New Updated Cisco CCIE Security 350-018 Real Exam Download 261-270



Cisco Security Agent can protect a host from which three of the following attack points based on its default policy? (Choose three.)


A.      a buffer overflow followed by an attempt to run code off of the stack on the Cisco Security Agent-protected host

B.      a new application that is attempting to run for the first time after being downloaded from the Internet on a Cisco Security Agent-protected host

C.      a process trying to create a new file on a Cisco Security Agent-protected host

D.      a browser connecting to a pornographic site from a Cisco Security Agent-protected host

E.       a user trying to access a remote share where they do not have permission from a Cisco Security Agent-protected host

F.       vulnerability scanning against the host running the Cisco Security Agent


Correct Answers: ABF




Which two of the following statements are true regarding the SSH protocol? (Choose two.)


A.      SSH version 1 only supports DES or 3DES.

B.      There are structural weaknesses in SSH version 1 which leave it open to attacks.

C.      SSH version 1 supports DSA public key algorithm but not RSA.

D.      SSH version 2 also supports Secure FTP.

E.       Cisco IOS routers only support SSHv1.


Correct Answers: BD




Which of these statements best describes the advantage of using Cisco Secure Desktop, which is part of the Cisco ASA VPN solution?


A.        Cisco Secure Desktop creates a separate computing environment that is deleted when you finish, ensuring that no confidential data is left on the shared or public computer.

B.        Cisco Secure Desktop is used to protect access to your registry and system files when browsing to SSL VPN protected pages.

C.        Cisco Secure Desktop ensures that an SSL protected password cannot be exploited by a man-in-the-middle attack using a spoofed certificate.

D.        Cisco Secure Desktop hardens the operating system of the machines you are using at the time it is launched.


Correct Answers: A




Which two of the following statements are true? (Choose two.)


A.      RC4 is a stream cipher.

B.      Stream ciphers require padding.

C.      AES is a block cipher.

D.      DES and 3DES are stream ciphers.

E.       AES is a stream cipher.

F.       AES, DES, and 3DES can be used as HMAC algorithms.


Correct Answers: AC




When applying MD5 route authentication on routers running RIP or EIGRP, which two important key chain considerations should be accounted for? (Choose two.)


A.      The lifetimes of the keys in the chain should overlap.

B.      No more than three keys should be configured in any single chain.

C.      Routers should be configured for NTP to synchronize their clocks.

D.      Key 0 of all key chains must match for all routers in the autonomous system.

E.       Link compression techniques should be disabled on links transporting any MD5 hash.


Correct Answers: AC




Which two of the following commands are required to implement a Cisco Catalyst 6500 Series FWSM? (Choose two.)


A.      firewall multiple-vlan-interfaces

B.      firewall module x vlan-group y

C.      module x secure-traffic

D.      firewall vlan-group

E.       firewall module x secure-traffic


Correct Answers: BD




Which of the following statements is correct regarding a hybrid crypto system?


A.      uses symmetric crypto for key distribution

B.      uses symmetric crypto for proof of origin

C.      uses symmetric crypto for fast encryption and decryption

D.      uses asymmetric crypto for message confidentiality

E.       uses symmetric crypto to transmit the asymmetric keys, which are then used to encrypt a session


Correct Answers: C




TACACS+ authentication uses which three packet types? (Choose three.)






E.       REPLY

F.       START


Correct Answers: CEF




The Cisco Security MARS appliance offers attack mitigation using which two methods? (Choose two.)


A.      automatically pushing ACLs to Layer 3 devices to block attacker traffic

B.      automatically pushing commands to Layer 2 switches to shut down attacker ports

C.      automatically resetting attacker TCP connections

D.      recommending ACLs to be manually pushed to Layer 3 devices such as routers and firewalls

E.       operating as an inline appliance, it automatically blocks malicious traffic inline

F.       working in conjunction with CSM to block attacker traffic inline


Correct Answers: BD




If an administrator is unable to connect to a Cisco ASA or PIX security appliance via Cisco ASDM, which four of the following items should be checked? (Choose four.)


A.      The HTTPS server is enabled.

B.      The HTTP server is enabled.

C.      The user IP address is permitted in the interface ACL.

D.      The user IP address is permitted in the HTTP statement.

E.       The ASDM file resides in flash memory.

F.       The asdm image command exists in the configuration.


Correct Answers: BDEF



Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers


You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by