Download New Updated (Spring 2015) Cisco 351-018 Actual Tests 91-100

By | April 26, 2015




Which three statements are true about PIM-SM operations? (Choose three.)


A.      PIM-SM supports RP configuration using static RP, Auto-RP, or BSR.

B.      PIM-SM uses a shared tree that is rooted at the multicast source.

C.      Different RPs can be configured for different multicast groups to increase RP scalability.

D.      Candidate RPs and RP mapping agents are configured to enable Auto-RP.

E.       PIM-SM uses the implicit join model.

Correct Answer: ACD




An IPv6 multicast receiver joins an IPv6 multicast group using which mechanism?


A.      IGMPv3 report

B.      IGMPv3 join

C.      MLD report

D.      general query

E.       PIM join


Correct Answer: C




Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?


A.      !

ipv6 access-list test

deny ipv6 FF05::/16 any

deny ipv6 any FF05::/16


output omitted

permit ipv6 any any



B.      !

ipv6 access-list test

permit ipv6 any FF05::/16


output omitted

deny ipv6 any any



C.      !

ipv6 access-list test

deny ipv6 any any eq dns

deny ipv6 any any eq dhcp


output omitted

permit ipv6 any any



D.      !

ipv6 access-list test

deny ipv6 any 2000::/3


output omitted

permit ipv6 any any



E.       !

ipv6 access-list test

deny ipv6 any FE80::/10


output omitted

permit ipv6 any any



Correct Answer: A







Which two security measures are provided when you configure 802.1X on switchports that connect to corporate-controlled wireless access points? (Choose two.)


A.      It prevents rogue APs from being wired into the network.

B.      It provides encryption capability of data traffic between APs and controllers.

C.      It prevents rogue clients from accessing the wired network.

D.      It ensures that 802.1x requirements for wired PCs can no longer be bypassed by disconnecting the AP and connecting a PC in its place.


Correct Answer: AD




Which option explains the passive scan technique that is used by wireless clients to discover available wireless networks?


A.      listening for access point beacons that contain available wireless networks

B.      sending a null probe request

C.      sending a null association request

D.      listening for access point probe response frames that contain available wireless networks


Correct Answer: A




Which protocol can be used to encrypt traffic sent over a GRE tunnel?


A.      SSL

B.      SSH

C.      IPsec

D.      DH

E.       TLS


Correct Answer: C




Which three options are security measures that are defined for Mobile IPv6? (Choose three.)


A.      IPsec SAs are used for binding updates and acknowledgements.

B.      The use of IKEv1 or IKEv2 is mandatory for connections between the home agent and mobile node.

C.      Mobile nodes and the home agents must support ESP in transport mode with non-NULL payload authentication.

D.      Mobile IPv6 control messages are protected by SHA-2.

E.       IPsec SAs are used to protect dynamic home agent address discovery.

F.       IPsec SAs can be used to protect mobile prefix solicitations and advertisements.


Correct Answer: ACF




Which three statements are true about DES? (Choose three.)


A.      A 56-bit key is used to encrypt 56-bit blocks of plaintext.

B.      A 56-bit key is used to encrypt 64-bit blocks of plaintext.

C.      Each block of plaintext is processed through 16 rounds of identical operations.

D.      Each block of plaintext is processed through 64 rounds of identical operations.

E.       ECB, CBC, and CBF are modes of DES.

F.       Each Block of plaintext is processed through 8 rounds of identical operations.

G.      CTR, CBC, and OFB are modes of DES.


Correct Answer: BCE




Comparing and contrasting IKEv1 and IKEv2, which three statements are true? (Choose three.)


A.      IKEv2 adds EAP as a method of authentication for clients; IKEv1 does not use EAP.

B.      IKEv1 and IKEv2 endpoints indicate support for NAT-T via the vendor_ID payload.

C.      IKEv2 and IKEv1 always ensure protection of the identities of the peers during the negotiation process.

D.      IKEv2 provides user authentication via the IKE_AUTH exchange; IKEv1 uses the XAUTH exchange.

E.       IKEv1 and IKEv2 both use INITIAL_CONTACT to synchronize SAs.

F.       IKEv1 supports config mode via the SET/ACK and REQUEST/RESPONSE methods; IKEv2 supports only REQUEST/RESPONSE.


Correct Answer: ADE




Which three statements about GDOI are true? (Choose three.)


A.      GDOI uses TCP port 848.

B.      The GROUPKEY_PULL exchange is protected by an IKE phase 1 exchange.

C.      The KEK protects the GROUPKEY_PUSH message.

D.      The TEK is used to encrypt and decrypt data traffic.

E.       GDOI does not support PFS.


Correct Answer: BCD


Free VCE & PDF File for Cisco 351-018 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …