1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 101:

    Which protocol is superseded by AES?

    A. DES
    B. RSA
    C. RC4
    D. MD5

  • Question 102:

    Which two statements about IPS signatures are true? (Choose two.)

    A. All of the built-in signatures are enabled by default.
    B. Tuned signatures are built-in signatures whose parameters are adjusted.
    C. Once the signature is removed from the sensing engine it cannot be restored
    D. It is recommended not to retire a signature that is not being used because then it cannot be restored.
    E. It is possible to define custom signatures.

  • Question 103:

    Which two statements about the DH group are true? (Choose two.)

    A. The DH group is used to provide data authentication.
    B. The DH group is negotiated in IPsec phase-1.
    C. The DH group is used to provide data confidentiality.
    D. The DH group is used to establish a shared key over an unsecured medium.
    E. The DH group is negotiated in IPsec phase-2.

  • Question 104:

    Which ICMP message type code indicates fragment reassembly time exceeded?

    A. Type 4, Code 0
    B. Type 11, Code 0
    C. Type 11, Code 1
    D. Type 12, Code 2

  • Question 105:

    Refer to the exhibit.

    Which statement is true?

    A. This packet decoder is using relative TCP sequence numbering?.
    B. This TCP client is proposing the use of TCP window scaling?.
    C. This packet represents an active FTP data session?.
    D. This packet contains no TCP payload.

  • Question 106:

    A Cisco IOS router is configured as follows:

    ip dns spoofing 192.168.20.1

    What will the router respond with when it receives a DNS query for its own host name?

    A. The router will respond with the IP address of the incoming interface.
    B. The router will respond with 192.168.20.1 only if the outside interface is down.
    C. The router will respond with 192.168.20.1.
    D. The router will ignore the DNS query and forward it directly to the DNS server.

  • Question 107:

    Which three statements are correct when comparing Mobile IPv6 and Mobile IPv4 support? (Choose three.)

    A. Mobile IPv6 does not require a foreign agent, but Mobile IPv4 does.
    B. Mobile IPv6 supports route optimization as a fundamental part of the protocol; IPv4 requires extensions.
    C. Mobile IPv6 and Mobile IPv4 use a directed broadcast approach for home agent address discovery.
    D. Mobile IPv6 makes use of its own routing header; Mobile IPv4 uses only IP encapsulation.
    E. Mobile IPv6 and Mobile IPv4 use ARP for neighbor discovery.
    F. Mobile IPv4 has adopted the use of IPv6 ND.

  • Question 108:

    Which authentication mechanism is available to OSPFv3?

    A. simple passwords B. MD5
    C. null
    D. IKEv2
    E. IPsec AH/ESP

  • Question 109:

    Which three statements are true regarding the EIGRP update message? (Choose three.)

    A. Updates require an acknowledgement with an ACK message.
    B. Updates can be sent to the multicast address 224.0.0.10.
    C. Updates are sent as unicasts when they are retransmitted.
    D. Updates always include all routes known by the router with partial updates sent in the Reply message.
    E. ACKs for updates are handled by TCP mechanisms.

  • Question 110:

    When you are configuring the COOP feature for GETVPN redundancy, which two steps are required to ensure the proper COOP operations between the key servers? (Choose two.)

    A. Generate an exportable RSA key pair on the primary key server and export it to the secondary key server.
    B. Enable dead peer detection between the primary and secondary key servers.
    C. Configure HSRP between the primary and secondary key servers.
    D. Enable IPC between the primary and secondary key servers.
    E. Enable NTP on both the primary and secondary key servers to ensure that they are synchronized to the same clock source.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.