Cisco 351-018 Online Practice
Questions and Exam Preparation
351-018 Exam Details
Exam Code
:351-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:420 Q&As
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions &
Answers
Question 211:
Which three RADIUS protocol statements are true? (Choose three.)
A. RADIUS protocol runs over TCP 1645 and 1646. B. Network Access Server operates as a server for RADIUS. C. RADIUS packet types for authentication include Access-Request, Access-Challenge, Access Accept, and Access-Reject. D. RADIUS protocol runs over UDP 1812 and 1813. E. RADIUS packet types for authentication include Access-Request, Access-Challenge, Access- Permit, and Access-Denied. F. RADIUS supports PPP, PAP, and CHAP as authentication methods.
C. RADIUS packet types for authentication include Access-Request, Access-Challenge, Access Accept, and Access-Reject. D. RADIUS protocol runs over UDP 1812 and 1813. F. RADIUS supports PPP, PAP, and CHAP as authentication methods.
Question 212:
Which three NAT types support bidirectional traffic initiation? (Choose three.)
A. static NAT B. NAT exemption C. policy NAT with nat/global D. static PAT E. identity NAT
A. static NAT B. NAT exemption D. static PAT
Question 213:
Which three statements about the keying methods used by MACSec are true? (Choose three.)
A. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA. B. A valid mode for SAP is NULL. C. MKA is implemented as an EAPoL packet exchange. D. SAP is enabled by default for Cisco TrustSec in manual configuration mode. E. SAP is not supported on switch SVIs. F. SAP is supported on SPAN destination ports.
B. A valid mode for SAP is NULL. C. MKA is implemented as an EAPoL packet exchange. E. SAP is not supported on switch SVIs.
Question 214:
According to RFC 4890, which four ICMPv6 types are recommended to be allowed to transit a firewall? (Choose four.)
A. Type 1 - destination unreachable B. Type 2 - packet too big C. Type 3 - time exceeded D. Type 0 - echo reply E. Type 8 - echo request F. Type 4 - parameter problem
A. Type 1 - destination unreachable B. Type 2 - packet too big C. Type 3 - time exceeded F. Type 4 - parameter problem
Question 215:
Which three features are supported with ESP? (Choose three.)
A. ESP uses IP protocol 50. B. ESP supports Layer 4 and above encryption only. C. ESP provides confidentiality, data origin authentication, connectionless integrity, and antireplay service. D. ESP supports tunnel or transport modes. E. ESP has less overhead and is faster than the AH protocol. F. ESP provides confidentiality, data origin authentication, connection-oriented integrity, and antireplay service.
A. ESP uses IP protocol 50. C. ESP provides confidentiality, data origin authentication, connectionless integrity, and antireplay service. D. ESP supports tunnel or transport modes.
Question 216:
Which three statements correctly describe the purpose and operation of IPv6 RS and RA messages? (Choose three.)
A. Both IPv6 RS and RA packets are ICMPv6 messages. B. IPv6 RA messages can help host devices perform stateful or stateless address autoconfiguration; RS messages are sent by hosts to determine the addresses of routers. C. RS and RA packets are always sent to an all-nodes multicast address. D. RS and RA packets are used by the duplicate address detection function of IPv6. E. IPv6 hosts learn connected router information from RA messages which may be sent in response to an RS message. F. RS and RA packets are used for IPv6 nodes to perform address resolution that is similar to ARP in IPv4.
A. Both IPv6 RS and RA packets are ICMPv6 messages. B. IPv6 RA messages can help host devices perform stateful or stateless address autoconfiguration; RS messages are sent by hosts to determine the addresses of routers. E. IPv6 hosts learn connected router information from RA messages which may be sent in response to an RS message.
Question 217:
Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)
A. update B. query C. reply D. hello E. acknowledgement
D. hello E. acknowledgement
Question 218:
Which three configuration components are required to implement QoS policies on Cisco routers using MQC? (Choose three.)
A. class-map B. global-policy C. policy-map D. service-policy E. inspect-map
A. class-map C. policy-map D. service-policy
Question 219:
Which type of VPN is based on the concept of trusted group members using the GDOI key management protocol?
A. DMVPN B. SSLVPN C. GETVPN D. EzVPN E. MPLS VPN F. FlexVPN
C. GETVPN
Question 220:
Which three statements about GDOI are true? (Choose three.)
A. GDOI uses TCP port 848. B. The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange. C. The KEK protects the GROUPKEY_PUSH message. D. The TEK is used to encrypt and decrypt data traffic. E. GDOI does not support PFS.
B. The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange. C. The KEK protects the GROUPKEY_PUSH message. D. The TEK is used to encrypt and decrypt data traffic.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 351-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.