New Updated Cisco CCIE Security 350-018 Real Exam Download 311-320

Ensurepass

QUESTION 311

Which transport mechanism is used between a RADIUS authenticator and a RADIUS

authentication server?

 

A.      UDP, with only the password in the Access-Request packet encrypted

B.      UDP, with the whole packet body encrypted

C.      TCP, with only the password in the Access-Request packet encrypted

D.      EAPOL, with TLS encrypting the entire packet

E.       UDP RADIUS encapsulated in the EAP mode enforced by the authentication server.

 

Correct Answer: A

 

 

QUESTION 312

Which three statements about the TACACS protocol are correct? (Choose three.)

 

A.      TACACS+ is an IETF standard protocol.

B.      TACACS+ uses TCP port 47 by default.

C.      TACACS+ is considered to be more secure than the RADIUS protocol.

D.      TACACS+ can support authorization and accounting while having another separate

authentication solution.

E.       TACACS+ only encrypts the password of the user for security.

F.       TACACS+ supports per-user or per-group for authorization of router commands.

 

Correct Answer: CDF

 

 

QUESTION 313

Which three EAP methods require a server-side certificate? (Choose three.)

 

A.      PEAP with MS-CHAPv2

B.      EAP-TLS

C.      EAP-FAST

D.      EAP-TTLS

E.       EAP-GTP

 

Correct Answer: ABD

 

 

QUESTION 314

Which statement is true about EAP-FAST?

 

A.      It supports Windows single sign-on.

B.      It is a proprietary protocol.

C.      It requires a certificate only on the server side.

D.      It does not support an LDAP database.

 

Correct Answer: A

 

 

QUESTION 315

Which four attributes are identified in an X.509v3 basic certificate field? (Choose four.)

 

A.      key usage

B.      certificate serial number

C.      issuer

D.      subject name

E.       signature algorithm identifier

F.       CRL distribution points

G.      subject alt name

 

Correct Answer: BCDE

 

 

QUESTION 316

What is the purpose of the OCSP protocol?

 

A.      checks the revocation status of a digital certificate

B.      submits a certificate signing request

C.      verifies a signature of a digital certificate

D.      protects a digital certificate with its private key

 

Correct Answer: A

 

 

QUESTION 317

What are two reasons for a certificate to appear in a CRL? (Choose two.)

 

A.      CA key compromise

B.      cessation of operation

C.      validity expiration

D.      key length incompatibility

E.       certification path invalidity

 

Correct Answer: AB

 

 

QUESTION 318

Which transport method is used by the IEEE 802.1X protocol?

 

A.      EAPOL frames

B.      802.3 frames

C.      UDP RADIUS datagrams

D.      PPPoE frames

 

Correct Answer: A

 

 

QUESTION 319

Which encryption mechanism is used in WEP?

 

A.      RC4

B.      RC5

C.      DES

D.      AES

 

Correct Answer: A

 

 

QUESTION 320

Which three statements about Security Group Tag Exchange Protocol are true? (Choose three.)

 

A.      SXP runs on UDP port 64999.

B.      A connection is established between a “listener” and a “speaker.”

C.      It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform SGT tagging at Layer 2 to devices that support it.

D.      SXP is supported across multiple hops.

E.       SXPv2 introduces connection security via TLS.

 

Correct Answer: BCD

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply