New Updated Cisco CCIE Security 350-018 Real Exam Download 271-280

Ensurepass

QUESTION 271

Which of the following best describes a hash function?

 

A.      an irreversible fast encryption method

B.      a reversible fast encryption method

C.      a reversible value computed from a piece of data and used to detect modifications

D.      an irreversible value computed from a piece of data and used to detect modifications

E.       a table in which values are stored for efficient retrieval

 

Correct Answers: D

 

 

QUESTION 272

Which three of the following statements about AES are true? (Choose three.)

 

A.      AES is faster to compute than 3DES.

B.      AES is not subject to known-plaintext attacks, while DES is subject to them.

C.      AES is a block cipher, while 3DES and DES are stream ciphers.

D.      AES can be used with longer keys than 3DES.

E.       AES is an open standard, while 3DES and DES are proprietary.

 

Correct Answers: ABD

 

 

QUESTION 273

Which two of the following statements describe why TACACS+ is more desirable from a security standpoint than RADIUS? (Choose two.)

 

A.      It uses UDP as its transport.

B.      It uses TCP as its transport.

C.      It encrypts the password field with a unique key between server and requester.

D.      Encrypting the whole data payload is optional.

E.       Authentication and authorization are combined into a single query for robustness.

 

Correct Answers: BD

 

 

QUESTION 274

When using Cisco SDM to manage a Cisco IOS device, what configuration statements are necessary to be able to use Cisco SDM?

 

A.      ip http server

B.      ip http secure-server

C.      ip http server   

sdm location X.X.X.X

D.      ip http secure-server

sdm location X.X.X.X

E.       ip http server

ip http secure-server

 

Correct Answers: A

 

 

QUESTION 275

Refer to the Cisco ASA Software Version 7.x configuration. Which of the following scenarios best describes the reason you would deploy this configuration on your Cisco ASA adaptive security appliance?

 

clip_image001

 

A.      to ensure that HTTP traffic follows RFC compliance

B.      to ensure that any HTTP session that has a URL with the string “X-Counter” or “X-Session” is blocked and logged

C.      to ensure that any HTTP session that has a URL with the string “X-Counter” or “X-Session” is reset and logged

D.      to ensure that connections from any custom web applications that use “X-Counter” or “X-Session” are reset and logged

 

Correct Answers: D

 

 

QUESTION 276

Which two of the following statements indicate how Cisco IPS Sensor Software Version 5.0 differs from Version 4.0? (Choose two.)

 

A.      The monitoring system pulls events from the sensor.

B.      The sensor supports intrusion prevention functionality.

C.      The sensor pushes events to the monitoring system.

D.      The sensor uses RDEP.

E.       The sensor software calculates a risk rating for alerts to reduce false positives.

 

Correct Answers: BE

 

 

QUESTION 277

When comparing symmetric ciphers to asymmetric ciphers, which one of the following statements is not true?

 

A.      Symmetric ciphers are faster.

B.      Symmetric ciphers are less computationally intensive.

C.      Asymmetric ciphers require a shared secret called the private key.

D.      Asymmetric ciphers are in general more difficult to break.

E.       Both AES and DES are symmetric ciphering techniques.

 

Correct Answers: C

 

 

QUESTION 278

When designing the addressing scheme of the internal routers at a company, many security professionals choose to use RFC 1918 addresses. Which three of the following addresses are RFC 1918 addresses? (Choose three.)

 

A.      A.0.0.0.0/8

B.      B.10.0.0.0/8

C.      C.172.16.0.0/12

D.      D.172.16.0.0/16

E.       E.192.168.0.0/16

F.       F.192.168.0.0/24

 

Correct Answers: BCE

 

 

QUESTION 279

Drag and drop question. Drag the items to the proper locations.

clip_image003

 

Correct Answers:

clip_image005

 

 

QUESTION 280

How do TCP SYN attacks take advantage of TCP to prevent new connections from being established to a host under attack?

 

A.      sending multiple FIN segments, forcing TCP connection release

B.      filling up a host listen queue by failing to ACK partially opened TCP connections

C.      taking advantage of the host transmit backoff algorithm by sending jam signals to the host

D.      incrementing the ISN of each segment by a random number, causing constant TCP

retransmissions

E.       sending TCP RST segments in response to connection SYN+ACK segments, forcing SYN

retransmissions

 

Correct Answers: B

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply