A. Traffic bound for the Internet will be translated by NAT and will be decrypted.

B. Traffic bound for the Internet will be unrouted due to private source IP addresses.

C. Traffic will not successfully access the Internet or the subnets of the remote router's Ethernet interface.

D. Traffic between the Ethernet subnets on both routers will be encrypted.

E. Traffic will be translated by NAT between the Ethernet subnets on both routers. Answer: D

QUESTION 12 In which way is data between a router and a TACACS+ server encrypted?

A. CHAP Challenge responses

B. DES encryption, if defined

C. MD5 has using secret matching keys

D. PGP with public keys Answer: C Explanation: "The hash used in TACACS+ is MD5" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 497

QUESTION 13 What is the function of gratuitous ARP? (Choose all that apply.)

A. ARP refreshes other devices' ARP caches after reboot.

B. ARP will look for duplicate IP addresses.

C. ARP refreshes the originating server's cache every 20 minutes.

D. ARP will identify stations without MAC addresses.

E. ARP will prevent proxy ARP from becoming promiscuous. Answer: A, B Explanation: NOT SURE ABOUT THIS QUESTION - Refresh the originating server's cache every 20 minutes. Could be answer but the test wants only 2 Gratuitous ARP [23] is an ARP packet sent by a node in order to spontaneously

cause other nodes to update an entry in their ARP cache. A gratuitous ARP MAY use either an ARP Request or an ARP Reply packet. In either case, the ARP Sender Protocol Address and ARP Target Protocol Address are both set to the IP address of the cache entry to be updated, and the ARP Sender Hardware Address is set to the link-layer address to which this cache entry should be updated. When using an ARP Reply packet, the Target Hardware Address is also set to the link-layer address to which this cache entry should be updated (this field is not used in an ARP Request packet). Most hosts on a network will send out a Gratuitous ARP when they are initializing their IP stack. This Gratuitous ARP is an ARP request for their own IP address and is used to check for a duplicate IP address. If there is a duplicate address then the stack does not complete initialization.

QUESTION 14 What functionality best defines the use of a 'stub' area within an OSPF environment?

A. A stub area appears only on remote areas to provide connectivity to the OSPF backbone.

B. A stub area is used to inject the default route for OSPF.

C. A stub area uses the no-summary keyword to explicitly block external routes, defines the non-transit area, and uses the default route to reach external networks.

D. A stub area is used to reach networks external to the sub area. Answer: B Explanation: These areas do not accept routes belonging to external autonomous systems (AS); however, these areas have inter-area and intra-area routes. In order to reach the outside networks, the routers in the stub area use a default route which is injected into the area by the Area Border Router (ABR). A stub area is typically configured in situations where the branch office need not know about all the routes to every other office, instead it could use a default route to the central office and get to other places from there. Hence the memory requirements of the leaf node routers is reduced, and so is the size of the OSPF database.

QUESTION 15 The newly appointed Cisco Highway trainee technician want to know what is the best explanation for the command aaa authentication ppp default if-needed tacacs+. What will your reply be?

A. Use TACACS+ to perform authentication if authentication has been enabled on an interface.

B. Use TACACS+ to perform authentication if the user requests authentication.

C. Do not run PPP authentication if the user has already been authenticated by some other method.

D. Do not run PPP authentication if the user is not configured to run PPP authentication.

E. Do not run PPP authentication if the user knows the enable password. Answer: C Explanation:

if-needed (Optional) Used with TACACS and extended TACACS. Does not perform CHAP or PAP authentication if the user has already provided authentication. This option is available only on asynchronous interfaces.

QUESTION 16 What configuration command could be used to restrict SNMP access to a router?

A. snmp-server public

B. snmp-server password

C. snmp-server community

D. snmp-server host Answer: C

Explanation: Configure the community string (Optional) For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999.

QUESTION 17 Which of the following controls TFTP security? (Choose all that apply.)

A. A default TFTP directory.

B. A username/password.

C. A TFTP file.

D. A pre-existing file on the server before it will accept a put.

E. File privileges. Answer: A, D, E Explanation: username/password- is for FTP a default TFTP directory - one has to be in your tftp server and the location listed in the tftp command In uploading code you need to have a file but some programs like solarwinds will download the running config via tftp and make the file

QUESTION 18 Which of the following statements regarding RIP v1 is valid? (Choose all that apply.)

A. RIP v1 is a classful routing protocol.

B. RIP v1 is incapable of carrying subnet information in its routing updates.

C. RIP v1 is incapable of supporting Variable Length Subnet Masks (VLSM).

D. RIP v1 can support discontiguous networks. Answer: A, B, C Explanation: RIP and IGRP are classful protocols Why Doesn't RIP or IGRP Support Discontiguous Networks?

QUESTION 19 Which of the following types of traffic is NOT subject to inspection in the IOS Firewall Feature Set?

350-018 : CCIE Pre-Qualification Test for Security

Top of page	02 of 37

Search and Find Anything Here Enter your search terms Submit search form   Web www.ciscohighway.com