1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 241:

    Refer to the exhibit.

    Which option describes the behavior of this configuration?

    A. Host 10.10.10.1 will get translated as 20.20.20.1 from inside to outside.
    B. Host 20.20.20.1 will be translated as 10.10.10.1 from outside to inside.
    C. Host 20.20.20.1 will be translated as 10.10.10.1 from inside to outside.
    D. Host 10.10.10.1 will be translated as 20.20.20.1 from outside to inside.

  • Question 242:

    Which pair of ICMP messages is used in an inverse mapping attack?

    A. Echo-Echo Request
    B. Route Solicitation- Time Exceeded
    C. Echo-Time Exceeded
    D. Echo Reply-Host Unreachable
    E. Echo-Host Unreachable

  • Question 243:

    Which IPV4 header field increments every time when packet is sent from a source to a destination?

    A. Flag
    B. Fragment Offset
    C. Identification
    D. Time To Live

  • Question 244:

    Using Cisco IOS, which two object-group options will permit networks 10.1.1.0/24 and 10.1.2.0/24 to host 192.168.5.1 port 80 and 443? (Choose 2.)

    A. object-group network SOURCE range 10.1.1.0 10.1.2.255 object-group network DESTINATION host 192.168.5.1 object-group service HTTP tcp eq www tcp eq 443 tcp source gt 1024 ! access-list 101 permit object-group HTTP object-group SOURCE object-group DESTINATION
    B. object-group network SOURCE 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 object-group network DESTINATION host 192.168.5.1 134 object-group service HTTP tcp eq www tcp eq 443 ! ip access-list extended ACL-NEW permit object-group SOURCE object-group DESTINATION object-group HTTP
    C. object-group network SOURCE 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 object-group network DESTINATION host 192.168.5.1 object-group service HTTP tcp eq www tcp eq 443 ! ip access-list extended ACL-NEW permit object-group SOURCE object-group DESTINATION object-group HTTP
    D. object-group network SOURCE 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 object-group network DESTINATION host 192.168.5.1 object-group service HTTP tcp eq www tcp eq 443 tcp source gt 1024 ! ip access-list extended ACL-NEW permit object-group HTTP object-group SOURCE object-group DESTINATION

  • Question 245:

    Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.)

    A. TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types.
    B. IPv6 object nesting is supported.
    C. Network objects support IPv4 and IPv6 addresses.
    D. Objects are not supported in transparent mode.
    E. Objects are supported in single- and multiple-context firewall modes.

  • Question 246:

    Which three statements about the TACACS protocol are correct? (Choose three.)

    A. TACACS+ is an IETF standard protocol.
    B. TACACS+ uses TCP port 47 by default.
    C. TACACS+ is considered to be more secure than the RADIUS protocol.
    D. TACACS+ can support authorization and accounting while having another separate authentication solution.
    E. TACACS+ only encrypts the password of the user for security.
    F. TACACS+ supports per-user or per-group for authorization of router commands.

  • Question 247:

    Which three statements about triple DES are true? (Choose three.)

    A. For 3DES, ANSI X9.52 describes three options for the selection of the keys in a bundle, where all keys are independent.
    B. A 3DES key bundle is 192 bits long.
    C. A 3DES keyspace is168 bits.
    D. CBC, 64-bit CFB, OFB, and CTR are modes of 3DES.
    E. 3DES involves encrypting a 64-bit block of plaintext with the 3 keys of the key bundle.

  • Question 248:

    Which three statements about VXLANs are true? (Choose three.)

    A. It requires that IP protocol 8472 be opened to allow traffic through a firewall.
    B. Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
    C. A VXLAN gateway maps VXLAN IDs to VLAN IDs.
    D. IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
    E. A VXLAN ID is a 32-bit value.

  • Question 249:

    Which three statements about IKEv2 are correct? (Choose three.)

    A. INITIAL_CONTACT is used to synchronize state between peers.
    B. The IKEv2 standard defines a method for fragmenting large messages.
    C. The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.
    D. Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.
    E. NAT-T is not supported.
    F. Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.

  • Question 250:

    Which two statements about DHCP are true? (Choose two.)

    A. DHCP uses TCP port 67.
    B. DHCP uses UDP ports 67 and 68.
    C. The DHCPDiscover packet has a multicast address of 239.1.1.1.
    D. DHCPRequest is a broadcast message.
    E. The DHCPOffer packet is sent from the DHCP server.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.