The sample questions shown below are representative of the type of questions found in the portion of the CCIE Security written exam that covers specialty service topics. For examples of General Knowledge type questions, see the Routing and Switching Sample Questions.

Security Sample Questions

1. What are the RADIUS ‘check items’ used for?
     A. To enable accounting
     B. To define the attributes required for authentication
     C. To enable authorization
     D. To define the attributes sent to the NAS

2. What port is used by the TACACS+ protocol?
     A. TCP 1049
     B. TCP 149
     C. TCP 49
     D. UDP 49
     E. UDP 1049

3. IPSec uses ISAKMP NOTIFY messages for:
     A. Letting the remote side know an SA has been brought up on a slow
          speed serial link
     B. Letting the remote side know the physical link with an applied SA has
          been torn down
     C. Letting the remote side know the status of an attempted IPSec
          transaction
     D. Letting the remote side know a failure has occurred

4. How many bits are used with the 3DES encryption key?
     A. 8 bits
     B. 56 bits
     C. 64 bits
     D. 168 bits
     E. 256 bits

5. What IOS command is used to enable VPDN in global configuration mode?
     A. VPDN ENABLE
     B. VPDN-ENABLE
     C. SET VPDN ENABLE
     D. ENABLE-VPDN

ANSWER KEY Click Here for answers to the sample questions above.