1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 251:

    In RFC 4034, DNSSEC introduced which four new resource record types? (Choose four.)

    A. DNS Public Key (DNSKEY)
    B. Next Secure (NSEC)
    C. Resource Record Signature (RRSIG)
    D. Delegation Signer (DS)
    E. Top Level Domain (TLD)
    F. Zone Signing Key (ZSK)

  • Question 252:

    Refer to the exhibit.

    What type of attack is being mitigated on the Cisco ASA appliance?

    A. HTTPS certificate man-in-the-middle attack
    B. HTTP distributed denial of service attack
    C. HTTP Shockwave Flash exploit
    D. HTTP SQL injection attack

  • Question 253:

    Which four techniques can you use for IP management plane security? (Choose four.)

    A. Management Plane Protection
    B. uRPF
    C. strong passwords
    D. RBAC
    E. SNMP security measures
    F. MD5 authentication

  • Question 254:

    Which option describes the main purpose of EIGRP authentication?

    A. to authenticate peers
    B. to allow faster convergence
    C. to provide redundancy
    D. to avoid routing table corruption

  • Question 255:

    Refer to the exhibit.

    Which three statements correctly describe the configuration? (Choose three).

    A. The tunnel is not providing peer authentication
    B. The tunnel encapsulates multicast traffic.
    C. This is a point-to-point GRE tunnel.
    D. The configuration is on the NHS.
    E. The configuration is on the NHC.
    F. The tunnel provides data confidentiality.
    G. The tunnel IP address represents the NBMA address.

  • Question 256:

    Which two statement about the DNS are true? (Choose two.)

    A. The client-server architecture is based on query and response messages.
    B. Query and response messages have different format.
    C. In the DNS message header, the QR flag set to 1 indicates a query.
    D. In the DNS header, an Opcode value of 2 represents a client status request.
    E. In the DNS header, the Rcode value is set to 0 in Query message.

  • Question 257:

    Which command is used to replicate HTTP connections from the Active to the Standby Cisco ASA appliance in failover?

    A. monitor-interface http
    B. failover link fover replicate http
    C. failover replication http
    D. interface fover replicate http standby
    E. No command is needed, as this is the default behavior.

  • Question 258:

    Refer to the exhibit.

    Which message of the ISAKMP exchange is failing?

    A. main mode 1
    B. main mode 3
    C. aggressive mode 1
    D. main mode 5
    E. aggressive mode 2

  • Question 259:

    Which three security features were introduced with the SNMPv3 protocol? (Choose three.)

    A. Message integrity, which ensures that a packet has not been tampered with in-transit
    B. DoS prevention, which ensures that the device cannot be impacted by SNMP buffer overflow
    C. Authentication, which ensures that the message is from a valid source
    D. Authorization, which allows access to certain data sections for certain authorized users
    E. Digital certificates, which ensure nonrepudiation of authentications
    F. Encryption of the packet to prevent it from being seen by an unauthorized source

  • Question 260:

    Which three EAP methods require a server-side certificate? (Choose three.)

    A. PEAP with MS-CHAPv2
    B. EAP-TLS
    C. EAP-FAST
    D. EAP-TTLS
    E. EAP-GTP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.