Cisco 351-018 Online Practice
Questions and Exam Preparation
351-018 Exam Details
Exam Code
:351-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:420 Q&As
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions &
Answers
Question 311:
What does the Common Criteria (CC) standard define?
A. The current list of Common Vulnerabilities and Exposures (CVEs) B. The U.S standards for encryption export regulations C. Tools to support the development of pivotal, forward-looking information system technologies D. The international standards for evaluating trust in information systems and products E. The international standards for privacy laws F. The standards for establishing a security incident response system
D. The international standards for evaluating trust in information systems and products
Question 312:
Which additional capability was added in IGMPv3?
A. leave group messages support B. source filtering support C. group-specific host membership queries support D. IPv6 support E. authentication support between the multicast receivers and the last hop router
B. source filtering support
Question 313:
Which statement about the Firewalk attack is true?
A. The firewall attack is used to discover hosts behind firewall device. B. The firewall attack uses ICMP sweep to find expected hosts behind the firewall. C. The firewall attack uses traceroute with a predetermined TTL value to discover hosts behind the firewall. D. The firewall attack is used to find the vulnerability in the Cisco IOS firewall code. E. The firewall attack uses an ICMP echo message to discover firewall misconfiguration.
C. The firewall attack uses traceroute with a predetermined TTL value to discover hosts behind the firewall.
Question 314:
Which two of the following provide protect against man-in-the-middle attacks? (Choose two.)
A. TCP initial sequence number randomization? B. TCP sliding-window checking C. Network Address Translation D. IPsec VPNs E. Secure Sockets Layer
D. IPsec VPNs E. Secure Sockets Layer
Question 315:
Which two options describe how the traffic for the shared interface is classified in ASA multi context mode? (Choose two.)
A. Traffic is classified at the source address in the packet. B. Traffic is classified at the destination address in the packet. C. Traffic is classified at the destination address in the context. D. Traffic is classified by copying and sending the packet to all the contexts. E. Traffic is classified by sending the MAC address for the shared interface.
C. Traffic is classified at the destination address in the context. E. Traffic is classified by sending the MAC address for the shared interface.
Question 316:
Which transport mechanism is used between a RADIUS authenticator and a RADIUS authentication server?
A. UDP, with only the password in the Access-Request packet encrypted B. UDP, with the whole packet body encrypted C. TCP, with only the password in the Access-Request packet encrypted D. EAPOL, with TLS encrypting the entire packet E. UDP RADIUS encapsulated in the EAP mode enforced by the authentication server.
A. UDP, with only the password in the Access-Request packet encrypted
Question 317:
Which three types of information could be used during the incident response investigation phase? (Choose three.)
A. netflow data B. SNMP alerts C. encryption policy D. syslog output E. IT compliance reports
A. netflow data B. SNMP alerts D. syslog output
Question 318:
Which three object tracking options are supported by Cisco IOS policy-based routing? (Choose three.)
A. absence of an entry in the routing table B. existence of a CDP neighbor relationship C. existence of an entry in the routing table D. results of an SAA operation E. state of the line protocol of an interface
C. existence of an entry in the routing table D. results of an SAA operation E. state of the line protocol of an interface
Question 319:
Which option is used for anti-replay prevention in a Cisco IOS IPsec implementation?
A. session token B. one-time password C. time stamps D. sequence number E. nonce
D. sequence number
Question 320:
Which statement about Storm Control implementation on a switch is true?
A. Storm Control does not prevent disruption due to unicast traffic. B. Storm Control is implemented as a global configuration. C. Storm Control uses the bandwidth and rate at which a packet is received to measure the activity. D. Storm Control uses the bandwidth and rate at which a packet is dispatched to measure the activity. E. Storm Control is enabled by default.
C. Storm Control uses the bandwidth and rate at which a packet is received to measure the activity.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 351-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.