CCIE Pre-Qualification Test for Security : 350-018 Exam

Exam Number/Code: 350-018
Exam Name: CCIE Pre-Qualification Test for Security
VUE Code: 350-018
Questions Type: Single choice, Multiple choice, Simulate,
Real Exam Question Numbers: 100 questions
Exam Language(s): English

“CCIE Pre-Qualification Test for Security”, also known as 350-018 exam, is a Cisco certification.
Preparing for the 350-018 exam? Searching 350-018 Test Questions, 350-018 Practice Exam, 350-018 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 177 Q&As to your 350-018 Exam preparation. In the 350-018 exam resources, you will cover every field and category in CCIE helping to ready you for your successful Cisco Certification

171. Low and slow reconnaissance scans used to gain information about a system to see if it is vulnerable to an
attack can be stopped with which of the following Cisco products?
A. ASA syn protection
B. ASA ICMP application inspection
C. CSA quarantine lists
D. IPS syn attack signatures
E. Cisco Guard
Answer: C
173. What is the best way to mitigate Browser Helper Objects (BHO) from being installed on your system?
A. Disable BHOs in your browser’s preferences.
B. A BHO is certificate protected and therefore safe to install on your system.
C. A BHO is not a security concern.
D. A BHO is easily protected using default anti-virus or IPS signatures.
E. A BHO installation can be stopped using CSA rules.
Answer: E

174. Since HTTP is one of the most common protocols used in the internet, what should be done at a firewall level
to ensure that the protocol is being used correctly?
A. Ensure that a stateful firewall allows only HTTP traffic destined for valid web server IP addresses.
B. Ensure that a firewall has SYN flood and DDoS protection applied specifically for valid web servers.
C. Ensure that your firewall enforces HTTP protocol compliance to ensure that only valid flows are allowed in
and out of your network.
D. Ensure that HTTP is always authenticated.
E. Ensure that your web server is in a different zone than your backend servers such as SQL and DNS.
Answer: C
175. When implementing internet standards you are required to follow RFC’s processes and procedures based on
what RFC?
A. RFC 1769 and mere publications
B. Real standards of RFC 1918
C. RFC 1669 real standards and mere publications
D. Real standards and mere publications RFC 1796
E. None of the above
Answer: E

176. Which RFCs are used to establish internet connectivity from a private office with the following
requirements?
254 users
Only one IP address provided by your ISP
Your IP address is assigned dynamically.
The CPE from the ISP is pre-provisioned and working.
You are expected to make changes on your router.
A. IP Network Address Translator (NAT): Defined in RFC 1631
B. IP Network Address Translator (NAT) Terminology and Considerations: Defined in RFC 2663
C. Network Address Translator (NAT) – Friendly Application Design Guidelines: Defined in RFC 3235
D. Address Allocation for Private Internets: Defined in RFC 1918
E. PPP and IPCP: Defined in RFC 1332
F. DHCP: Defined in RFC 2131
Answer: ADF

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

177. When implementing best practices for IP Source Address Spoofing and Defeating Denial of Service Attacks
with IP Source Address Spoofing, what RFC is commonly used to protect your network?
A. RFC 1149
B. RFC 3704
C. RFC 1918
D. RFC 2827
Answer: D
179. In ISO 27001 ISMS what are the main certification process phases required to collect information for ISO
27001?
A. Discover
B. Certification audit
C. Post-audit
D. Observation
E. Pre-audit
F. Major compliance
Answer: BCE

181. When configuring the FWSM for multiple security context in which context do you allocate interfaces?
A. Context A
B. System context
C. Admin context
D. Both b and c
Answer: B

183. When configuring an intrusion prevention sensor in promiscuous mode what type of malicious traffic can
NOT be stopped ?
A. Sweep reconnaissance (such as ICMP sweeps)
B. Atomic attacks (single packet attacks)
C. Flood attacks
D. Teardrop attacks
E. All of the above
Answer: B

184. What is Chain of Evidence in the context of security forensics?
A. The concept that evidence is controlled in locked down, but not necessarily authenticated
B. The concept that evidence is controlled and accounted for as to not disrupt its authenticity and integrity
C. The concept that the general whereabouts of evidence is known
D. The concept that if a person has possession of evidence someone knows where the evidence is and can say who
had it if it is not logged
Answer: B
185. CS-MARS works with which IOS feature to accomplish anomaly detection?
A. IOS IPS
B. Autosecure
C. CSA
D. Netflow
E. IOS Network Foundation Protection (NFP)
F. IOS Firewall
Answer: D
187. Which statement below is true about the command “nat control” on the ASA?
A. It requires traffic originating from the inside interface to match a NAT translation rule to pass through the
firewall on the outside interface.
B. It allows traffic originating from the inside interface to pass through the firewall on the outside interface
without a NAT translation rule being matched.
C. It requires traffic passing through the firewall on interfaces of the same security level to match a NAT
translation rule.
D. It allows traffic originating from the outside interface to pass through the firewall on the inside interface
without a NAT translation rule being matched.
Answer: A

189. Which of the following is true for RFC 4301 – Security Architecture for the Internet Protocol (obsoletes RFC
2401) – (Select two)
A. Specifies the Security Architecture for the Internet
B. Specifies the base architecture for Key Management, the Internet Key Exchange (IKE)
C. Specifies the base architecture for IPsec-compliant systems
D. Designed to provide security services for traffic at the IP layer, in the IPv4 environment only.
E. Designed to provide security services for traffic at the IP layer, in both the IPv4 and IPv6 environments.
Answer: CE

Free download:pass4sure ccie 350-018
Free download:testking ccie 350-018
more info:www.ciscoexams.org

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking