Killtest 351-018 시험문제는 완벽할 뿐만아니라 합격률이 96% 이상입니다. 답은 이 방면에 경험이 많은 강사들이 푸는 것이라 정확도가 100% 입니다. 우리시험문제 CCIE 351-018 를 사용해서 시험을 보면 쉽게 시험을 통과할 수 있을 것입니다
VUE/Prometric Code: 351-018
Exam: CCIE Pre-Qualification Test for Security
Ver:V9.02
Q&A:199 Q&As
Q&A:199 Q&As
업그레이트:2010-05-15
덤프보기:
1. When initiating a new SSL/TLS session, the client receives the server SSL certificate and validates it.
What does the client use the certificate for after validating it?
Select the best response.
A. The client and server use the key in the certificate to encrypt all data in the following SSL session.
B. The server creates a separate session key and sends it to the client. The client has to decrypt the
session key using the server public key from the certificate.
C. The client creates a separate session key and encrypts it with the server public key from the certificate
before sending it to the server.
D. Nothing, the client and server switch to symmetric encryption using IKE to exchange keys.
E. The client generates a random string, encrypts it with the server public key from the certificate, and
sends it to the server. Both the client and server derive the session key from the random data sent by the
client.
Answer: E
What does the client use the certificate for after validating it?
Select the best response.
A. The client and server use the key in the certificate to encrypt all data in the following SSL session.
B. The server creates a separate session key and sends it to the client. The client has to decrypt the
session key using the server public key from the certificate.
C. The client creates a separate session key and encrypts it with the server public key from the certificate
before sending it to the server.
D. Nothing, the client and server switch to symmetric encryption using IKE to exchange keys.
E. The client generates a random string, encrypts it with the server public key from the certificate, and
sends it to the server. Both the client and server derive the session key from the random data sent by the
client.
Answer: E
2. Which three of these statements describe how DNSSEC prevents DNS cache poisoning attacks from
succeeding? (Choose three.)
Select 3 response(s).
A. DNSSEC encrypts all records with domain-specific keys.
B. DNSSEC eliminates caching and forces all answers to be authoritative.
C. DNSSEC introduces KEY records that hold domain-specific public keys.
D. DNSSEC deprecates CNAME records and replaces them with DS records.
E. DNSSEC utilizes DS records to establish a trusted hierarchy of zones.
F. DNSSEC signs all records with domain-specific keys.
Answer: CEF
3. Which two of the following statements describe why TACACS+ is more desirable from a security
standpoint than RADIUS? (Choose two.)
Select 2 response(s).
A. It uses UDP as its transport.
B. It uses TCP as its transport.
C. It encrypts the password field with a unique key between server and requester.
D. Encrypting the whole data payload is optional.
E. Authentication and authorization are combined into a single query for robustness.
Answer: BD
4. When using Cisco SDM to manage a Cisco IOS device, what configuration statements are necessary
to be able to use Cisco SDM?
Select the best response.
A. ip http server
B. ip http secure-server
C. ip http server
sdm location X.X.X.X
D. ip http secure-server
sdm location X.X.X.X
E. ip http server
ip http secure-server
Answer: A
ip http secure-server
Answer: A
5. In regards to private address space, which three of the following statements are true? (Choose three.)
Select 3 response(s).
A. Private address space is defined in RFC 1918.
B. These IP addresses are considered private:
10.0.0.0
172.15.0.0
192.168.0.0
C. Private address space is not supposed to be routed over the Internet.
D. 127.0.0.1 is also considered part of private address space, according to the RFC.
E. Using only private address space and NAT to the Internet is not considered as secure as having a
stateful firewall.
Answer: ACE