New Updated Cisco CCIE Security 350-018 Real Exam Download 251-260

Ensurepass

QUESTION 251

What does qos pre-classify provides in regard to implementing QoS over GRE/IPSec VPN tunnels?

 

A.        Enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption, based on fields in the inner IP header.

B.        Enables IOS to classify packets based on the ToS field in the inner (original) IP header.

C.        Enables IOS to classify packets based on the ToS field in the outer tunnel IP header.

D.        Enables IOS to copy the ToS field from the inner (original) IP header to the outer tunnel IP header.

E.         Enables the IOS classification engine to only see a single encrypted and tunneled flow to reduce classification complexity.

 

Correct Answer: A

 

 

QUESTION 252

Which IOS QoS mechanism is used strictly to rate limit traffic destined to the router itself?

 

A.        Single-Rate Policier

B.        Control Plane Policing

C.        Dual-Rate Policier

D.        Class-Based Policing

 

Correct Answer: B

 

 

QUESTION 253

Which of the following statements are true regarding hashing? (Choose two.)

 

A.        SHA-256 is an extension to SHA-1 with a longer output

B.        SHA-1 is stronger than MD5 because it can be used with a key to prevent modification

C.        MD5 takes more CPU cycles to compute than SHA-1

D.        MD5 produces a 160-bit result

E.         Changing 1 bit of the input to SHA-1 changes 1 bit of the output

 

Correct Answer: AE

 

 

QUESTION 254

SNMP is restricted on Cisco routers by what IOS command?

 

A.        snmp-server enable

B.        snmp-server community string

C.        snmp-server ip-address

D.        snmp-server no access permitted

 

Correct Answer: B

 

 

QUESTION 255

What would be the biggest challenge to a hacker writing a man-in-the-middle attack aimed at VPN tunnels using digital certificates for authentication?

 

A.        Programmatically determining the private key so they can proxy the connection between the two VPN endpoints.

B.        Determining the ISAKMP credentials when passed to establish the key exchange.

C.        Determining the pase two credentials used to establish the tunnel attributes.

D.        Decrypting and encrypting 3DES once keys are known.

 

Correct Answer: A

 

 

QUESTION 256

Multicast addresses in the range of 224.0.0.0 through 224.0.0.244 are reserved for:

 

A.        Administratively Scoped multicast traffic that is intended to remain inside of a private network and is never intended to be transmitted into the Internet.

B.        Global Internet multicast traffic intended to travel throughout the Internet.

C.        Link-local multicast traffic consisting of network control messages that never leave the local subnet.

D.        Any valid multicast data stream.

 

Correct Answer: C

 

 

QUESTION 257

In RFC 2138 (RADIUS), vendor specific attributes (VSA) are specified. Specifically, this is called VSA 26 (attribute 26). These allow vendors to support their own extended options. Cisco’s vendor ID is 9. Which of the following commands tell the Cisco IOS to use and understand VSA’s? (Choose three.)

 

A.        radius-server vsa send

B.        radius-server vsa send authentication

C.        radius-server vsa send accounting

D.        ip radius-server vsa send

 

Correct Answer: ABC

 

 

QUESTION 258

Refer to the shown network diagram and configuration. You are hosting a web server at 10.1.1.90, which is under a denial of service attack. Use NBAR to limit web traffic to that server at 200 kb/s. Which of the following configurations is correct to complete the NBAR configuration?

 

clip_image001

 

A.        policy-map drop

class DoS

police conform-action transmit exceed-action drop

 

B.        policy-map drop

class DoS

police cir 200000 bc 37500 be 75000

conform-action transmit

exceed-action drop

violate-action drop

!

access-list 188 permit tcp any host 10.1.1.90 eq www

 

C.        policy-map DoS-Attack

class DoS

police cir 200 bc 200 be 200

conform-action transmit

exceed-action drop

violate-action drop

!

access-list 188 permit tcp any host 10.1.1.90 eq www

 

D.        policy-map DoS-Attack

class DoS

police cir 200000 bc 37500 be 75000

conform-action transmit

exceed-action drop

violate-action drop

!

access-list 188 permit tcp any host 10.1.1.90 eq www

 

E.         policy-map DoS-Attack

class drop

police 200000 37500 75000 conform-action transmit exceed-action drop

!

access-list 188 permit tcp any host 10.1.1.90 eq www

 

Correct Answers: D

 

 

QUESTION 259

When initiating a new SSL/TLS session, the client receives the server SSL certificate and validates it. What does the client use the certificate for after validating it?

 

A.      The client and server use the key in the certificate to encrypt all data in the following SSL session.

B.      The server creates a separate session key and sends it to the client. The client has to decrypt the session key using the server public key from the certificate.

C.      The client creates a separate session key and encrypts it with the server public key from the certificate before sending it to the server.

D.      Nothing, the client and server switch to symmetric encryption using IKE to exchange keys.

E.       The client generates a random string, encrypts it with the server public key from the certificate, and sends it to the server. Both the client and server derive the session key from the random data sent by the client.

 

Correct Answers: E

 

 

QUESTION 260

According to RFC 3180, what is the correct GLOP address for AS 456?

 

A.      224.0.4.86

B.      224.4.86.0

C.      233.1.200.0

D.      239.2.213.0

E.       239.4.5.6

 

Correct Answers: C

 

 

Download Latest Complete collection of 350-018 Real Q&As ,help you to pass exam 100%.

Download FREE Ensurepass CCIE Security 350-018 Demo and Get the Discount Code
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCIE ExamS Questions and Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.