350-018 题库答案分享

bigperry

鸿鹄论坛_CCIE 350-018 security new Questions with answer.pdf (1.57 MB, 下载次数: 510, 售价: 2 个鸿鹄币)

2016-6-2 15:46 上传

点击文件名下载附件

; f: e5 ~: P7 C( y$ ^0 X前些日子论坛上没有答案的350-018题库，答案系本人意见，自行斟酌。

qxmx

这里有题库 昨天仍然过人

ztbryantao

dwddsdsdsds

dizhengqiang

All of these are predefined reports in the Cisco IPS Manager Express (Cisco IME) GUI except which one?
A. Top Signature Report
B. Top Application Report
# Y) @" ]7 |4 FC. Attacks Overtime Report
) S0 A$ u6 k4 U4 `: {D. Top victims Report
E. Top Attacker Report
- S+ p9 p6 u$ V) |1 |  J
第六十题是不是应该选B

dizhengqiang

第七十题
8 }6 y1 i/ l& A5 m' ~有些疑问
8 ?+ e+ X. j. {" N1 M
1. Add the anomaly detection policy to your virtual sensors.
' e$ X2 }9 c2 E' i, P$ V% }You can use the default anomaly detection policy, ad0, or you can configure a new one.
" k7 S" _! @& n% S2. Configure the anomaly detection zones and protocols.
3. By default, the anomaly detection operational mode is set to Detect, although for the first 24 hours
! l1 @1 R: ]+ |! x  Z; X- i, P/ b, Z9 Eit performs learning to create a populated KB. The initial KB is empty and during the default 24
hours, anomaly detection collects data to use to populate the KB. If you want the learning period to
be longer than the default period of 24 hours, you must manually set the mode to Learning Accept.
/ a4 k5 M4 @; L8 D# s4. Let the sensor run in learning accept mode for at least 24 hours (the default).
) @  x3 ]( e  `3 r0 `0 R7 N1 WYou should let the sensor run in learning accept mode for at least 24 hours so it can gather
information on the normal state of the network for the initial KB. However, you should change the
amount of time for learning accept mode according to the complexity of your network.
9 I, c# U& X# P4 R3 _5. If you manually set anomaly detection to learning accept mode, switch back to detect mode.
6. Configure the anomaly detection parameters:
• Configure the worm timeout and which source and destination IP addresses should be bypassed
! M* E0 d4 T" K: [/ j$ kby anomaly detection.
2 L+ t! s5 L' |/ qAfter this timeout, the scanner threshold returns to the configured value.
• Decide whether you want to enable automatic KB updates when anomaly detection is in detect
4 P( J- A% B1 k& \" d/ a. w+ Amode.
( c- F7 [* J. J/ K: }. B( k! {( O• Configure the 18 anomaly detection worm signatures to have more event actions than just the
4 S# c" k$ I. |% l9 q6 r( sdefault Produce Alert. For example, configure them to have Deny Attacker event actions.
7 P! v1 p) ^1 E/ U& |

dizhengqiang

感谢楼主

fengminglu321

fengminglu321

ywainam0412

Thanks

ywainam0412

Thanks

ywainam0412

Hi all,

' A) m8 B6 R1 j# R. G- ^8 \Q23, E is correct ?

QUESTION NO: 23
What technology can you implement on your network to allow Independent applications to work with IPv6-capable applications?
A.        DS-Lite
B.        NAT-PT
8 L" A5 M/ Q1 B, U# `; bC.        ISATAP
" C4 L: k; M6 {( _) j+ v7 sD.        NAT 6to4
& p4 [/ @7 }$ z' j  n' RE.        NAT64

Q26, seem only E is true, any suggestion.
- z! y$ @& i! k; n
QUESTION NO: 26
3 [- d5 j/ T' R( `8 OWhich two statements about 802.1x authentication with port security are true? (Choose two.)

A.        If any client causes a security violation, the port is immediately placed in spanning-tree disabled mode.
B.        An entry is created in the secure host table for any client that is authenticated and manually configured for port security, even if the table is full.
C.        802.1x manages network access for all authorized MAC addresses.
D.        If a client is authenticated and the port security table is full, the oldest client is aged out.
, C8 ]& Z- x  L. l5 wE.        If any host causes a security violation, the port is immediately error-disabled.
: ?, t, H( E, u

jacktang

请问楼主是用这份试题过了么？

leolewis

thanks for sharing！

mattechnical

多谢

mattechnical

一个题库扣3个币，给了作者还的给论坛。