1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 221:

    Which statement regarding the routing functions of the Cisco ASA is true?

    A. The translation table can override the routing table for new connections.
    B. The ASA supports policy-based routing with route maps?.
    C. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors.
    D. Routes to the Null0 interface can be configured to black-hole traffic.

  • Question 222:

    Refer to the exhibit.

    Which statement best describes the problem?

    A. Context vpn1 is not inservice.
    B. There is no gateway that is configured under context vpn1.
    C. The config has not been properly updated for context vpn1.
    D. The gateway that is configured under context vpn1 is not inservice.

  • Question 223:

    Beacons, probe request, and association request frames are associated with which category?

    A. management
    B. control
    C. data
    D. request

  • Question 224:

    Which three statements are true about Cryptographically Generated Addresses for IPv6? (Choose three.)

    A. They prevent spoofing and stealing of existing IPv6 addresses.
    B. They are derived by generating a random 128-bit IPv6 address based on the public key of the node.
    C. They are used for securing neighbor discovery using SeND.
    D. SHA or MD5 is used during their computation.
    E. The minimum RSA key length is 512 bits.
    F. The SHA-1 hash function is used during their computation.

  • Question 225:

    Review the exhibit.

    Which three statements about the Cisco IPS sensor are true? (Choose three.)

    A. A
    B. B
    C. C
    D. D
    E. E

  • Question 226:

    Which three IP resources is the IANA responsible? (Choose three.)

    A. IP address allocation
    B. detection of spoofed address
    C. criminal prosecution of hackers
    D. autonomous system number allocation
    E. root zone management in DNS
    F. BGP protocol vulnerabilities

  • Question 227:

    Which traffic class is defined for non-business-relevant applications and receives any bandwidth that remains after QoS policies have been applied?

    A. scavenger class
    B. best effort
    C. discard eligible
    D. priority queued 15

  • Question 228:

    Select and Place:

  • Question 229:

    An IPv6 multicast receiver joins an IPv6 multicast group using which mechanism?

    A. IGMPv3 report
    B. IGMPv3 join
    C. MLD report
    D. general query
    E. PIM join

  • Question 230:

    Which of the following best describes Chain of Evidence in the context of security forensics?

    A. Evidence is locked down, but not necessarily authenticated.
    B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
    C. The general whereabouts of evidence is known.
    D. Someone knows where the evidence is and can say who had it if it is not logged.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.