CCIE Security Exam (4.0) (350-018v4) Free Practice Test

Question 1

What protocol does IPv6 Router Advertisement use for its messages?

A. ARP

B. TCP

C. ICMPv6

D. UDP

Correct Answer: C

Question 2

Which three EAP methods require a server-side certificate? (Choose three.)

A. EAP-FAST

B. EAP-TLS

C. EAP-TTLS

D. EAP-GTP

E. PEAP with MS-CHAPv2

Correct Answer: B,C,E

Question 3

You have configured an NDAC seed switch as shown, but the switch is failing to allow other switches to securely join
the domain What command must you add to the seed switch's configuration to enable secure RADIUS communication?
Refer to the exhibit.

A. Seed-Switch(config)#no dot1x system-auth-control

B. Seed-Switch(config)#aaa preauth

C. Seed-Switch(config)#radius-server vsa send accounting

D. Seed-Switch(config)#radius-server host non-standard

E. Seed-Switch(config)#aaa authentication dot1x default group local

F. Seed-Switch(config)#radius.server host 10.1.1.2 auth-port 1812 acct-port 1813 test username ndac-test pac key Cisco123

Correct Answer: F

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which two values you must configure on the Cisco ASA firewall to support FQDN ACL? (Choose two.)

A. a service object

B. a service policy

C. a DNS server

D. an FQDN object

E. a policy map

F. a class map

Correct Answer: C,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which statement about ISO/IEC 27001 is true?

A. It was reviewed by the intermational Organization for Standardization

B. It was reviewed by the intermational Electrotechnical Commission

C. It is only intended to report security breaches to the management authority

D. It was published by ISO/IEC

E. It is intended to bring information security under management control

Correct Answer: E

Question 6

What are the three response types for SCEP enrollment requests? (Choose three.)

A. Reject

B. PKCS#10

C. Success

D. Pending

E. PKCS#7

F. Renewal

Correct Answer: A,C,D

Question 7

What is a key characteristic of MSTP?

A. always uses a separate STP instance per VLAN to increase efficiency

B. is a Cisco proprietary standard

C. only supports a single STP instance for all VLANs

D. several VLANs can be mapped to the same spanning-tree instance

Correct Answer: D

Question 8

Refer to the exhibit.

Why does the EasyVPN session fail to establish between the client and server?

A. incorrect group configuration on the client

B. incorrect ACL in the ISAKMP client group configuration

C. incorrect IPsec phase 2 configuration on the server

D. ISAKMP key mismatch

E. incomplete ISAKMP profile configuration on the server

Correct Answer: E

Question 9

Which three statements about IKEv2 are correct? (Choose three.)

A. Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.

B. INITIAL_CONTACT is used to synchronize state between peers.

C. Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.

D. NAT-T is not supported.

E. The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.

F. The IKEv2 standard defines a method for fragmenting large messages.

Correct Answer: A,B,E

Question 10

Which option is a desktop sharing application, used across a variety of platforms, with default TCP ports 5800/5801
and 5900/5901?

A. remote desktop protocol

B. X Windows

C. desktop proxy

D. VNC

Correct Answer: D

Question 11

A network administrator uses a LAN analyzer to troubleshoot OSPF router exchange messages sent to all OSPF
routers. To which one of these MAC addresses are these messages sent?

A. EF-FF-FF-00-00-05

B. FF-FF-FF-FF-FF-FF

C. 00-00-1C-EF-00-00

D. 01-00-5E-00-00-05

E. EF-00-00-FF-FF-FF

F. 01-00-5E-EF-00-00

Correct Answer: D

Welcome to TestSimulate

Cisco CCIE Security Exam (4.0) (350-018v4) Free Practice Test