Cisco 351-018 Online Practice
Questions and Exam Preparation
351-018 Exam Details
Exam Code
:351-018
Exam Name
:CCIE Security written
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:420 Q&As
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions &
Answers
Question 31:
Refer to the exhibit, which shows a partial output of the show command.
Which statement best describes the problem?
A. Context vpn1 is not inservice. B. There is no gateway that is configured under context vpn1. C. The config has not been properly updated for context vpn1. D. The gateway that is configured under context vpn1 is not inservice.
A. Context vpn1 is not inservice.
Question 32:
Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)
A. Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription B. Cisco ISR G2 Router with SECK9 and ScanSafe subscription C. Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers D. Cisco Web Security Appliance with ScanSafe subscription
B. Cisco ISR G2 Router with SECK9 and ScanSafe subscription C. Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers
Question 33:
Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)
A. Microsoft Windows registry keys B. the existence of specific processes in memory C. the UUID of an Apple iPad or iPhone D. if a service is started on a Windows host E. the HTTP User-Agent string of a device F. if an Apple iPad or iPhone has been "jail-broken" G. if an antivirus application is installed on an Apple MacBook
A. Microsoft Windows registry keys B. the existence of specific processes in memory D. if a service is started on a Windows host G. if an antivirus application is installed on an Apple MacBook
Question 34:
Refer to the exhibit.
When configuring a Cisco IPS custom signature, what type of signature engine must you use to block podcast clients from accessing the network?
A. service HTTP B. service TCP C. string TCP D. fixed TCP E. service GENERIC
A. service HTTP
Question 35:
crypto gdoi group gdoi_group
identity number 1234
server local
sa receive-only
sa ipsec 1
profile gdoi-p
match address ipv4 120
Which statement about the above configuration is true?
A. The key server instructs the DMVPN spoke to install SAs outbound only. B. The key server instructs the GDOI group to install SAs inbound only. C. The key server instructs the DMVPN hub to install SAs outbound only. D. The key server instructs the GDOI spoke to install SAs inbound only.
B. The key server instructs the GDOI group to install SAs inbound only.
Question 36:
Identify three IPv6 extension headers? (Choose three.)
A. traffic class B. flow label C. routing D. fragment E. encapsulating security payload
C. routing D. fragment E. encapsulating security payload
Question 37:
Which three LSA types are used by OSPFv3? (Choose three.)
A. Link LSA B. Intra-Area Prefix LSA C. Interarea-prefix LSA for ASBRs D. Autonomous system external LSA E. Internetwork LSA
A. Link LSA B. Intra-Area Prefix LSA D. Autonomous system external LSA
Question 38:
Which three features describe DTLS protocol? (Choose three.)
A. DTLS handshake does not support reordering or manage loss packets. B. DTLS provides enhanced security, as compared to TLS. C. DTLS provides block cipher encryption and decryption services. D. DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery. E. DTLS is used by application layer protocols that use UDP as a transport mechanism. F. DTLS does not support replay detection.
C. DTLS provides block cipher encryption and decryption services. D. DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery. E. DTLS is used by application layer protocols that use UDP as a transport mechanism.
Question 39:
What is a primary function of the SXP protocol?
A. to extend a TrustSec domain on switches that do not support packet tagging with SGTs B. to map the SGT tag to VLAN information C. to allow the SGT tagged packets to be transmitted on trunks D. to exchange the SGT information between different TrustSec domains
A. to extend a TrustSec domain on switches that do not support packet tagging with SGTs
Question 40:
Which Cisco ASA feature can be used to update non-compliant antivirus/antispyware definition files on an AnyConnect client?
A. dynamic access policies B. dynamic access policies with Host Scan and advanced endpoint assessment C. Cisco Secure Desktop D. advanced endpoint assessment
B. dynamic access policies with Host Scan and advanced endpoint assessment
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 351-018 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.