robocert 350-018 exam - ccie pre-qualification test for security
DESCRIPTION
robocert offers Cisco 350-018 questions and answers for your CCIE Pre-Qualification Test for Security exam preparation. Download 350-018 free sample to check the quality.TRANSCRIPT
Leading the way in IT testing and certification tools, www.RoboCert.com
- 2 -
Important Note, Please Read Carefully
Other RoboCert products
A) Offline Testing engine
Use the offline Testing engine product topractice the questions in an exam environment.
Build a foundation of knowledge which will be useful also after passing the exam.
Latest Version
We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 90 days after the purchase. You should check your
member zone at RoboCert and update 3-4 days before the scheduled exam date.
Here is the procedure to get the latest version:
1.Go towww.RoboCert.com
2.Click on Log in
3.The latest versions of all purchased products are downloadable from here. Just click the
links.
For most updates,it is enough just to print the new questions at the end of the new
version, not the whole document.
Feedback
If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to [email protected]. You should include the following:
Exam number, version, page number, question number, and your login Email.
Our experts will answer your mail promptly.
Copyright
Each iPAD file is a green exe file. if we find out that a particular iPAD Viewer file is
being distributed by you, RoboCert reserves the right to take legal action against you
according to the International Copyright Laws.
Explanations
This product does not include explanations at the moment. If you are interested in
providing explanations for this exam, please contact [email protected].
Leading the way in IT testing and certification tools, www.RoboCert.com
- 3 -
www.RoboCert.com Q: 1 Which two of these Cisco Catalyst security features offer
the best ways to prevent ARP cache poisoning? (Choose two.)
A. Dynamic ARP Inspection
B. port security
C. MAC address notification
D. DHCP snooping
E. PortFast
F. 802.1x authentication
Answer: A, D
www.RoboCert.com Q: 2 What is the net effect of using ICMP type 4 messages to
attack RFC 1122-compliant hosts?
A. Hosts will perform a soft TCP reset and restart the connection.
B. Hosts will perform a hard TCP reset and tear down the connection.
C. Hosts will reduce the rate at which they inject traffic into the network.
D. Hosts will redirect packets to the IP address indicated in the ICMP type 4 message.
E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message.
Answer: C
Leading the way in IT testing and certification tools, www.RoboCert.com
- 4 -
www.RoboCert.com Q: 3 After the client opens the command channel (port 21) to
the FTP server and requests passive mode, what will be the next step?
A. The FTP server sends back an ACK to the client.
B. The FTP server allocates a port to use for the data channel and transmits that port
number to the client.
C. The FTP server opens the data channel to the client using the port number indicated
by the client.
D. The FTP client opens the data channel to the FTP server on port 20.
E. The FTP client opens the data channel to the FTP server on port 21.
Answer: B
www.RoboCert.com Q: 4 In ISO 27001 ISMS, which three of these certification
process phases are required to collect information for ISO 27001? (Choose three.)
A. discover
B. certification audit
C. post-audit
D. observation
E. pre-audit
F. major compliance
Answer: B, C, E
Leading the way in IT testing and certification tools, www.RoboCert.com
- 5 -
www.RoboCert.com Q: 5 How do TCP SYN attacks take advantage of TCP to
prevent new connections from being established to a host under attack?
A. sending multiple FIN segments, forcing TCP connection release
B. filling up a host listen queue by failing to ACK partially opened TCP connections
C. taking advantage of the host transmit backoff algorithm by sending jam signals to the
host
D. incrementing the ISN of each segment by a random number, causing constant TCP
retransmissions
E. sending TCP RST segments in response to connection SYN+ACK segments, forcing
SYN retransmissions
Answer: B
www.RoboCert.com Q: 6 For a router to obtain a certificate from a CA, what is the
first step of the certificate enrollment process?
A. The router generates a certificate request and forwards it to the CA.
B. The router generates an RSA key pair.
C. The router sends its public key to the CA.
D. The CA sends its public key to the router.
E. The CA verifies the identity of the router.
F. The CA generates a certificate request and forwards it to the router.
Answer: B
Leading the way in IT testing and certification tools, www.RoboCert.com
- 6 -
www.RoboCert.com Q: 7 Which two of these commands are required to implement
a Cisco Catalyst 6500 Series Firewall Services Module (FWSM) in a Catalyst 6500
running Cisco IOS? (Choose two.)
A. firewall multiple-vlan-interfaces
B. firewall module vlan-group y
C. module secure-traffic
D. firewall vlan-group <vlan-x>
E. firewall module secure-traffic
Answer: B, D
www.RoboCert.com Q: 8 Routing loops can occur in distance vector routing
protocols if the network has inconsistent routing entries. Which three of these
methods can be used to avoid them? (Choose three.)
A. split horizon
B. route poisoning
C. route suppression
D. route splitting
E. hold-down timers
Answer: A, B, E
www.RoboCert.com Q: 9 A bogon list (a list of reserved or unassigned IP
addresses) that is applied to an access control list (ACL) can be best described as
which of these?
Leading the way in IT testing and certification tools, www.RoboCert.com
- 7 -
A. content filter
B. packet filter
C. URL filter
D. application filter
E. stateful filter
Answer: B
www.RoboCert.com Q: 10 All of these statements about the Cisco Configuration
Professional tool are correct except which one?
A. It is a GUI-based device management tool for Cisco access routers.
B. It offers a one-click router lockdown feature.
C. It is installed in router flash memory.
D. It is free and can be downloaded from the Cisco website.
E. It simplifies routing, firewall, IPS, VPN, Cisco Unified Communications, WAN, and
LAN configuration using easy-to-use GUI-based wizards.
Answer: E