350-018 CCIE Security Exam (4.0)

Page 1   
Question 1

Which four options could be flagged as potential issues by a network security risk
assessment? (Choose four.)

  • A. router hostname and IP addressing scheme
  • B. router filtering rules
  • C. route optimization
  • D. database connectivity and RTT
  • E. weak authentication mechanisms
  • F. improperly configured email servers
  • G. potential web server exploits

Answer : B,E,F,G

Question 2

You have discovered that a router on your network is experiencing high CPU when
management server queries OID IIdpMIB. Assuming management stations
access to OID is not critical, what configuration can you apply to the router to prevent high
CPU usage when the OID is queried?




  • A. Exhibit A
  • B. Exhibit B
  • C. Exhibit C
  • D. Exhibit D

Answer : C

Explanation: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCue32333/?referring_site=bugquickview redir 3750X CPU spick relates to lldpMIB polling CSCue32333 Description Symptom: We observed a CPU spike on 3750X(12.2(58)SE2 and 15.0.2-SE1), when polling all OID on SNMP server.The high process is "SNMP ENGINE". We did not see CPU spike after excluded LLDP-MED-MIB lldpMIB.But when polling lldpMIB only(Did not exclude lldpMIB), we did not see CPU spike either. Conditions: 3750X-------SNMP server Workaround: ----------------------------------- snmp-server view LLDP-MED-MIB iso included snmp-server view LLDP-MED-MIB lldpMIB excluded snmp-server community view LLDP-MED-MIB RO 10 ----------------------------------- Further Problem Description:

Question 3

Refer to the exhibit.

A customer has an IPsec tunnel that is configured between two remote offices. The
customer is seeing these syslog messages on Router B:
%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=x, sequence
What is the most likely cause of this error?

  • A.
  • B. A hacker on the Internet is launching a spoofing attack.
  • C. Router B has an incorrectly configured IP MTU value on the WAN interface.
  • D. There is packet corruption in the network between Router A and Router B.
  • E. Router A and Router B are not synchronized to the same timer source.

Answer : A

Question 4

What is Cisco CKM (Centralized Key Management) used for?

  • A. to allow an access point to act as a TACACS server to authenticate the client
  • B. to avoid configuring PSKs (Pre-Shared Key) locally on network access devices and to configure a PSK once on a RADIUS server
  • C. to provide switch port security
  • D. to allow authenticated client devices to roam from one access point to another without any perceptible delay during re-association

Answer : D

Explanation: Using Cisco Centralized Key Management (CCKM), an access point configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client so quickly that there is no perceptible delay in voice or other time-sensitive applications Reference: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12- 2_13_JA/configuration/guide/s12213sc/s13roamg.html

Question 5

You are preparing Control Plane Protection configurations for implementation on the router,
which has the EBGP peering address Which ACL statement can you use to
classify the related traffic into the EBGP traffic compartment?

  • A. permit tcp host gt 1024 host eq bgp permit tcp host eq bgp host gt 1024
  • B. permit tcp host gt 1024 host eq bgp permit tcp host eq bgp host gt 1024
  • C. permit tcp host gt 1024 host eq bgp permit tcp host eq bgp host gt 1024
  • D. permit tcp host gt 1024 host eq bgp permit tcp host eq bgp host gt 1024

Answer : A

Question 6

You have configured an authenticator switch in access mode on a network configured with
NEAT. What RADIUS attribute must the ISE server return to change the switch's port mode
to trunk?

  • A. EAP-Message=switch
  • B. Acct-Authentic=RADIUS
  • C. device-traffic-class=trunk
  • D. Authenticate=Administrative
  • E. Framed-Protocol=1
  • F. device-traffic-class=switch

Answer : F

Explanation: http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681- config-neat-cise-00.html Supplicant Switch Authentication to Authenticator Switch In this example, the supplicant authenticates to the authenticator. The steps in the process are: The supplicant is configured and plugged into port fastethernet0/6. The dot1x exchange causes the supplicant to use EAP in order to send a pre-configured username and password to the authenticator. The authenticator performs a RADIUS exchange and provides credentials for ISE validation. If the credentials are correct, the ISE returns attributes required by NEAT (device-traffic- class=switch), and the authenticator changes its switchport mode from access to trunk.

Question 7

A frame relay PVC at router HQ has a CIR of 768 kb/s and the frame relay PVC at router
branch office has a CIR of 384 kb/s. Which QoS mechanism can best be used to ease the
data congestion and data loss due to the CIR speed mismatch?

  • A. traffic policing at the HQ
  • B. traffic policing at the branch office
  • C. traffic shaping at the HQ
  • D. traffic shaping at the branch office
  • E. LLQ at the HQ
  • F. LLQ at the branch office

Answer : C

Question 8

Which four attributes are identified in an X.509v3 basic certificate field? (Choose four.)

  • A. key usage
  • B. certificate serial number
  • C. issuer
  • D. subject name
  • E. signature algorithm identifier
  • F. CRL distribution points
  • G. subject alt name

Answer : B,C,D,E

Question 9

Which two cipher mechanisms does PColP use? (Choose two.)

  • A. autokey
  • B. RC4
  • C. SEAL
  • D. Blowfish
  • E. AES 256
  • F. Suite B

Answer : E,F

Explanation: http://www.teradici.com/pcoip-technology Secure Your Data Because the protocol transfers images only, in the form of pixel location information, no business information ever leaves the data center. In addition, because all software lies safely inside central systems, no one can tamper with service quality or introduce malware based on application infiltration. The PCoIP security module leverages the AES 256 and NSA Suite B cyphers, which meet the highest level of security required by governments.

Question 10

Which MAC address control command enables usage monitoring for a CAM table on a

  • A. mac-address-table synchronize
  • B. mac-address-table limit
  • C. mac-address-table secure
  • D. mac-address-table notification threshold
  • E. mac-address-table learning

Answer : D

Explanation: mac-address-table notification threshold To enable content-addressable memory (CAM) table usage monitoring notification, use the mac-address-table notification threshold command in global configuration mode. To disable CAM table usage monitoring notification, use the no form of this command. Reference: http://www.cisco.com/c/en/us/td/docs/ios/lanswitch/command/reference/lsw_book/lsw_m1. html

Question 11

Management Frame Protection is available in two deployment modes, Infrastructure and
Client. Which three statements describe the differences between these modes? (Choose

  • A. Infrastructure mode appends a MIC to management frames.
  • B. Client mode encrypts management frames.
  • C. Infrastructure mode can detect and prevent common DoS attacks.
  • D. Client mode can detect and prevent common DoS attacks.
  • E. Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients.

Answer : A,B,D

Question 12

You have determined that RouterA is sending a high number of fragmented packets from
the s0 interface to the Web server causing performance issues on RouterA . What
configuration can you perform to send the fragmented packets to the workstation at for analysis?
Refer to the exhibit.






  • A. Exhibit A
  • B. Exhibit B
  • C. Exhibit C
  • D. Exhibit D
  • E. Exhibit E
  • F. Exhibit F

Answer : F

Question 13

A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes
20 B of IP header, which statement is true?

  • A. The first three packets will have a packet payload size of 1400.
  • B. The last packet will have a payload size of 560.
  • C. The first three packets will have a packet payload size of 1480.
  • D. The last packet will have a payload size of 20.

Answer : C

Question 14

Which three statements about the keying methods used by MACSec are true? (Choose

  • A. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA.
  • B. A valid mode for SAP is NULL.
  • C. MKA is implemented as an EAPoL packet exchange.
  • D. SAP is enabled by default for Cisco TrustSec in manual configuration mode.
  • E. SAP is not supported on switch SVIs.
  • F. SAP is supported on SPAN destination ports.

Answer : B,C,E

Question 15

Which three IP resources is the IANA responsible? (Choose three.)

  • A. IP address allocation
  • B. detection of spoofed address
  • C. criminal prosecution of hackers
  • D. autonomous system number allocation
  • E. root zone management in DNS
  • F. BGP protocol vulnerabilities

Answer : A,D,E

Page 1