1. Home
  2. Cisco
  3. 351-018

Cisco 351-018 Online Practice Questions and Exam Preparation

351-018 Exam Details

  • Exam Code
    :351-018
  • Exam Name
    :CCIE Security written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :420 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 351-018 Online Questions & Answers

  • Question 321:

    Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)

    A. PEAP
    B. EAP-TLS
    C. EAP-FAST
    D. EAP-TTLS
    E. EAPOL
    F. EAP-RADIUS
    G. EAP-MD5

  • Question 322:

    Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)

    A. confidentiality and integrity of customer records and credit card information
    B. accountability in the event of corporate fraud
    C. financial information handled by entities such as banks, and mortgage and insurance brokers
    D. assurance of the accuracy of financial records
    E. US Federal government information
    F. security standards that protect healthcare patient data

  • Question 323:

    Which two statements about the fragmentation of IPsec packets in routers are true? (Choose two.)

    A. By default, the IP packets that need encryption are first encrypted with ESP. If the resulting encrypted packet exceeds the IP MTU on the egress physical interface, then the encrypted packet is fragmented and sent out.
    B. By default, the router knows the IPsec overhead to add to the packet. The router performs a lookup if the packet will exceed the egress physical interface IP MTU after encryption, then fragments the packet and encrypts the resulting IP fragments separately.
    C. increases CPU utilization on the decrypting device.
    D. increases CPU utilization on the encrypting device.

  • Question 324:

    DRAG DROP

    Select and Place:

  • Question 325:

    Which two options best describe the authorization process as it relates to network access? (Choose two.)

    A. the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store
    B. the process of providing network access to the end user
    C. applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user
    D. the process of validating the provided credentials

  • Question 326:

    Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)

    A. update
    B. query
    C. reply
    D. hello
    E. acknowledgement

  • Question 327:

    Which NTP stratum level means that the clock is unsynchronized?

    B. 1
    C. 8
    D. 16

  • Question 328:

    Which of the following provides the features of route summarization, assignment of contiguous blocks of addresses, and combining routes for multiple classful networks into a single route?

    A. classless interdomain routing
    B. route summarization
    C. supernetting
    D. private IP addressing

  • Question 329:

    Refer to the exhibit.

    Identify the behavior of the ACL if it is applied inbound on E0/0.

    A. The ACL will drop both initial and noninitial fragments for port 80 only.
    B. The ACL will pass both initial and non-initial fragments for port 80 only.
    C. The ACL will pass the initial fragment for port 80 but drop the noninitial fragment for any port.
    D. The ACL will drop the initial fragment for port 80 but pass the noninitial fragment for any port.

  • Question 330:

    A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue?

    A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.
    B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split- tunnel-list containing the local LAN addresses that are relevant to the client.
    C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.
    D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.
    E. The Cisco Easy VPN client machine needs to have multiple NICs to support this.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.