50 likes | 141 Vues
This number is proved by candidates through practice. Because Examunion has a strong IT team of experts, they are committed to study exam questions and answers, and serve the vital interests of the majority of candidates.
E N D
ExamUn on ! Certified IT Exam Material Authority Accuratestudyguides,Highpassingrate! Weofferfreeupdateserviceforoneyear! h?p://www.examunion.com
The safer , easier way to help you pass any IT exams. Exam:350-018 Title: CCIE Security Exam (4.0) Version:DEMO 1 / 4
The safer , easier way to help you pass any IT exams. 1.Which statement is valid regarding SGACL? A.SGACL mapping and policies can only be manually configured. B.Dynamically downloaded SGACL does not override manually configured conflicting policies. C.SGACL is access-list bound with a range of SGTs and DGTs. D.SGACL is not a role-based access list. Answer:C Explanation: A role-based access control list bound to a range of SGTs and DGTs forms an SGACL Explanation: http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sgacl_config.htm l 2.Of which IPS application is Event Store a component? A.InterfaceApp B.AuthenticationApp C.SensorApp D.NotificationApp E.MainApp Answer:E Explanation: Cisco IPS software includes the following applications: • MainApp—Initializes the system, starts and stops the other applications, configures the OS, and performs upgrades.It contains the following components: – ctlTransSource (Control Transaction server)—Allows sensors to send control transactions.This is used to enable the master blocking sensor capability of Attack Response Controller (formerly known as Network Access Controller). – Event Store—An indexed store used to store IPS events (error, status, and alert system messages) that is accessible through the CLI, IDM, IME, ASDM, or SDEE. Explanation: http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_system_archite cture.html#wp1009053 2 / 4
The safer , easier way to help you pass any IT exams. 3. Refer to the exhibit. Which two statements about this debug output are true? (Choose two.) A.The request is from NHC to NHS. B.The request is from NHS to NNC. C.192.168.10.2 is the remote NBMA address. D.192.168.10.1 is the local VPN address. E.69.1.1.2 is the local non-routable address. F.This debug output represents a failed NHRP request. Answer:A, D 4.Which statement describes RA? A.The RA is not responsible to verify users request for digital certificates. B.The RA is part of private key infrastructure. C.The RA has the power to accept registration requests and to issue certificates. D.The RA only forwards the requests to the CA to issue certificates. Answer:D 5.Refer to the exhibit. 3 / 4
The safer , easier way to help you pass any IT exams. Against which type of attack does the given configuration protect? A.pharming B.a botnet attack C.phishing D.DNS hijacking E.DNS cache poisoning Answer:B Explanation: https://supportforums.cisco.com/document/33011/asa-botnet-configuration 4 / 4