Cisco 351-018 Online Practice
Questions and Exam Preparation
351-018 Exam Details
Exam Code
:351-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:420 Q&As
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions &
Answers
Question 271:
Which statement about the prelogin assessment module in Cisco Secure Desktop is true?
A. It assigns an IP address to the remote device after successful authentication. B. It checks for any viruses on the remote device and reports back to the security appliance. C. It checks the presence or absence of specified files on the remote device. D. It clears the browser cache on the remote device after successful authentication. E. It quarantines the remote device for further assessment if specific registry keys are found.
C. It checks the presence or absence of specified files on the remote device.
Question 272:
What are two uses of an RSA algorithm? (Choose two.)
A. data encryption B. digital signature verification C. shared key generation D. message hashing
A. data encryption B. digital signature verification
Question 273:
Which three statements are true about DES? (Choose three.)
A. A 56-bit key is used to encrypt 56-bit blocks of plaintext. B. A 56-bit key is used to encrypt 64-bit blocks of plaintext. C. Each block of plaintext is processed through 16 rounds of identical operations. D. Each block of plaintext is processed through 64 rounds of identical operations. E. ECB, CBC, and CBF are modes of DES. F. Each Block of plaintext is processed through 8 rounds of identical operations. G. CTR, CBC, and OFB are modes of DES.
B. A 56-bit key is used to encrypt 64-bit blocks of plaintext. C. Each block of plaintext is processed through 16 rounds of identical operations. E. ECB, CBC, and CBF are modes of DES.
Question 274:
Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?
A. The global access list is matched first before the interface access lists. B. Both the interface and global access lists can be applied in the input or output direction. C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface will apply the access list entry globally. D. NAT control is enabled by default. E. The static CLI command is used to configure static NAT translation rules.
A. The global access list is matched first before the interface access lists.
Question 275:
Which three options are components of Mobile IPv6? (Choose three.)
A. home agent B. correspondent node C. mobile node D. binding node E. discovery probe
A. home agent B. correspondent node C. mobile node
Question 276:
How does a DHCP client request its previously used IP address in a DHCP DISCOVER packet?
A. It is included in the CIADDR field. B. It is included as DHCP Option 50 in the OPTIONS field. C. It is included in the YIADDR field. D. It is the source IP address of the UDP/53 wrapper packet. E. The client cannot request its last IP address; it is assigned automatically by the server.
B. It is included as DHCP Option 50 in the OPTIONS field.
Question 277:
Which standard prescribes a risk assessment to identify whether each control is required to decrease risks and if so, to which extent it should be applied?
A. ISO 27001 B. ISO 27002 C. ISO 17799 D. HIPPA E. ISO 9000
A. ISO 27001
Question 278:
Which statement is true about IKEv2 and IKEv1?
A. IKEv2 can be configured to use EAP, but IKEv1 cannot. B. IKEv2 can be configured to use AES encryption, but IKEv1 cannot. C. IKEv2 can be configured to interoperate with IKEv1 on the other end. D. IKEv2 consumes more bandwidth than IKEv1.
A. IKEv2 can be configured to use EAP, but IKEv1 cannot.
Question 279:
Which three statements are true about the Cisco NAC Appliance solution? (Choose three.)
A. In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server. B. In a Cisco NAC Appliance deployment, the discovery host must be configured on a Cisco router using the "NAC discovery-host" global configuration command. C. In a VRF-style OOB deployment of the Cisco NAC Appliance, the discovery host may be the IP address that is on the trusted side of the Cisco NAC Appliance Server. D. In a Layer 3 IB deployment of the Cisco NAC Appliance, the discovery host may be configured as the IP address of the Cisco NAC Appliance Manager.
A. In a Layer 3 OOB ACL deployment of the Cisco NAC Appliance, the discovery host must be configured as the untrusted IP address of the Cisco NAC Appliance Server. C. In a VRF-style OOB deployment of the Cisco NAC Appliance, the discovery host may be the IP address that is on the trusted side of the Cisco NAC Appliance Server. D. In a Layer 3 IB deployment of the Cisco NAC Appliance, the discovery host may be configured as the IP address of the Cisco NAC Appliance Manager.
Question 280:
Which option represents IPv6 address ff02::1?
A. PIM routers. B. RIP routers. C. all nodes on the local network. D. NTP.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 351-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.