1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 181:

    Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)

    A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.
    B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.
    C. Infrastructure ACLs are used to block-permit the transit traffic.
    D. Infrastructure ACLs only protect device physical management interface.

  • Question 182:

    Which two certificate enrollment methods can be completed without an RA and require no direct connection to a CA by the end entity? (Choose two.)

    A. SCEP
    B. TFTP
    C. manual cut and paste
    D. enrollment profile with direct HTTP
    E. PKCS#12 import/export

  • Question 183:

    DRAG DROP

    Select and Place:

  • Question 184:

    Refer to the exhibit.

    Which three statements about the Cisco ASDM screen seen in the exhibit are true? (Choose three.)

    A. This access rule is applied to all the ASA interfaces in the inbound direction.
    B. The ASA administrator needs to expand the More Options tag to configure the inbound or outbound direction of the access rule.
    C. The ASA administrator needs to expand the More Options tag to apply the access rule to an interface.
    D. The resulting ASA CLI command from this ASDM configuration is access-list global_access line 1 extended permit ip host 1.1.1.1 host 2.2.2.1.
    E. This access rule is valid only on the ASA appliance that is running software release 8.3 or later.
    F. This is an outbound access rule.

  • Question 185:

    Which option is a desktop sharing application, used across a variety of platforms, with default TCP ports 5800/5801 and 5900/5901?

    A. X Windows
    B. remote desktop protocol
    C. VNC
    D. desktop proxy

  • Question 186:

    Which statement about the SYN flood attack is true?

    A. The SYN flood attack is always directed from valid address.
    B. The SYN flood attack target is to deplete server memory so that legitimate request cannot be served.
    C. The SYN flood attack is meant to completely deplete the TCB SYN-Received state backlog.
    D. The SYN flood attack can be launched for both UDP and TCP open ports on the server.
    E. SYN-Received state backlog for TCBs is meant to protect server CPU cycles.

  • Question 187:

    User A at Company A is trying to transfer files to Company B, using FTP. User A can connect to the FTP server at Company B correctly, but User A cannot get a directory listing or upload files. The session hangs.

    What are two possible causes for this problem? (Choose two.)

    A. Active FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B.
    B. Passive FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B.
    C. At Company A, active FTP is being used with a non-application aware firewall applying NAT to the source address of User A only.
    D. The FTP server administrator at Company B has disallowed User A from accessing files on that server.
    E. Passive FTP is being used, and the firewall at Company B is not allowing connections through to port 20 on the FTP server.

  • Question 188:

    Refer to the exhibit.

    What does this configuration prevent?

    A. HTTP downloads of files with the ".bat" extension on all interfaces
    B. HTTP downloads of files with the ".batch" extension on the inside interface
    C. FTP commands of GET or PUT for files with the ".bat" extension on all interfaces
    D. FTP commands of GET or PUT for files with the ".batch" extension on the inside interface

  • Question 189:

    Which statement is true about the Cisco NEAT 802.1X feature?

    A. The multidomain authentication feature is not supported on the authenticator switch interface.
    B. It allows a Cisco Catalyst switch to act as a supplicant to another Cisco Catalyst authenticator switch.
    C. The supplicant switch uses CDP to send MAC address information of the connected host to the authenticator switch.
    D. It supports redundant links between the supplicant switch and the authenticator switch.

  • Question 190:

    MACsec, which is defined in 802.1AE, provides MAC-layer encryption over wired networks. Which two statements about MACsec are true? (Choose two.)

    A. Only links between network access devices and endpoint devices can be secured by using MACsec.
    B. MACsec is designed to support communications between network devices only.
    C. MACsec manages the encryption keys that the MKA protocol uses.
    D. A switch that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy that is associated with the client.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.