1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 161:

    According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)

    A. ISMS Policy
    B. Corrective Action Procedure
    C. IS Procedures
    D. Risk Assessment Reports
    E. Complete Inventory of all information assets

  • Question 162:

    Refer to the exhibit.

    Which option correctly identifies the point on the exhibit where Control Plane Policing (input) is applied to incoming packets?

    A. point 6
    B. point 7
    C. point 4
    D. point 1
    E. points 5 and 6

  • Question 163:

    An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?

    A. NAT overload
    B. NAT extendable
    C. NAT TCP load balancing
    D. NAT service-type DNS
    E. NAT port-to-application mapping

  • Question 164:

    Which statement best describes a key difference in IPv6 fragmentation support compared to IPv4?

    A. In IPv6, IP fragmentation is no longer needed because all Internet links must have an IP MTU of 1280 bytes or greater.
    B. In IPv6, PMTUD is no longer performed by the source node of an IP packet.
    C. In IPv6, IP fragmentation is no longer needed since all nodes must perform PMTUD and send packets equal to or smaller than the minimum discovered path MTU.
    D. In IPv6, PMTUD is no longer performed by any node since the don't fragment flag is removed from the IPv6 header.
    E. In IPv6, IP fragmentation is performed only by the source node of a large packet, and not by any other devices in the data path.

  • Question 165:

    DRAG DROP

    Select and Place:

  • Question 166:

    Which three options are security measures that are defined for Mobile IPv6? (Choose three.)

    A. IPsec SAs are used for binding updates and acknowledgements.
    B. The use of IKEv1 or IKEv2 is mandatory for connections between the home agent and mobile node.
    C. Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication.
    D. Mobile IPv6 control messages are protected by SHA-2.
    E. IPsec SAs are used to protect dynamic home agent address discovery.
    F. IPsec SAs can be used to protect mobile prefix solicitations and advertisements.

  • Question 167:

    Which two statements about RFC 2827 are true? (Choose two.)

    A. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.
    B. A corresponding practice is documented by the IEFT in BCP 38.
    C. RFC 2827 defines ingress packet filtering for the multihomed network.
    D. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.
    E. A corresponding practice is documented by the IEFT in BCP 84.

  • Question 168:

    What is the recommended network MACSec policy mode for high security deployments?

    A. should-secure
    B. must-not-secure
    C. must-secure
    D. monitor-only
    E. high-impact

  • Question 169:

    Which three Cisco security product features assist in preventing TCP-based man-in-the-middle attacks? (Choose three.)

    A. Cisco ASA TCP initial sequence number randomization?
    B. Cisco ASA TCP sliding-window conformance validation?
    C. Cisco IPS TCP stream reassembly?
    D. Cisco IOS TCP maximum segment size adjustment?

  • Question 170:

    In order to implement CGA on a Cisco IOS router for SeND, which three configuration steps are required? (Choose three.)

    A. Generate an RSA key pair.
    B. Define a site-wide pre-shared key.
    C. Define a hash algorithm that is used to generate the CGA.
    D. Generate the CGA modifier.
    E. Assign a CGA link-local or globally unique address to the interface.
    F. Define an encryption algorithm that is used to generate the CGA.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.