351-018 Exam Details
-
Exam Code
:351-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:420 Q&As -
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions & Answers
-
Question 51:
The address of an inside client is translated from a private address to a public address by a NAT router for access to an outside web server. What term describes the destination address (client) after the outside web server responds, and before it hits the NAT router?
A. inside local
B. inside global
C. outside local
D. outside global -
Question 52:
In an 802.11 wireless network, what would an attacker have to spoof to initiate a deauthentication attack against connected clients?
A. the BSSID of the AP where the clients are currently connected
B. the SSID of the wireless network
C. the MAC address of the target client machine
D. the broadcast address of the wireless network -
Question 53:
DRAG DROP
Select and Place:
-
Question 54:
Which spanning-tree mode supports a separate spanning-tree instance for each VLAN and also supports the 802.1w standard that has a faster convergence than 802.1D?
A. PVST+
B. PVRST+
C. PVST
D. CST
E. MST
F. RST -
Question 55:
What mechanism does SSL use to provide confidentiality of user data?
A. symmetric encryption
B. asymmetric encryption
C. RSA public-key encryption
D. Diffie-Hellman exchange -
Question 56:
Refer to the exhibit.
Which statement regarding the output is true?
A. Every 1800 seconds the secondary name server will query the SOA record of the primary name server for updates.
B. If the secondary name server has an SOA record with the serial number of 10973815, it will initiate a zone transfer on the next cycle.
C. Other DNS servers will cache records from this domain for 864000 seconds (10 days) before requesting them again.
D. Email queries concerning this domain should be sent to "[email protected]".
E. Both primary and secondary name servers will clear (refresh) their caches every 7200 seconds to ensure that up-to-date information is always in use. -
Question 57:
error: % Invalid input detected at '^' marker.
Above error is received when generating RSA keys for SSH access on a router using the crypto key generate rsa command. What are the reasons for this error? (Choose two.)
A. The hostname must be configured before generating RSA keys.
B. The image that is used on the router does not support the crypto key generate rsa command.
C. The command has been used with incorrect syntax.
D. The crypto key generate rsa command is used to configure SSHv2, which is not supported on Cisco IOS devices. -
Question 58:
Which three fields are part of the AH header? (Choose three.)
A. Source Address
B. Destination Address
C. Packet ICV
D. Protocol ID
E. Application Port
F. SPI identifying SA
G. Payload Data Type Identifier -
Question 59:
Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)
A. range of IP addresses
B. subnet of IP addresses
C. destination IP NAT translation
D. source IP NAT translation
E. source and destination FQDNs
F. port and protocol ranges -
Question 60:
Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall to allow PMTUD?
A. ICMPv6 Type 1 Code 0 no route to host
B. ICMPv6 Type 1 Code 1 communication with destination administratively prohibited
C. ICMPv6 Type 2 Code 0 packet too big
D. ICMPv6 Type 3 Code 1 fragment reassembly time exceeded
E. ICMPv6 Type 128 Code 0 echo request
F. ICMPv6 Type 129 Code 0 echo reply
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.