351-018 Exam Details
-
Exam Code
:351-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:420 Q&As -
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions & Answers
-
Question 71:
What is needed to verify a digital signature that was created using an RSA algorithm?
A. public key
B. private key
C. both public and private key
D. trusted third-party certificate -
Question 72:
What are two reasons for a certificate to appear in a CRL? (Choose two.)
A. CA key compromise
B. cessation of operation
C. validity expiration
D. key length incompatibility
E. certification path invalidity -
Question 73:
Which three statements about the RSA algorithm are true? (Choose three.)
A. The RSA algorithm provides encryption but not authentication.
B. The RSA algorithm provides authentication but not encryption.
C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.
D. The private key is never sent across after it is generated.
E. The public key is used to decrypt the message that was encrypted by the private key.
F. The private key is used to decrypt the message that was encrypted by the public key. -
Question 74:
The Wi-Fi Alliance defined two certification programs, called WPA and WPA2, which are based on the IEEE 802.11i standard. Which three statements are true about these certifications? (Choose three.)
A. WPA is based on the ratified IEEE 802.11i standard.
B. WPA2 is based on the ratified IEEE 802.11i standard.
C. WPA enhanced WEP with the introduction of TKIP.
D. WPA2 requires the support of AES-CCMP.
E. WPA2 supports only 802.1x/EAP authentication. -
Question 75:
What is the commonly known name for the process of generating and gathering initialization vectors, either passively or actively, for the purpose of determining the security key of a wireless network?
A. WEP cracking
B. session hijacking
C. man-in-the-middle attacks
D. disassociation flood frames -
Question 76:
Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
A. Only SMTP inspection is provided on the Cisco ASA firewall.
B. A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server.
C. ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.
D. SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.
E. ESMTP servers can identify the maximum email size they can receive by using the SIZE command. -
Question 77:
Which statement is true about an SNMPv2 communication?
A. The whole communication is not encrypted.
B. Only the community field is encrypted.
C. Only the query packets are encrypted.
D. The whole communication is encrypted. -
Question 78:
class-map nbar_rtp
match protocol rtp payload-type "0, 1, 4 - 0x10, 10001b - 10010b, 64"
The above NBAR configuration matches RTP traffic with which payload types?
A. 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 64
B. 0, 1, 4, 5, 6, 7, 8, 9, 10
C. 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 64
D. 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 64 -
Question 79:
Refer to the exhibit.
Which option describes the behavior of this configuration?
A. Devices that perform IEEE 802.1X should be in the MAC address database for successful authentication.
B. IEEE 802.1x devices must fail MAB to perform IEEE 802.1X authentication.
C. If 802.1X fails, the device will be assigned to the default guest VLAN.
D. The device will perform subsequent IEEE 802.1X authentication if it passed MAB authentication.
E. If the device fails IEEE 802.1X, it will start MAB again. -
Question 80:
If an incoming packet from the outside interface does not match an existing connection in the connection table, which action will the Cisco ASA appliance perform next?
A. drop the packet
B. check the outside interface inbound ACL to determine if the packet is permitted or denied
C. perform NAT operations on the packet if required
D. check the MPF policy to determine if the packet should be passed to the SSM
E. perform stateful packet inspection based on the MPF policy
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.