★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Exam Code: 350-018 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Pre-Qualification Test for Security
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 350-018 Exam.
2016 Apr 350-018 Study Guide Questions:
Q316. What is the purpose of the BGP TTL security check?
A. The BGP TTL security check is used for iBGP session.
B. The BGP TTL security check protects against CPU utilization-based attacks.
C. The BGP TTL security check checks for a TTL value in packet header of less than or equal to for successful peering.
D. The BGP TTL security check authenticates a peer.
E. The BGP TTL security check protects against routing table corruption.
Q317. Refer to the exhibit.
Which three statements are true? (Choose three.)
A. Because of a "root delay" of 0ms, this router is probably receiving its time directly from a Stratum 0 or 1 GPS reference clock.
B. This router has correctly synchronized its clock to its NTP master.
C. The NTP server is running authentication and should be trusted as a valid time source.
D. Specific local time zones have not been configured on this router.
E. This router will not act as an NTP server for requests from other devices.
Q318. Refer to the exhibit.
What is the reason for the failure of the DMVPN session between R1 and R2?
A. tunnel mode mismatch
B. IPsec phase-1 configuration missing peer address on R2
C. IPsec phase-1 policy mismatch
D. IPsec phase-2 policy mismatch
E. incorrect tunnel source interface on R1
Improve 350-018 free draindumps:
Q319. Which field in an HTTPS server certificate is compared to a server name in the URL?
A. Common Name
B. Issuer Name
D. Organizational Unit
Q320. If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next?
A. drop the packet
B. check the outside interface inbound ACL to determine if the packet is permitted or denied
C. perform NAT operations on the packet if required
D. check the MPF policy to determine if the packet should be passed to the SSM
E. perform stateful packet inspection based on the MPF policy
Q321. DNSSEC was designed to overcome which security limitation of DNS?
A. DNS man-in-the-middle attacks
B. DNS flood attacks
C. DNS fragmentation attacks
D. DNS hash attacks
E. DNS replay attacks
F. DNS violation attacks
Real 350-018 :
Q322. Which three nonproprietary EAP methods do not require the use of a client-side certificate for mutual authentication? (Choose three.)
Q323. Which four IPv6 messages should be allowed to transit a transparent firewall? (Choose four.)
A. router solicitation with hop limit = 1
B. router advertisement with hop limit = 1
C. neighbor solicitation with hop limit = 255
D. neighbor advertisement with hop limit = 255
E. listener query with link-local source address
F. listener report with link-local source address
Q324. Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)
A. COBIT and ISO 27002 both define a best practices framework for IT controls.
B. COBIT focuses on information system processes, whereas ISO 27002 focuses on the security of the information systems.
C. ISO 27002 addresses control objectives, whereas COBIT addresses information security management process requirements.
D. Compared to COBIT, ISO 27002 covers a broader area in planning, operations, delivery, support, maintenance, and IT governance.
E. Unlike COBIT, ISO 27002 is used mainly by the IT audit community to demonstrate risk mitigation and avoidance mechanisms.
Q325. Which statement about the prelogin assessment module in Cisco Secure Desktop is true?
A. It assigns an IP address to the remote device after successful authentication.
B. It checks for any viruses on the remote device and reports back to the security appliance.
C. It checks the presence or absence of specified files on the remote device.
D. It clears the browser cache on the remote device after successful authentication.
E. It quarantines the remote device for further assessment if specific registry keys are found.
Q326. Which port or ports are used for the FTP data channel in passive mode?
A. random TCP ports
B. TCP port 21 on the server side
C. TCP port 21 on the client side
D. TCP port 20 on the server side
E. TCP port 20 on the client side
see more CCIE Pre-Qualification Test for Security