1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 171:

    Which four IPv6 messages should be allowed to transit a transparent firewall? (Choose four.)

    A. router solicitation with hop limit = 1
    B. router advertisement with hop limit = 1
    C. neighbor solicitation with hop limit = 255
    D. neighbor advertisement with hop limit = 255
    E. listener query with link-local source address
    F. listener report with link-local source address

  • Question 172:

    Refer to the exhibit.

    Which two statements correctly describe the debug output that is shown in the exhibit? (Choose two.)

    A. The request is from NHS to NNC.
    B. The request is from NHC to NHS.
    C. 69.1.1.2 is the local non-routable address.
    D. 192.168.10.2 is the remote NBMA address.
    E. 192.168.10.1 is the local VPN address.
    F. This debug output represents a failed NHRP request.

  • Question 173:

    Which statement best describes the concepts of rootkits and privilege escalation?

    A. Rootkits propagate themselves.
    B. Privilege escalation is the result of a rootkit.
    C. Rootkits are a result of a privilege escalation.
    D. Both of these require a TCP port to gain access.

  • Question 174:

    When a Cisco IOS Router receives a TCP packet with a TTL value less than or equal to 1, what will it do?

    A. Route the packet normally
    B. Drop the packet and reply with an ICMP Type 3, Code 1 (Destination Unreachable, Host Unreachable)
    C. Drop the packet and reply with an ICMP Type 11, Code 0 (Time Exceeded, Hop Count Exceeded)
    D. Drop the packet and reply with an ICMP Type 14, Code 0 (Timestamp Reply)

  • Question 175:

    Which statement about VLAN is true?

    A. VLAN cannot be routed.
    B. VLANs 1006 through 4094 are not propagated by VTP.
    C. VLAN1 is a Cisco default VLAN that can be deleted.
    D. The extended-range VLANs cannot be configured in global configuration mode.

  • Question 176:

    Which MPLS label is the signaled value to activate PHP (penultimate hop popping)?

    A. 0x00
    B. php
    C. swap
    D. push
    E. imp-null

  • Question 177:

    When implementing WLAN security, what are three benefits of using the TKIP instead of WEP? (Choose three.)

    A. TKIP uses an advanced encryption scheme based on AES.
    B. TKIP provides authentication and integrity checking using CBC-MAC.
    C. TKIP provides per-packet keying and a rekeying mechanism.
    D. TKIP provides message integrity check.
    E. TKIP reduces WEP vulnerabilities by using a different hardware encryption chipset.
    F. TKIP uses a 48-bit initialization vector.

  • Question 178:

    When you are configuring QoS on the Cisco ASA appliance, which four are valid traffic selection criteria? (Choose four.)

    A. VPN group
    B. tunnel group
    C. IP precedence
    D. DSCP
    E. default-inspection-traffic
    F. qos-group

  • Question 179:

    Refer to the exhibit.

    It shows the format of an IPv6 Router Advertisement packet. If the Router Lifetime value is set to 0, what does that mean?

    A. The router that is sending the RA is not the default router.
    B. The router that is sending the RA is the default router.
    C. The router that is sending the RA will never power down.
    D. The router that is sending the RA is the NTP master.
    E. The router that is sending the RA is a certificate authority.
    F. The router that is sending the RA has its time synchronized to an NTP source.

  • Question 180:

    Which transport method is used by the IEEE 802.1X protocol?

    A. EAPOL frames
    B. 802.3 frames
    C. UDP RADIUS datagrams
    D. PPPoE frames

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.