QUESTION 21
An attacker configures an access point to broadcast the same SSID that is used at a public hot- spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker. In addition to the deauthentication attack, what attack has been launched?
A. man-in-the-middle
B. MAC spoofing
C. Layer 1 DoS
D. disassociation attack
Answer: A
QUESTION 22
Which statement best describes the concepts of rootkits and privilege escalation?
A. Rootkits propagate themselves.
B. Privilege escalation is the result of a rootkit.
C. Rootkits are a result of a privilege escalation.
D. Both of these require a TCP port to gain access.
Answer: B
QUESTION 23
Which multicast capability is not supported by the Cisco ASA appliance?
A. ASA configured as a rendezvous point
B. sending multicast traffic across a VPN tunnel
C. NAT of multicast traffic
D. IGMP forwarding (stub) mode
Answer: B
QUESTION 24
Which method of output queuing is supported on the Cisco ASA appliance?
A. CBWFQ
B. priority queuing
C. MDRR
D. WFQ
E. custom queuing
Answer: B
QUESTION 25
Which four values can be used by the Cisco IPS appliance in the risk rating calculation? (Choose four.)
A. attack severity rating
B. target value rating
C. signature fidelity rating
D. promiscuous delta
E. threat rating
F. alert rating
Answer: ABCD
QUESTION 26
Which three authentication methods does the Cisco IBNS Flexible Authentication feature support? (Choose three.)
A. cut-through proxy
B. dot1x
C. MAB
D. SSO
E. web authentication
Answer: BCE
QUESTION 27
Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant are able to authenticate, but clients without the supplicant are not able to use web authentication. Which configuration option will correct this issue?
A. switch(config)# aaa accounting auth-proxy default start-stop group radius
B. switch(config-if)# authentication host-mode multi-auth
C. switch(config-if)# webauth
D. switch(config)# ip http server
E. switch(config-if)# authentication priority webauth dot1x
Answer: D
QUESTION 28
Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?
A. HTTP inspection
B. static entries in the botnet blacklist and whitelist
C. global ACL
D. NetFlow
E. DNS inspection and DNS snooping
Answer: E
QUESTION 29
Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable web application identified by the “/runscript.php” URI is run?
A. AIC HTTP
B. Service HTTP
C. String TCP
D. Atomic IP
E. META
F. Multi-String
Answer: B
QUESTION 30
With the Cisco FlexVPN solution, which four VPN deployments are supported? (Choose four.)
A. site-to-site IPsec tunnels?
B. dynamic spoke-to-spoke IPSec tunnels? (partial mesh)
C. remote access from software or hardware IPsec clients?
D. distributed full mesh IPsec tunnels?
E. IPsec group encryption using GDOI?
F. hub-and-spoke IPsec tunnels?
Answer: ABCF
http://www.passleader.com/350-018.html
QUESTION 31
Which four techniques can you use for IP management plane security? (Choose four.)
A. Management Plane Protection
B. uRPF
C. strong passwords
D. RBAC
E. SNMP security measures
F. MD5 authentication
Answer: ACDE
QUESTION 32
Which three statements about remotely triggered black hole filtering are true? (Choose three.)
A. It filters undesirable traffic.
B. It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks.
C. It provides a rapid-response technique that can be used in handling security-related events and incidents.
D. It requires uRPF.
Answer: ACD
QUESTION 33
Which three statements about Cisco Flexible NetFlow are true? (Choose three.)
A. The packet information used to create flows is not configurable by the user.
B. It supports IPv4 and IPv6 packet fields.
C. It tracks all fields of an IPv4 header as well as sections of the data payload.
D. It uses two types of flow cache, normal and permanent.
E. It can be a useful tool in monitoring the network for attacks.
Answer: BCE
QUESTION 34
During a computer security forensic investigation, a laptop computer is retrieved that requires content analysis and information retrieval. Which file system is on it, assuming it has the default installation of Microsoft Windows Vista operating system?
A. HSFS
B. WinFS
C. NTFS
D. FAT
E. FAT32
Answer: C
QUESTION 35
Which three statements about the IANA are true? (Choose three.)
A. IANA is a department that is operated by the IETF.
B. IANA oversees global IP address allocation.
C. IANA managed the root zone in the DNS.
D. IANA is administered by the ICANN.
E. IANA defines URI schemes for use on the Internet.
Answer: BCD
QUESTION 36
What does the Common Criteria (CC) standard define?
A. The current list of Common Vulnerabilities and Exposures (CVEs)
B. The U.S standards for encryption export regulations
C. Tools to support the development of pivotal, forward-looking information system technologies
D. The international standards for evaluating trust in information systems and products
E. The international standards for privacy laws
F. The standards for establishing a security incident response system
Answer: D
QUESTION 37
Which three types of information could be used during the incident response investigation phase? (Choose three.)
A. netflow data
B. SNMP alerts
C. encryption policy
D. syslog output
E. IT compliance reports
Answer: ABD
QUESTION 38
Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Answer: B
QUESTION 39
Which option is a benefit of implementing RFC 2827?
A. prevents DoS from legitimate, non-hostile end systems
B. prevents disruption of special services such as Mobile IP
C. defeats DoS attacks which employ IP source address spoofing
D. restricts directed broadcasts at the ingress router
E. allows DHCP or BOOTP packets to reach the relay agents as appropriate
Answer: C
QUESTION 40
Which of the following provides the features of route summarization, assignment of contiguous blocks of addresses, and combining routes for multiple classful networks into a single route?
A. classless interdomain routing
B. route summarization
C. supernetting
D. private IP addressing
Answer: A
Effective Passleader 350-018 Exam Questions Dumps With Low Cost And 100 Percent Pass