Download New Updated (Spring 2015) Cisco 350-029 Actual Tests 291-300

By | April 26, 2015

Ensurepass

 

QUESTION 291

How would you characterize the source and type in a denial of service attack on a router?

 

A.

By perform a show ip interface to see the type and source of the attack based upon the access-list matches.

B.

By setting up an access-list to permit all ICMP, TCP, and UDP traffic with the log or log- input commands, then use the show access-list andshow log commands to determine the type and source of attack.

C.

By performing a show interface to see the transmitted load “txload” and receive load “rxload”, if the interface utilization is not maxed out, there is no attack underway.

D.

By applying an access-list to all incoming and outgoing interfaces, turning off route- cache on all interfaces, then, when telnetting into the router perform a debug IP packet detail.

 

Correct Answer: B

 

 

QUESTION 292

Which of the following descriptions about IP spoofing iscorrect?

 

A.

IP destination address is forged

B.

IP source address is forged

C.

IP TCP destination port is forged

D.

None of above

E.

IP TCP source port is forged

 

Correct Answer: B

Explanation:

1.13. Security in core

 

 

QUESTION 293

BCP (Best Common Practices) 38/RFC 2827Ingress and Egress Packet Filtering would help mitigate what classification of attack?

 

A.

Denial of service attack

B.

Sniffing attack

C.

Spoofing attack

D.

Reconnaisance attack

E.

Port Scan attack

 

Correct Answer: C

Explanation:

6. Summary

Ingress traffic filtering at theperiphery of Internet connected networks will reduce the effectiveness of source address spoofing denial of service attacks. Network service providers and administrators have already begun implementing this type of filtering on periphery routers, and it isrecommended that all service providers do so as soon as possible. In addition to aiding the Internet community as a whole to defeat this attack method, it can also assist service providers in locating the source of the attack if service providers can categorically demonstrate that their network already has ingress filtering in place on customer links. Corporate network administrators should implement filtering to ensure their corporate networks are not the source of such problems. Indeed, filtering could be used within an organization to ensure users do not cause problems by improperly attaching systems to the wrong networks.

The filtering could also, in practice, block a disgruntled employee from anonymous attacks. It is the responsibility of all network administrators to ensure they do not become the unwitting source of an attack of this nature.

 

 

QUESTION 294

What are BCP 38 (Best Common Practices 38) / RFC 2827 Ingress Packet Filtering Principles? (Choose three.)

 

A.

Filter Smurf ICMP packets.

B.

Filter as close to the core as possible

C.

Filter as close to the edge as possible

D.

Filter as precisely as possible

E.

Filter both source and destination where possible.

 

Correct Answer: CDE

Explanation:

1.13. Security in core

 

 

QUESTION 295

Which of the following IOS commands can detect whether the SQL slammer virus propagates in your networks?

 

A.

access-list 110 permit any any udp eq 69 log

B.

access-list 100 permit any any udp eq 1434 log

C.

access-list 110 permit any any udp eq 69

D.

access-list 100 permit anyany udp eq 1434

 

Correct Answer: B

 

 

QUESTION 296

What are two uRPF working modes? (Choose two.)

 

A.

express mode

B.

safe mode

C.

loose mode

D.

strict mode

E.

tight mode

 

Correct Answer: CD

 

 

QUESTION 297

Refer to the exhibit. Inbound infrastructure ACLs are configured to protect the SP network. Which two types of traffic should be permitted in the infrastructure ACL? (Choose two.)

 

clip_image001

 

A.

traffic destined for network of 172.30.0.0/16

B.

traffic source from network of 172.30.0.0/16

C.

traffic destined for network of 162.238.0.0/16

D.

traffic source from network of 162.238.0.0/16

E.

traffic destined for network of 232.16.0.0/16

 

Correct Answer: CE

 

 

 

 

 

QUESTION 298

Referto the exhibit. Inbound Infrastructure ACLs are configured to protect the SP network. Which three types of traffic should be filtered in the infrastructure ACLs? (Choose three.)

 

clip_image001[1]

 

A.

traffic from a source with an IP address that is within 239.255.0.0/16

B.

FTP traffic destined for internal routers

C.

IPsec traffic that at an internal router

D.

traffic from a source with an IP address that is within 162.238.0.0/16

E.

EBGP traffic that peers with edge routers

 

Correct Answer:
ABD

Explanation:

With the use of theprotocols and addresses identified, the infrastructure ACL can be built to permit the protocols and protect the addresses. In addition to direct protection, the ACL also provides a first line of defense against certain types of invalid traffic on the Internet:

  RFC 1918 space must be denied. (RFC1918 describes a set of network ranges set aside for so-called “private” use.)  Packets with a source address that fall under special-use address space, as defined in RFC 3330,must be denied.  Anti-spoof filtersmust be applied. (Your address space must never be the source of packets from outside your AS.)

QUESTION 299

Which of the following IOS features can prevent IP spoofing attacks?

 

A.

Unicast Reverse Path Forwarding (uRPF)

B.

MPLS traffic Engineering

C.

Cisco Express Forwarding

D.

PPP over Ethernet

E.

IS-IS routing

 

Correct Answer: A

 

 

QUESTION 300

Whatis a limitation of implementing uRPF?

 

A.

Domain name must be defined.

B.

MPLS LDP must be enabled.

C.

BGP routing protocol must be running.

D.

Symmetrical routing is required.< /span>

E.

Named access-lists must be configured.

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 350-029 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …