Cisco 351-018 Online Practice
Questions and Exam Preparation
351-018 Exam Details
Exam Code
:351-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:420 Q&As
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions &
Answers
Question 91:
Which two VLSM subnets, when taken as a pair, overlap? (Choose two.)
A. 10.22.21.128/26 B. 10.22.22.128/26 C. 10.22.22.0/27 D. 10.22.20.0/23 E. 10.22.16.0/22
A. 10.22.21.128/26 D. 10.22.20.0/23
Question 92:
Which field in an HTTPS server certificate is compared to a server name in the URL?
A. Common Name B. Issuer Name C. Organization D. Organizational Unit
A. Common Name
Question 93:
Which statement is true about EAP-FAST?
A. It supports Windows single sign-on. B. It is a proprietary protocol. C. It requires a certificate only on the server side. D. It does not support an LDAP database.
A. It supports Windows single sign-on.
Question 94:
Which three of these situations warrant engagement of a Security Incident Response team? (Choose three.)
A. loss of data confidentiality/integrity B. damage to computer/network resources C. denial of service (DoS) D. computer or network misuse/abuse E. pornographic blogs/websites
A. loss of data confidentiality/integrity C. denial of service (DoS) D. computer or network misuse/abuse
Question 95:
Which four options could be flagged as potential issues by a network security risk assessment? (Choose four.)
A. router hostname and IP addressing scheme B. router filtering rules C. route optimization D. database connectivity and RTT E. weak authentication mechanisms F. improperly configured email servers G. potential web server exploits
B. router filtering rules E. weak authentication mechanisms F. improperly configured email servers G. potential web server exploits
Question 96:
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
A. ESP header B. ESP trailer C. IP header D. Data E. TCP-UDP header
A. ESP header
Question 98:
Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?
A. class-map type inspect B. parameter-map type inspect C. service-policy type inspect D. policy-map type inspect tcp E. inspect-map type tcp
B. parameter-map type inspect
Question 99:
Which statement describes an IPv6 benefit?
A. Broadcast is not available. B. Routing tables are more complicated. C. The address pool is limited. D. Data encryption is not built into the packet frame. E. Increased NAT is required.
A. Broadcast is not available.
Question 100:
EAP-MD5 provides one-way client authentication. The server sends the client a random challenge. The client proves its identity by hashing the challenge and its password with MD5. What is the problem with EAP-MD5?
A. EAP-MD5 is vulnerable to dictionary attack over an open medium and to spoofing because there is no server authentication. B. EAP-MD5 communication must happen over an encrypted medium, which makes it operationally expensive. C. EAP-MD5 is CPU-intensive on the devices. D. EAP-MD5 not used by RADIUS protocol.
A. EAP-MD5 is vulnerable to dictionary attack over an open medium and to spoofing because there is no server authentication.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 351-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.