HOT 70-460 Exam VCE Dumps >> Free Download

    HOT 70-461 Exam VCE Dumps >> Free Download

    HOT 70-462 Exam VCE Dumps >> Free Download

    HOT 70-463 Exam VCE Dumps >> Free Download

    HOT 70-464 Exam VCE Dumps >> Free Download

    HOT 70-465 Exam VCE Dumps >> Free Download

    HOT 70-466 Exam VCE Dumps >> Free Download

    HOT 70-467 Exam VCE Dumps >> Free Download

    HOT 70-469 Exam VCE Dumps >> Free Download

    NEW 70-470 Exam VCE Dumps >> Free Download

    NEW 70-480 Exam VCE Dumps >> Free Download

    NEW 70-481 Exam VCE Dumps >> Free Download

    NEW 70-482 Exam VCE Dumps >> Free Download

    HOT 70-483 Exam VCE Dumps >> Free Download

    NEW 70-484 Exam VCE Dumps >> Free Download

    NEW 70-485 Exam VCE Dumps >> Free Download

    NEW 70-486 Exam VCE Dumps >> Free Download

    NEW 70-487 Exam VCE Dumps >> Free Download

    HOT 70-488 Exam VCE Dumps >> Free Download

    NEW 70-489 Exam VCE Dumps >> Free Download

    NEW 70-490 Exam VCE Dumps >> Free Download

    NEW 70-491 Exam VCE Dumps >> Free Download

    NEW 70-492 Exam VCE Dumps >> Free Download

    NEW 70-494 Exam VCE Dumps >> Free Download

    NEW 70-496 Exam VCE Dumps >> Free Download

    NEW 70-497 Exam VCE Dumps >> Free Download

    NEW 70-498 Exam VCE Dumps >> Free Download

    NEW 70-499 Exam VCE Dumps >> Free Download

    NEW 70-511 Exam VCE Dumps >> Free Download

    NEW 70-513 Exam VCE Dumps >> Free Download

    NEW 70-515 Exam VCE Dumps >> Free Download

    NEW 70-516 Exam VCE Dumps >> Free Download

    NEW 70-517 Exam VCE Dumps >> Free Download

    HOT 70-532 Exam VCE Dumps >> Free Download

    HOT 70-533 Exam VCE Dumps >> Free Download

    HOT 70-534 Exam VCE Dumps >> Free Download

    NEW 70-573 Exam VCE Dumps >> Free Download

    NEW 70-576 Exam VCE Dumps >> Free Download

    NEW 70-640 Exam VCE Dumps >> Free Download

    NEW 70-642 Exam VCE Dumps >> Free Download

    NEW 70-646 Exam VCE Dumps >> Free Download

    NEW 70-659 Exam VCE Dumps >> Free Download

    NEW 70-662 Exam VCE Dumps >> Free Download

    NEW 70-663 Exam VCE Dumps >> Free Download

    NEW 70-667 Exam VCE Dumps >> Free Download

    NEW 70-668 Exam VCE Dumps >> Free Download

    NEW 70-673 Exam VCE Dumps >> Free Download

    HOT 70-680 Exam VCE Dumps >> Free Download

    NEW 70-685 Exam VCE Dumps >> Free Download

    NEW 70-686 Exam VCE Dumps >> Free Download

    NEW 70-687 Exam VCE Dumps >> Free Download

    HOT 70-688 Exam VCE Dumps >> Free Download

    NEW 70-689 Exam VCE Dumps >> Free Download

    NEW 70-692 Exam VCE Dumps >> Free Download

    NEW 70-694 Exam VCE Dumps >> Free Download

    NEW 70-695 Exam VCE Dumps >> Free Download

    NEW 70-696 Exam VCE Dumps >> Free Download

    NEW 70-697 Exam VCE Dumps >> Free Download

    NEW 70-980 Exam VCE Dumps >> Free Download

    NEW 70-981 Exam VCE Dumps >> Free Download

    NEW 74-335 Exam VCE Dumps >> Free Download

    NEW 74-338 Exam VCE Dumps >> Free Download

    NEW 74-343 Exam VCE Dumps >> Free Download

    NEW 74-344 Exam VCE Dumps >> Free Download

    HOT 74-409 Exam VCE Dumps >> Free Download

    NEW 74-674 Exam VCE Dumps >> Free Download

    NEW 74-678 Exam VCE Dumps >> Free Download

    HOT 74-697 Exam VCE Dumps >> Free Download

    NEW 77-427 Exam VCE Dumps >> Free Download

  • « | Main | »

    New Free AmazonExam Cisco 350-018 CCIE Security Exam 1-30

    By admin | April 20, 2015

    Tagged with:

    Topic 1, Volume A
    QUESTION NO: 1
    In order to reassemble IP fragments into a complete IP datagram, which three IP header fields are
    referenced by the receiver? (Choose three.)
    A. don’t fragment flag
    B. packet is fragmented flag
    C. IP identification field
    D. more fragment flag
    E. number of fragments field
    F. fragment offset field
    Answer: C,D,F
    Explanation:
    QUESTION NO: 2
    Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN
    configuration that only affect the local switch and are not propagated to other switches in the VTP
    domain?
    A. transparent
    B. server
    C. client
    D. local
    E. pass-through
    Answer: A
    Explanation:
    QUESTION NO: 3
    Which type of VPN is based on the concept of trusted group members using the GDOI key
    management protocol?
    A. DMVPN
    B. SSLVPN
    C. GETVPN
    D. EzVPN

    E. MPLS VPN
    F. FlexVPN
    Answer: C
    Explanation:
    QUESTION NO: 4
    Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall
    to allow PMTUD?
    A. ICMPv6 Type 1 – Code 0 – no route to host
    B. ICMPv6 Type 1 – Code 1 – communication with destination administratively prohibited
    C. ICMPv6 Type 2 – Code 0 – packet too big
    D. ICMPv6 Type 3 – Code 1 – fragment reassembly time exceeded
    E. ICMPv6 Type 128 – Code 0 – echo request
    F. ICMPv6 Type 129 – Code 0 – echo reply
    Answer: C
    Explanation:
    QUESTION NO: 5
    A firewall rule that filters on the protocol field of an IP packet is acting on which layer of the OSI
    reference model?
    A. network layer
    B. application layer
    C. transport layer
    D. session layer
    Answer: A
    Explanation:

    http://www.amazonexam.com/350-018.html

     

    QUESTION NO: 6
    Which layer of the OSI model is referenced when utilizing http inspection on the Cisco ASA to filter
    Instant Messaging or Peer to Peer networks with the Modular Policy Framework?

    A. application layer
    B. presentation layer
    C. network layer
    D. transport layer
    Answer: A
    Explanation:
    QUESTION NO: 7
    When a Cisco IOS Router receives a TCP packet with a TTL value less than or equal to 1, what
    will it do?
    A. Route the packet normally
    B. Drop the packet and reply with an ICMP Type 3, Code 1 (Destination Unreachable, Host
    Unreachable)
    C. Drop the packet and reply with an ICMP Type 11, Code 0 (Time Exceeded, Hop Count
    Exceeded)
    D. Drop the packet and reply with an ICMP Type 14, Code 0 (Timestamp Reply)
    Answer: C
    Explanation:
    QUESTION NO: 8
    In an 802.11 WLAN, which option is the Layer 2 identifier of a basic service set, and also is
    typically the MAC address of the radio of the access point?
    A. BSSID
    B. SSID
    C. VBSSID
    D. MBSSID
    Answer: A
    Explanation:
    QUESTION NO: 9
    What term describes an access point which is detected by your wireless network, but is not a

    trusted or managed access point?
    A. rogue
    B. unclassified
    C. interferer
    D. malicious
    Answer: A
    Explanation:
    QUESTION NO: 10
    A router has four interfaces addressed as 10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, and 10.1.4.1/24.
    What is the smallest summary route that can be advertised covering these four subnets?
    A. 10.1.2.0/22
    B. 10.1.0.0/22
    C. 10.1.0.0/21
    D. 10.1.0.0/16
    Answer: C
    Explanation:
    QUESTION NO: 11
    Which two address translation types can map a group of private addresses to a smaller group of
    public addresses? (Choose two.)
    A. static NAT
    B. dynamic NAT
    C. dynamic NAT with overloading
    D. PAT
    E. VAT
    Answer: C,D
    Explanation:
    QUESTION NO: 12

    Which authentication mechanism is available to OSPFv3?
    A. simple passwords
    B. MD5
    C. null
    D. IKEv2
    E. IPsec AH/ESP
    Answer: E
    Explanation:
    QUESTION NO: 13
    Which two IPv6 tunnel types support only point-to-point communication? (Choose two.)
    A. manually configured
    B. automatic 6to4
    C. ISATAP
    D. GRE
    Answer: A,D
    Explanation:
    QUESTION NO: 14
    Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)
    A. update
    B. query
    C. reply
    D. hello
    E. acknowledgement
    Answer: D,E
    Explanation:
    QUESTION NO: 15

    Before BGP update messages may be sent, a neighbor must stabilize into which neighbor state?
    A. Active
    B. Idle
    C. Connected
    D. Established
    Answer: D
    Explanation:
    QUESTION NO: 16
    Which three statements are correct when comparing Mobile IPv6 and Mobile IPv4 support?
    (Choose three.)
    A. Mobile IPv6 does not require a foreign agent, but Mobile IPv4 does.
    B. Mobile IPv6 supports route optimization as a fundamental part of the protocol; IPv4 requires
    extensions.
    C. Mobile IPv6 and Mobile IPv4 use a directed broadcast approach for home agent address
    discovery.
    D. Mobile IPv6 makes use of its own routing header; Mobile IPv4 uses only IP encapsulation.
    E. Mobile IPv6 and Mobile IPv4 use ARP for neighbor discovery.
    F. Mobile IPv4 has adopted the use of IPv6 ND.
    Answer: A,B,D
    Explanation:
    QUESTION NO: 17
    Refer to the exhibit.

    image

    Which message could contain an authenticated initial_contact notify during IKE main mode
    negotiation?
    A. message 3
    B. message 5
    C. message 1
    D. none, initial_contact is sent only during quick mode
    E. none, notify messages are sent only as independent message types
    Answer: B
    Explanation:
    QUESTION NO: 18
    Which protocol does 802.1X use between the supplicant and the authenticator to authenticate
    users who wish to access the network?
    A. SNMP
    B. TACACS+
    C. RADIUS
    D. EAP over LAN
    E. PPPoE
    Answer: D
    Explanation:

    QUESTION NO: 19
    Which two statements are correct regarding the AES encryption algorithm? (Choose two.)
    A. It is a FIPS-approved symmetric block cipher.
    B. It supports a block size of 128, 192, or 256 bits.
    C. It supports a variable length block size from 16 to 448 bits.
    D. It supports a cipher key size of 128, 192, or 256 bits.
    E. The AES encryption algorithm is based on the presumed difficulty of factoring large integers.
    Answer: A,D
    Explanation:
    QUESTION NO: 20
    What are two benefits of using IKEv2 instead of IKEv1 when deploying remote-access IPsec
    VPNs? (Choose two.)
    A. IKEv2 supports EAP authentication methods as part of the protocol.
    B. IKEv2 inherently supports NAT traversal.
    C. IKEv2 messages use random message IDs.
    D. The IKEv2 SA plus the IPsec SA can be established in six messages instead of nine
    messages.
    E. All IKEv2 messages are encryption-protected.
    Answer: A,B
    Explanation:

    QUESTION NO: 21
    DNSSEC was designed to overcome which security limitation of DNS?
    A. DNS man-in-the-middle attacks
    B. DNS flood attacks
    C. DNS fragmentation attacks
    D. DNS hash attacks
    E. DNS replay attacks
    F. DNS violation attacks
    Answer: A

    Explanation:
    QUESTION NO: 22
    Which three statements are true about MACsec? (Choose three.)
    A. It supports GCM modes of AES and 3DES.
    B. It is defined under IEEE 802.1AE.
    C. It provides hop-by-hop encryption at Layer 2.
    D. MACsec expects a strict order of frames to prevent anti-replay.
    E. MKA is used for session and encryption key management.
    F. It uses EAP PACs to distribute encryption keys.
    Answer: B,C,E
    Explanation:
    QUESTION NO: 23
    Which SSL protocol takes an application message to be transmitted, fragments the data into
    manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and
    transmits the resulting unit in a TCP segment?
    A. SSL Handshake Protocol
    B. SSL Alert Protocol
    C. SSL Record Protocol
    D. SSL Change CipherSpec Protocol
    Answer: C
    Explanation:
    QUESTION NO: 24
    IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)
    A. Send
    B. Mobile IPv6
    C. site-to-site virtual interfaces
    D. OSPFv3

    E. CAPWAP
    F. LWAPP
    Answer: B,C,D
    Explanation:
    QUESTION NO: 25
    Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)
    A. PEAP
    B. EAP-TLS
    C. EAP-FAST
    D. EAP-TTLS
    E. EAPOL
    F. EAP-RADIUS
    G. EAP-MD5
    Answer: A,B,C,D
    Explanation:
    QUESTION NO: 26
    Which three statements are true about the SSH protocol? (Choose three.)
    A. SSH protocol runs over TCP port 23.
    B. SSH protocol provides for secure remote login and other secure network services over an
    insecure network.
    C. Telnet is more secure than SSH for remote terminal access.
    D. SSH protocol runs over UDP port 22.
    E. SSH transport protocol provides for authentication, key exchange, confidentiality, and integrity.
    F. SSH authentication protocol supports public key, password, host based, or none as
    authentication methods.
    Answer: B,E,F
    Explanation:
    QUESTION NO: 27

    Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
    A. Only SMTP inspection is provided on the Cisco ASA firewall.
    B. A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to
    the mail server.
    C. ESMTP mail servers will respond to an EHLO with a list of the additional extensions they
    support.
    D. SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.
    E. ESMTP servers can identify the maximum email size they can receive by using the SIZE
    command.
    Answer: C,E
    Explanation:
    QUESTION NO: 28
    How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?
    A. It is included in the CIADDR field.
    B. It is included as DHCP Option 50 in the OPTIONS field.
    C. It is included in the YIADDR field.
    D. It is the source IP address of the UDP/53 wrapper packet.
    E. The client cannot request its last IP address; it is assigned automatically by the server.
    Answer: B
    Explanation:
    QUESTION NO: 29
    Which two statements about an authoritative server in a DNS system are true? (Choose two.)
    A. It indicates that it is authoritative for a name by setting the AA bit in responses.
    B. It has a direct connection to one of the root name servers.
    C. It has a ratio of exactly one authoritative name server per domain.
    D. It cannot cache or respond to queries from domains outside its authority.
    E. It has a ratio of at least one authoritative name server per domain.
    Answer: A,E
    Explanation:

    QUESTION NO: 30
    Refer to the exhibit.

    image

    Which three statements are true? (Choose three.)
    A. Because of a "root delay" of 0ms, this router is probably receiving its time directly from a
    Stratum 0 or 1 GPS reference clock.
    B. This router has correctly synchronized its clock to its NTP master.
    C. The NTP server is running authentication and should be trusted as a valid time source.
    D. Specific local time zones have not been configured on this router.
    E. This router will not act as an NTP server for requests from other devices.
    Answer: B,C,E
    Explanation:

    http://www.amazonexam.com/350-018.html

    229 Total Views 2 Views Today

    Topics: 350-018, Cisco | Comments Off on New Free AmazonExam Cisco 350-018 CCIE Security Exam 1-30

    Tagged with:

    Comments are closed.