CCIE(350018)真题精选.docx

1、CCIE（350-018）真题精选单项选择题1、CS-MARSworkswith which IOS feature to accomplish detection？（）A. IOS IPSB. AutosecureC. CSAD. NetflowE. IOS Network Foundation Protection （NFP）F. IOS Firewall参考答案 ：Danomaly单项选择题2、When implementing best practices for IP Source Address Spoofing and Defeating Denial of Service At

2、tacks with IP SourceAddress Spoofing，what RFC is commonly usedto protect your network？（）A. RFC 1149B. RFC 3704C. RFC 1918D. RFC 2827参考答案 ：D单项选择题3、When implementing internet standards you are required to follow RFCs processes and procedures based onwhat RFC？（）A. RFC 1769 and mere publicationsB. Real

3、standards of RFC 1918C. RFC 1669 real standards andmere publicationsD. Real standards and mere publications RFC 1796E. None of the above参考答案 ：E单项选择题4、Since HTTP is one of the most common protocols used in the internet，what should be done at a firewall level toensure thatthe protocol is being used co

4、rrectly？（）A. Ensure that a stateful firewall allows only HTTP traffic destined for valid web server IPaddresses.B. Ensure that a firewall has SYN flood and DDoS protection applied specifically for valid webservers.C. Ensure that your firewall enforces HTTP protocol compliance to ensure that only val

5、id flows are allowed inand outof yournetwork.D. Ensure that HTTP is alwaysauthenticated.E. Ensure that your web server is in a different zone than your backend servers such as SQL andDNS.参考答案 ：C单项选择题5、What Cisco technology protects against Protocol manipulation？（）A. Spanning tree protectB. Root Guar

6、d and BPDU GuardC. Unicast Reverse Path ForwardingD. MAC spoof guardE. Port Security参考答案 ：BSpanning-Tree单项选择题6、Which of the following is an technology that could be enabledA. Anomaly DetectionB. SYN CookiesC. Application InspectionD. Content filteringE. Anti-X ProtectionF. Anti Virus参考答案 ：Aexample o

7、f a security by Netflow？（）单项选择题7、What Cisco Switch feature best protects against CAM table overflow attacks？（）A. Storm ControlB. Port securityC. CAM table size definitionD. IP spoofpreventionE. Network Based Application Recognition参考答案 ：B多项选择题8、Which access methods can CS-MARS use toget configuratio

8、n information from an Adaptive SecurityAppliance （ASA）？（）A. SDEEB. TelnetC. ConsoleD. FTPE. HTTPSF. SSH参考答案 ：B,F单项选择题9、ASDM on the ASA platform is executed as：（）A. An active-x applicationor a java script applicationB. A java script application and a PHPapplication.C. A fully compiled .NET framework

9、applicationD. A fully operational Visual Basic applicationE. A java applet running in the context of your browser or a stand alone application using the java run-timeenvironment参考答案 ：E单项选择题10、What is true about SYN cookies？（）A. All TCPoptions are supported，such aslargewindows.B. The server can have

10、more than8 unique MSSvalues.C. SYN cookies are not implemented as a method of defending against SYNfloods.D. SYN cookies are implemented as a method of defending against SYNfloods.参考答案 ：D单项选择题11、Of the threats discussed below，what is the main advantage of using Cisco Secure Desktop which is part of

11、the Cisco ASA VPN solution？（）A. Secure desktop will create a completely separate computing environment thatwill be deleted when you aredone.Thisensures that no confidential data has been left on the shared/publiccomputer.B. Secure desktop is used to protect access to your registry and systemfiles wh

12、en browsing to SSL/VPNprotectedpages.C. Secure Desktop ensures that an SSLprotected password cannotbe exploitedby a man in the middle attackusing a spoofedcertificate.D. Secure desktop hardens the operating system of the machines you are using at the time secure desktopislaunched.参考答案 ：A多项选择题12、Whic

13、h statements are true concerning NAT？（）A. NAT provides 1 to manyaddressmapping.B. NAT provides 1 to 1 addressmapping.C. NAT is only useful forTCP/UDP and ICMPtraffic.D. NAT can be used for all IPtraffic.参考答案 ：B,D多项选择题13、What technologies are includedA. Content and URL filteringB. Intrusion Preventio

14、nC. VPND. Virus and Phishing protectionE. Content Caching参考答案 ：A,B,DinAnti-X？（）单项选择题14、CSA protects your host by：（）A. Preventing browsers from opening network sockets inlisteningstate.B. Preventingbufferoverflows.C. Preventingusers from entering unencrypted passwordsD. Preventing browsers from actin

15、g as client towebservers.参考答案 ：A多项选择题15、Choose the most correct statements about SMTP/ESMTP. （）A. Open mail relays are often used forspamming.B. ESMTP does NOT provide more security features thanC. SMTPdoes provide authenticated emailsending.D. Worms often spread viaSMTP.参考答案 ：A,DSMTP单项选择题16、Cisco C

16、lean Access ensures that computers connecting to your network have which of the following？（）A. No vulnerable applications or operating systemsB. No viruses or wormsC. Appropriate security applications and patch levelsD. Current IPS signaturesE. Cisco Security Agent参考答案 ：C单项选择题17、Which of these is th

17、e best way to provide sender nonrepudiation？（）A. pre-sharedkeyB. secure hashC. SSLD. RSA signature参考答案 ：D单项选择题18、What group in Cisco prime modulus equivalentA. group 3B. group 1C. group 5D. group 7参考答案 ：CIOS does too？（）1536-bitDiffie-Hellman单项选择题19、What are the header sizes for point-to-point and po

18、int GRE（also known asmGRE） with tunnel key？（）A. 4 bytes for bothB. 4 bytes，and 8 bytes respectivelyC. 8 bytes for bothD. 24 bytes for both参考答案 ：B单项选择题20、Which ones are the two type of ciphers？（）A. Blocking cipher andnon-blocking cipherB. CBC cipher and EBC cipherC. Block cipher and Stream cipherD. B

19、locker cipher and Streamer cipherE. 3DES cipher and AES cipher参考答案 ：C单项选择题21、Which SSL protocol takes anapplication message tobe transmitted，fragments the datainto manageable blocks，optionally compresses the data，applies a MAC，encrypts，adds a header，and transmits the resulting unit ina TCPsegment？（）

20、A. SSL Handshake ProtocolB. SSLAlert ProtocolC. SSL Record ProtocolD. SSL Change CipherSpec Protocol参考答案 ：C更多内容请访问睦霖题库微信公众号单项选择题22、For a router to obtain a certificate from a CA，what is the first stepof the certificate enrollment process？（）A. the router generates a certificate request and forwards i

21、t tothe CAB. the router generates an RSA key pairC. the router sends its public key to the CAD. the CA sends its public key to the routerE. the CA verifies the identity of the routerF. the CA generates a certificate request and forwards it to the router参考答案 ：B多项选择题23、Which two statements are correct

22、 about the aaaauthentication login default grouptacacs+ localglobal configuration command？（）A. this login authenticationmethod list is automaticallyapplied to all lines except those that have a named method list explicitly definedB. If the user fails the TACACS+ authentication then the local databas

23、e on the router will be used to authenticatethe userC. if the tacacs+ server fails to respond then the local database on the router will be used to authenticate the userD. loginis the name of the method list being configuredE. if the tacacs+ server is unavailable，authentication will succeed automati

24、callyby default参考答案 ：A,C单项选择题24、Which Cisco security software product mitigates Day Zero attacks on desktops and servers - stopping known and unknown attacks without requiring reconfigurations or updates on the endpoints？（）A. Cisco Secure Desktop （CSD）B. NAC Appliance Agent （NAA）C. Cisco SecurityAge

25、nt （CSA）D. SSLVPN Client （SVC）E. Cisco TrustAgent （CTA）参考答案 ：C多项选择题25、TACACS+ authenticationA. ACCESS REQUESTB. ACCESS ACCEPTC. CONTINUED. CHALLENGEE. REPLYF. START参考答案 ：C,E,Fuseswhichthreepackettypes？（）单项选择题26、Which should be the key driver for a company security policys creation，implementation and

26、 enforcement？（）A. the business knowledge of the IT staffB. the technical knowledge of the IT staffC. the companys business objectivesD. the companys network topologyE. the IT future directions参考答案 ：C单项选择题27、Which IOS QoS mechanism is used strictly to traffic destinedto the router itself？（）A. Class-B

27、ased PolicingB. Control Plane PolicingC. Dual-Rate PolicierD. Single-Rate PolicierE. Class-BasedTraffic Shaper参考答案 ：Bratelimit单项选择题28、In an L2TP voluntary tunneling scenario，the VPDN tunnel is terminated between：（）A. The client and theNAS.B. The NAS andtheLNS.C. The NAS and theLAC.D. The client and

28、theLNS.参考答案 ：D单项选择题29、Which one of the following is NOT a supported IKE attribute？（）A. PFSgroup.B. Encryptionalgorithm.C. HashingAlgorithm.D.Authenticationmethod.E. Lifetimeduration.参考答案 ：A单项选择题30、With PGP，which of the following entity signs a userss public key？（）A. The sender of themessage.B. The r

29、eceipient of themessage.C. The senders administrator who provides the sender with the PGPprogram.D. A third party that belongs to whats often known as web of trust，that can verify the relationship between the user and thekey.E. The vendor of the PGPprogram.参考答案 ：D单项选择题31、When configuring a multipoint GRE （mGRE） tunnel interface，which one of the follo