351-018 Exam Details
-
Exam Code
:351-018 -
Exam Name
:CCIE Security written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:420 Q&As -
Last Updated
:Dec 09, 2021
Cisco 351-018 Online Questions & Answers
-
Question 81:
Which three statements regarding ISO 27002 and COBIT are correct? (Choose three.)
A. COBIT and ISO 27002 both define a best practices framework for IT controls.
B. COBIT focuses on information system processes, whereas ISO 27002 focuses on the security of the information systems.
C. ISO 27002 addresses control objectives, whereas COBIT addresses information security management process requirements.
D. Compared to COBIT, ISO 27002 covers a broader area in planning, operations, delivery, support, maintenance, and IT governance.
E. Unlike COBIT, ISO 27002 is used mainly by the IT audit community to demonstrate risk mitigation and avoidance mechanisms. -
Question 82:
Refer to the exhibit.
Why does the EasyVPN session fail to establish between the client and server?
A. incomplete IPsec phase-1 configuration on the server
B. incorrect IPsec phase-2 configuration on the server
C. incorrect group configuration on the client
D. ISAKMP key mismatch
E. incorrect ACL in the ISAKMP client group configuration -
Question 83:
policy-map type inspect ipv6 IPv6-map match header routing-type range 0 255 drop class-map outside-class match any policy-map outside-policy class outside-class inspect ipv6 IPv6-map service-policy outside-policy interface outside Refer to the exhibit.
Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?
A. policy-map type inspect ipv6 IPv6-map match ipv6 header count > 3
B. policy-map outside-policy class outside-class inspect ipv6 header count gt 3
C. class-map outside-class match ipv6 header count greater 3
D. policy-map type inspect ipv6 IPv6-map match header count gt 3 drop -
Question 84:
If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)
A. Configure the Call Station ID Type to be: "IP Address".
B. Configure the Call Station ID Type to be: "System MAC Address".
C. Configure the Call Station ID Type to be: "MAC and IP Address".
D. Enable DHCP Proxy.
E. Disable DHCP Proxy. -
Question 85:
Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?
A. PKI
B. TACACS+
C. multi-auth host mode
D. port security
E. 802.1x -
Question 86:
Refer to the exhibit.
What is the reason for the failure of the DMVPN session between R1 and R2?
A. tunnel mode mismatch
B. IPsec phase-1 configuration missing peer address on R2
C. IPsec phase-1 policy mismatch
D. IPsec phase-2 policy mismatch
E. incorrect tunnel source interface on R1 -
Question 87:
Which three statements about Cisco IOS RRI are correct? (Choose three.)
A. RRI is not supported with ipsec-profiles.
B. Routes are created from ACL entries when they are applied to a static crypto map.
C. Routes are created from source proxy IDs by the receiver with dynamic crypto maps.
D. VRF-based routes are supported.
E. RRI must be configured with DMVPN. -
Question 88:
Which four functionalities are built into the ISE? (Choose four.)
A. Profiling Server
B. Profiling Collector
C. RADIUS AAA for Device Administration
D. RADIUS AAA for Network Access
E. TACACS+ for Device Administration F. TACACS+ for Network Access
G. Guest Lifecycle Management -
Question 89:
In Cisco IOS, what is the result of the ip dns spoofing command on DNS queries that are coming from the inside and are destined to DNS servers on the outside?
A. The router will prevent DNS packets without TSIG information from passing through the router.
B. The router will act as a proxy to the DNS request and reply to the DNS request with the IP address of the interface that received the DNS query if the outside interface is down.
C. The router will take the DNS query and forward it on to the DNS server with its information in place of the client IP.
D. The router will block unknown DNS requests on both the inside and outside interfaces. -
Question 90:
What applications take advantage of a DTLS protocol?
A. delay-sensitive applications, such as voice or video
B. applications that require double encryption
C. point-to-multipoint topology applications
D. applications that are unable to use TLS
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 351-018 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.