1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 121:

    Which two statements about ASA transparent mode are true? (Choose two.)

    A. Transparent mose acts as a Layer-3 firewall.
    B. The inside and outside interface must be in a different subnet.
    C. IP traffic will not pass unless it is permitted by an access-list.
    D. ARP traffic is dropped unless it is permitted.
    E. A configured route applies only to the traffic that is originated by the ASA.
    F. In multiple context mode, all contexts need to be in transparent mode.

  • Question 122:

    Which statement is true about an NTP server?

    A. It answers using UTC time.
    B. It uses the local time of the server with its time zone indication.
    C. It uses the local time of the server and does not indicate its time zone.
    D. It answers using the time zone of the client.

  • Question 123:

    Which three statements about the Cisco IPS sensor are true? (Choose three.)

    A. You cannot pair a VLAN with itself.
    B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.
    C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
    D. The order in which you specify the VLANs in a inline pair is significant.
    E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

  • Question 124:

    Which two options represent definitions that are found in the syslog protocol (RFC 5426)? (Choose two.)

    A. Syslog message transport is reliable.
    B. Each syslog datagram must contain only one message.
    C. IPv6 syslog receivers must be able to receive datagrams of up to 1180 bytes.
    D. Syslog messages must be prioritized with an IP precedence of 7.
    E. Syslog servers must use NTP for the accurate time stamping of message arrival.

  • Question 125:

    When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose three.)

    A. a message integrity check
    B. AES-based encryption
    C. avoidance of weak Initialization vectors
    D. longer RC4 keys
    E. a rekeying mechanism

  • Question 126:

    Which command is required in order for the Botnet Traffic Filter on the Cisco ASA appliance to function properly?

    A. dynamic-filter inspect tcp/80
    B. dynamic-filter whitelist
    C. inspect botnet
    D. inspect dns dynamic-filter-snoop

  • Question 127:

    Regarding VSAs, which statement is true?

    A. VSAs may be implemented on any RADIUS server.
    B. VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor. For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.
    C. VSAs do not apply to RADIUS; they are a TACACS attribute.
    D. Each VSA is defined in an RFC and is considered to be a standard.

  • Question 128:

    Refer to the exhibit.

    What is the cause of the issue that is reported in this debug output?

    A. The identity of the peer is not acceptable.
    B. There is an esp transform mismatch.
    C. There are mismatched ACLs on remote and local peers.
    D. The SA lifetimes are set to 0.

  • Question 129:

    Which PKCS is invoked during IKE MM5 and MM6 when digital certificates are used as the authentication method?

    A. PKCS#7
    B. PKCS#10
    C. PKCS#13
    D. PKCS#11
    E. PKCS#3

  • Question 130:

    Refer to the exhibit.

    Which three command sets are required to complete this IPv6 IPsec site-to-site VTI? (Choose three.)

    A. interface Tunnel0 tunnel mode ipsec ipv6
    B. crypto isakmp-profile match identity address ipv6 any
    C. interface Tunnel0 ipv6 enable
    D. ipv6 unicast-routing
    E. interface Tunnel0 ipv6 enable-ipsec

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.