CCIE(350018)真题精选.docx
《CCIE(350018)真题精选.docx》由会员分享,可在线阅读,更多相关《CCIE(350018)真题精选.docx(36页珍藏版)》请在冰点文库上搜索。
CCIE(350-018)真题精选
[单项选择题]
1、CS-MARSworkswithwhichIOSfeaturetoaccomplishdetection?
()
A.IOSIPS
B.Autosecure
C.CSA
D.Netflow
E.IOSNetworkFoundationProtection(NFP)
F.IOSFirewall
参考答案:
D
anomaly
[单项选择题]
2、WhenimplementingbestpracticesforIPSourceAddressSpoofingandDefeatingDenialofServiceAttackswithIPSourceAddressSpoofing,whatRFCiscommonlyusedtoprotectyournetwork?
()
A.RFC1149
B.RFC3704
C.RFC1918
D.RFC2827
参考答案:
D
[单项选择题]
3、WhenimplementinginternetstandardsyouarerequiredtofollowRFC’sprocessesandproceduresbasedonwhatRFC?
()
A.RFC1769andmerepublications
B.RealstandardsofRFC1918
C.RFC1669realstandardsandmerepublications
D.RealstandardsandmerepublicationsRFC1796
E.Noneoftheabove
参考答案:
E
[单项选择题]
4、SinceHTTPisoneofthemostcommonprotocolsusedintheinternet,whatshouldbedoneatafirewallleveltoensurethattheprotocolisbeingusedcorrectly?
()
A.EnsurethatastatefulfirewallallowsonlyHTTPtrafficdestinedforvalidwebserverIP
addresses.
B.EnsurethatafirewallhasSYNfloodandDDoSprotectionappliedspecificallyforvalidweb
servers.
C.EnsurethatyourfirewallenforcesHTTPprotocolcompliancetoensurethatonlyvalidflowsareallowedinandoutofyour
network.
D.EnsurethatHTTPisalways
authenticated.
E.EnsurethatyourwebserverisinadifferentzonethanyourbackendserverssuchasSQLand
DNS.
参考答案:
C
[单项选择题]
5、WhatCiscotechnologyprotectsagainstProtocolmanipulation?
()
A.Spanningtreeprotect
B.RootGuardandBPDUGuard
C.UnicastReversePathForwarding
D.MACspoofguard
E.PortSecurity
参考答案:
B
Spanning-Tree
[单项选择题]
6、Whichofthefollowingisantechnologythatcouldbeenabled
A.AnomalyDetection
B.SYNCookies
C.ApplicationInspection
D.Contentfiltering
E.Anti-XProtection
F.AntiVirus
参考答案:
A
exampleofasecuritybyNetflow?
()
[单项选择题]
7、WhatCiscoSwitchfeaturebestprotectsagainstCAMtableoverflowattacks?
()
A.StormControl
B.Portsecurity
C.CAMtablesizedefinition
D.IPspoof
preventionE.NetworkBasedApplicationRecognition
参考答案:
B
[多项选择题]
8、WhichaccessmethodscanCS-MARSusetogetconfigurationinformationfromanAdaptiveSecurityAppliance(ASA)?
()
A.SDEE
B.Telnet
C.Console
D.FTP
E.HTTPS
F.SSH
参考答案:
B,F
[单项选择题]
9、ASDMontheASAplatformisexecutedas:
()
A.Anactive-xapplicationorajavascriptapplication
B.AjavascriptapplicationandaPHP
application.
C.Afullycompiled.NETframeworkapplication
D.AfullyoperationalVisualBasicapplication
E.Ajavaappletrunninginthecontextofyourbrowserorastandaloneapplicationusingthejavarun-timeenvironment
参考答案:
E
[单项选择题]
10、WhatistrueaboutSYNcookies?
()
A.AllTCPoptionsaresupported,suchas
largewindows.
B.Theservercanhavemorethan8uniqueMSS
values.
C.SYNcookiesarenotimplementedasamethodofdefendingagainstSYN
floods.
D.SYNcookiesareimplementedasamethodofdefendingagainstSYN
floods.
参考答案:
D
[单项选择题]
11、Ofthethreatsdiscussedbelow,whatisthemainadvantageofusingCiscoSecureDesktopwhichispartoftheCiscoASAVPNsolution?
()
A.Securedesktopwillcreateacompletelyseparatecomputingenvironmentthatwillbedeletedwhenyouare
done.Thisensuresthatnoconfidentialdatahasbeenleftontheshared/public
computer.
B.SecuredesktopisusedtoprotectaccesstoyourregistryandsystemfileswhenbrowsingtoSSL/VPN
protectedpages.
C.SecureDesktopensuresthatanSSLprotectedpasswordcannotbeexploitedbyamaninthemiddleattackusingaspoofed
certificate.
D.Securedesktophardenstheoperatingsystemofthemachinesyouareusingatthetimesecuredesktop
islaunched.
参考答案:
A
[多项选择题]
12、WhichstatementsaretrueconcerningNAT?
()
A.NATprovides1tomanyaddress
mapping.
B.NATprovides1to1address
mapping.
C.NATisonlyusefulforTCP/UDPandICMP
traffic.
D.NATcanbeusedforallIP
traffic.
参考答案:
B,D
[多项选择题]
13、Whattechnologiesareincluded
A.ContentandURLfiltering
B.IntrusionPrevention
C.VPN
D.VirusandPhishingprotection
E.ContentCaching
参考答案:
A,B,D
inAnti-X?
()
[单项选择题]
14、CSAprotectsyourhostby:
()
A.Preventingbrowsersfromopeningnetworksocketsinlistening
state.
B.Preventingbuffer
overflows.
C.Preventingusersfromenteringunencryptedpasswords
D.Preventingbrowsersfromactingasclientto
webservers.
参考答案:
A
[多项选择题]
15、ChoosethemostcorrectstatementsaboutSMTP/
ESMTP.()
A.Openmailrelaysareoftenusedfor
spamming.
B.ESMTPdoesNOTprovidemoresecurityfeaturesthan
C.SMTPdoesprovideauthenticatedemail
sending."
D.Wormsoftenspreadvia
SMTP.
参考答案:
A,D
SMTP
[单项选择题]
16、CiscoCleanAccessensuresthatcomputersconnectingtoyournetworkhavewhichofthefollowing?
()
A.Novulnerableapplicationsoroperatingsystems
B.Novirusesorworms
C.Appropriatesecurityapplicationsandpatchlevels
D.CurrentIPSsignatures
E.CiscoSecurityAgent
参考答案:
C
[单项选择题]
17、Whichoftheseisthebestwaytoprovidesendernonrepudiation?
()
A.pre-sharedkey
B.securehash
C.SSL
D.RSAsignature
参考答案:
D
[单项选择题]
18、WhatgroupinCiscoprimemodulusequivalent
A.group3
B.group1
C.group5
D.group7
参考答案:
C
IOSdoestoo?
()
1536-bit
Diffie-Hellman
[单项选择题]
19、Whataretheheadersizesforpoint-to-pointandpointGRE(alsoknownasmGRE)withtunnelkey?
()
A.4bytesforboth
B.4bytes,and8bytesrespectively
C.8bytesforboth
D.24bytesforboth
参考答案:
B
[单项选择题]
20、Whichonesarethetwotypeofciphers?
()
A.Blockingcipherandnon-blockingcipher
B.CBCcipherandEBCcipher
C.BlockcipherandStreamcipher
D.BlockercipherandStreamercipher
E.3DEScipherandAEScipher
参考答案:
C
[单项选择题]
21、WhichSSLprotocoltakesanapplicationmessagetobetransmitted,fragmentsthedataintomanageableblocks,optionallycompressesthedata,appliesaMAC,encrypts,addsaheader,andtransmitstheresultingunitinaTCPsegment?
()
A.SSLHandshakeProtocol
B.SSLAlertProtocol
C.SSLRecordProtocol
D.SSLChangeCipherSpecProtocol
参考答案:
C更多内容请访问《睦霖题库》微信公众号
[单项选择题]
22、ForaroutertoobtainacertificatefromaCA,whatisthefirststepofthecertificateenrollmentprocess?
()
A.theroutergeneratesacertificaterequestandforwardsittotheCA
B.theroutergeneratesanRSAkeypair
C.theroutersendsitspublickeytotheCA
D.theCAsendsitspublickeytotherouter
E.theCAverifiestheidentityoftherouter
F.theCAgeneratesacertificaterequestandforwardsittotherouter
参考答案:
B
[多项选择题]
23、Whichtwostatementsarecorrectabouttheaaaauthenticationlogindefaultgrouptacacs+localglobalconfigurationcommand?
()
A.thisloginauthenticationmethodlistisautomaticallyappliedtoalllinesexceptthosethathaveanamedmethodlistexplicitlydefined
B.IftheuserfailstheTACACS+authenticationthenthelocaldatabaseontherouterwillbeusedtoauthenticatetheuser
C.ifthetacacs+serverfailstorespondthenthelocaldatabaseontherouterwillbeusedtoauthenticatetheuser
D."login"
isthenameofthemethodlistbeingconfigured
E.ifthetacacs+serverisunavailable,authenticationwillsucceedautomaticallybydefault
参考答案:
A,C
[单项选择题]
24、WhichCiscosecuritysoftwareproductmitigatesDayZeroattacksondesktopsandservers-stoppingknownandunknownattackswithoutrequiringreconfigurationsorupdatesontheendpoints?
()
A.CiscoSecureDesktop(CSD)
B.NACApplianceAgent(NAA)
C.CiscoSecurityAgent(CSA)
D.SSLVPNClient(SVC)
E.CiscoTrustAgent(CTA)
参考答案:
C
[多项选择题]
25、TACACS+authentication
A.ACCESSREQUEST
B.ACCESSACCEPT
C.CONTINUE
D.CHALLENGE
E.REPLY
F.START
参考答案:
C,E,F
uses
whichthree
packet
types?
()
[单项选择题]
26、Whichshouldbethekeydriverforacompanysecuritypolicy’screation,implementationandenforcement?
()
A.thebusinessknowledgeoftheITstaff
B.thetechnicalknowledgeoftheITstaff
C.thecompany’sbusinessobjectives
D.thecompany’snetworktopology
E.theITfuturedirections
参考答案:
C
[单项选择题]
27、WhichIOSQoSmechanismisusedstrictlytotrafficdestinedtotherouteritself?
()
A.Class-BasedPolicing
B.ControlPlanePolicing
C.Dual-RatePolicier
D.Single-RatePolicier
E.Class-BasedTrafficShaper
参考答案:
B
rate
limit
[单项选择题]
28、InanL2TPvoluntarytunnelingscenario,theVPDNtunnelisterminatedbetween:
()
A.Theclientandthe
NAS.
B.TheNASandthe
LNS.
C.TheNASandthe
LAC.
D.Theclientandthe
LNS.
参考答案:
D
[单项选择题]
29、WhichoneofthefollowingisNOTasupportedIKEattribute?
()
A.PFS
group.
B.Encryption
algorithm.
C.Hashing
Algorithm.
D.
Authenticationmethod.
E.Lifetime
duration.
参考答案:
A
[单项选择题]
30、WithPGP,whichofthefollowingentitysignsausers’spublickey?
()
A.Thesenderofthe
message.B.Thereceipientofthe
message.
C.Thesender’sadministratorwhoprovidesthesenderwiththePGP
program.
D.Athirdpartythatbelongstowhat’softenknownas"weboftrust",thatcanverifytherelationshipbetweentheuserandthe
key.
E.ThevendorofthePGP
program.
参考答案:
D
[单项选择题]
31、WhenconfiguringamultipointGRE(mGRE)tunnelinterface,whichoneofthefollo
升级会员 