Cisco 351-018 Online Practice
Questions and Exam Preparation
351-018 Exam Details
Exam Code
:351-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:420 Q&As
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions &
Answers
Question 291:
A frame relay PVC at router HQ has a CIR of 768 kb/s and the frame relay PVC at router branch office has a CIR of 384 kb/s. Which QoS mechanism can best be used to ease the data congestion and data loss due to the CIR speed mismatch?
A. traffic policing at the HQ B. traffic policing at the branch office C. traffic shaping at the HQ D. traffic shaping at the branch office E. LLQ at the HQ F. LLQ at the branch office
C. traffic shaping at the HQ
Question 292:
Which four protocols are supported by Cisco IOS Management Plane Protection? (Choose four.)
A. Blocks Extensible Exchange Protocol (BEEP) B. Hypertext Transfer Protocol Secure (HTTPS) C. Secure Copy Protocol (SCP) D. Secure File Transfer Protocol (SFTP) E. Secure Shell (SSH) F. Simple Network Management Protocol (SNMP)
A. Blocks Extensible Exchange Protocol (BEEP) B. Hypertext Transfer Protocol Secure (HTTPS) E. Secure Shell (SSH) F. Simple Network Management Protocol (SNMP)
Question 293:
Which current RFC made RFCs 2409, 2407, and 2408 obsolete?
A. RFC 4306 B. RFC 2401 C. RFC 5996 D. RFC 4301 E. RFC 1825
C. RFC 5996
Question 294:
Which statement is correct about the Cisco IOS Control Plane Protection feature?
A. Control Plane Protection is restricted to the IPv4 or IPv6 input path. B. Traffic that is destined to the router with IP options will be redirected to the host control plane. C. Disabling CEF will remove all active control-plane protection policies. Aggregate control-plane policies will continue to operate.? D. The open-port option of a port-filtering policy allows access to all TCP/UDP based services that are configured on the router.
C. Disabling CEF will remove all active control-plane protection policies. Aggregate control-plane policies will continue to operate.?
Question 295:
Which multicast capability is not supported by the Cisco ASA appliance?
A. ASA configured as a rendezvous point B. sending multicast traffic across a VPN tunnel C. NAT of multicast traffic D. IGMP forwarding (stub) mode
B. sending multicast traffic across a VPN tunnel
Question 296:
Which two statements about the RC4 algorithm are true? (Choose two.)
A. The RC4 algorithm is an asymmetric key algorithm. B. The RC4 algorithm is a symmetric key algorithm. C. The RC4 algorithm is slower in computation than DES. D. The RC4 algorithm is used with wireless encryption protocols. E. The RC4 algorithm uses fixed-length keys.
B. The RC4 algorithm is a symmetric key algorithm. D. The RC4 algorithm is used with wireless encryption protocols.
Question 297:
Which IPv6 routing protocol can use IPv6 ESP and AH to provide integrity, authentication, and confidentiality services to protect the routing information exchange between the adjacent routing neighbors?
A. RIPng B. EIGRPv6 C. BGP-4 D. IS-IS E. OSPFv6
E. OSPFv6
Question 298:
Which ICMP message could be used with traceroute to map network topology?
A. Echo Reply B. Redirect C. Time Exceeded D. Echo E. Router Selection F. Address Mask Request
C. Time Exceeded
Question 299:
Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?
A. ! ipv6 access-list test deny ipv6 FF05::/16 any deny ipv6 any FF05::/16 ! output omitted permit ipv6 any any ! B. ! ipv6 access-list test permit ipv6 any FF05::/16 ! output omitted deny ipv6 any any ! C. ! ipv6 access-list test deny ipv6 any any eq dns deny ipv6 any any eq dhcp ! output omitted permit ipv6 any any ! D. ! ipv6 access-list test deny ipv6 any 2000::/3 ! output omitted permit ipv6 any any ! E. ! ipv6 access-list test deny ipv6 any FE80::/10 ! output omitted permit ipv6 any any !
A. ! ipv6 access-list test deny ipv6 FF05::/16 any deny ipv6 any FF05::/16 ! output omitted permit ipv6 any any !
Question 300:
Which option is the correct definition for MAB?
A. MAB is the process of checking the mac-address-table on the local switch for the sticky address. If the mac-address of the device attempting to access the network matches the configured sticky address, it will be permitted to bypass 802.1X authentication. B. MAB is a process where the switch will send an authentication request on behalf of the endpoint that is attempting to access the network, using the mac-address of the device as the credentials. The authentication server evaluates that MAC address against a list of devices permitted to access the network without a stronger authentication. C. MAB is a process where the switch will check a local list of MAC addresses to identify systems that are permitted network access without using 802.1X. D. MAB is a process where the supplicant on the endpoint is configured to send the MAC address of the endpoint as its credentials.
B. MAB is a process where the switch will send an authentication request on behalf of the endpoint that is attempting to access the network, using the mac-address of the device as the credentials. The authentication server evaluates that MAC address against a list of devices permitted to access the network without a stronger authentication.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 351-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.