New Updated Cisco CCIE Security 350-018 Real Exam Download 331-340

EnsurepassQUESTION 331 Which statement is true about the TFTP protocol?   A.      The client is unable to get a directory listing from the server. B.      The client is unable to create a new file on a server. C.      The client needs to log in with a username and password. D.      The client needs to log in using "anonymous" as a username and specifying an email address as a password.   Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 321-330

EnsurepassQUESTION 321 What does the SXP protocol exchange between peers?   A.      IP to SGT binding information B.      MAC to SGT binding information C.      ingress port to SGT binding information D.      ingress switch to SGT binding information   Correct Answer: A     QUESTION 322 What is a primary function of the SXP protocol?   A.      to extend Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 311-320

EnsurepassQUESTION 311 Which transport mechanism is used between a RADIUS authenticator and a RADIUS authentication server?   A.      UDP, with only the password in the Access-Request packet encrypted B.      UDP, with the whole packet body encrypted C.      TCP, with only the password in the Access-Request packet encrypted D.      EAPOL, with TLS encrypting the entire packet E.       Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 301-310

EnsurepassQUESTION 301 How does 3DES use the DES algorithm to encrypt a message?   A.      Encrypts a message with K1, decrypts the output with K2, then encrypts it with K3. B.      Encrypts a message with K1, encrypts the output with K2, then encrypts it with K3. C.      Encrypts K1 using K2, then encrypts it using K3, then encrypts a message using the outputkey. D.      Encrypts a message with Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 291-300

EnsurepassQUESTION 291 Which additional capability was added in IGMPv3?   A.      leave group messages support B.      source filtering support C.      group-specific host membership queries support D.      IPv6 support E.       authentication support between the multicast receivers and the last hop router   Correct Answer: B     QUESTION 292 Beacons, Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 281-290

EnsurepassQUESTION 281 Which two of the following statements are attributed to stateless filtering? (Choose two.)   A.      The first TCP packet in a flow must be a SYN packet. B.      It must process every packet against the inbound ACL filter. C.      It can look at sequence numbers to validate packets in flow. D.      It must implement an idle timeout. E.       Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 271-280

EnsurepassQUESTION 271 Which of the following best describes a hash function?   A.      an irreversible fast encryption method B.      a reversible fast encryption method C.      a reversible value computed from a piece of data and used to detect modifications D.      an irreversible value computed from a piece of data and used to detect modifications E.       a table Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 261-270

EnsurepassQUESTION 261 Cisco Security Agent can protect a host from which three of the following attack points based on its default policy? (Choose three.)   A.      a buffer overflow followed by an attempt to run code off of the stack on the Cisco Security Agent-protected host B.      a new application that is attempting to run for the first time after being downloaded from the Internet on a Cisco Security Agent-protected host C.      Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 251-260

EnsurepassQUESTION 251 What does qos pre-classify provides in regard to implementing QoS over GRE/IPSec VPN tunnels?   A.        Enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption, based on fields in the inner IP header. B.        Enables IOS to classify packets based on the ToS field in the inner (original) IP header. C.        Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 241-250

EnsurepassQUESTION 241 Which two current RFCs discuss special use IP addresses that may be used as a checklist of invalid routing prefixes for IPv4 and IPv6 addresses? (Choose two.)   A.      RFC 5156 B.      RFC 5735 C.      RFC 3330 D.      RFC 1918 E.       RFC 2827   Correct Answer: AB     QUESTION 242 Which four options could be flagged as potential Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 231-240

EnsurepassQUESTION 231 When you are configuring the COOP feature for GETVPN redundancy, which two steps are required to ensure the proper COOP operations between the key servers? (Choose two.)   A.      Generate an exportable RSA key pair on the primary key server and export it to the secondary key server. B.      Enable dead peer detection between the primary and secondary key servers. C.      Configure HSRP between Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 221-230

EnsurepassQUESTION 221 Refer to the exhibit, which shows a partial configuration for the EzVPN server. Which three missing ISAKMP profile options are required to support EzVPN using DVTI? (Choose three.)     A.      match identity group B.      trustpoint C.      virtual-interface D.      keyring E.       enable udp-encapsulation F.       Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 211-220

EnsurepassQUESTION 211 Refer to the exhibit. Choose the correct description of the implementation that produced this output on the Cisco ASA appliance.     A.      stateful failover using active-active for multi-context B.      stateful failover using active-standby for multi-context C.      stateful failover using active-standby for single-context D.      stateless failover using interface-level Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 201-210

EnsurepassQUESTION 201 Which two options represent definitions that are found in the syslog protocol (RFC 5426)? (Choose two.)   A.      Syslog message transport is reliable. B.      Each syslog datagram must contain only one message. C.      IPv6 syslog receivers must be able to receive datagrams of up to 1180 bytes. D.      Syslog messages must be prioritized with an IP precedence of 7. E.       Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 191-200

EnsurepassQUESTION 191 Which three statements about triple DES are true? (Choose three.)   A.      For 3DES, ANSI X9.52 describes three options for the selection of the keys in a bundle, where all keys are independent. B.      A 3DES key bundle is 192 bits long. C.      A 3DES keyspace is168 bits. D.      CBC, 64-bit CFB, OFB, and CTR are modes of 3DES. E.       3DES Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 181-190

EnsurepassQUESTION 181 Which three statements are true about Cryptographically Generated Addresses for IPv6? (Choose three.)   A.      They prevent spoofing and stealing of existing IPv6 addresses. B.      They are derived by generating a random 128-bit IPv6 address based on the public key of the node. C.      They are used for securing neighbor discovery using SeND. D.      SHA or MD5 is used Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 171-180

EnsurepassQUESTION 171 Which four protocols are supported by Cisco IOS Management Plane Protection? (Choose four.)   A.      Blocks Extensible Exchange Protocol (BEEP) B.      Hypertext Transfer Protocol Secure (HTTPS) C.      Secure Copy Protocol (SCP) D.      Secure File Transfer Protocol (SFTP) E.       Secure Shell (SSH) F.       Read more [...]

New Updated Cisco CCIE Security 350-018 Real Exam Download 161-170

EnsurepassQUESTION 161 Which three statements are true about the Cisco NAC Appliance solution? (Choose three.)   A.      In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server. B.      In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco router using the "NAC discovery-host" global configuration command. C.      Read more [...]