Blog
CCIE Security 350-018 V4.1 WRITTEN EXAM ESSENTIALS – Infrastructure, Connectivity, Communications, and Network Security
- June 21, 2016
- Posted by: Paul Adam
- Category: CCIE Security 350-018 V4.1
In a series of blog posts, I will go over each of the Cisco’s official blueprint sections for CCIE Security 350-018 V4.1 written exam and call out the very essential topics and knowledge base that are must-know for passing the exam. Please note that all of our CCIE Written Exam Cert Study Guides include similar exam essentials at the end of each chapter to reinforce key concepts for our readers.
I hope that you find them useful!
- During IP reassembly, the receives uses IP Identification field, More Fragment field, and Fragment Offset field to put the fragments together into an complete IP datagram
- Transparent VTP mode doesn’t propagate VLAN changes to other switches
- A transit FW must never drop an ICMP packet with Type 2/Code 0 (Packet too big) in order for PMTUd to function properly
- A FW doing HTTP inspection is operating at OSI layer 7
- OSPFv3 can use IPSec AH/ESP for authentication
- Point to point communication is supported by both manual and GRE based IPv6 tunnels
- EIGRP hello and acknowledgement packets use unreliable transport
- Mobile IPv6 doesn’t need a foreign agent unlike IPv4
- Mobile IPv6 supports natively supports route summarization
- Cisco IBNS flexible authentication supports dot1x, MAB, and web authentication methods
- Root and BPDU guard protect against STP packet alternation
- Ports inside community PVLANs can communicate both among themselves and with others that are in promiscuous mode
- In IPv6, transit IP nodes don’t perform any packet fragmentation. It is only performed by the source node of a large packet
- OSPFv3 doesn’t use AuType and Authentication fields, it rather uses IPv6 AH and ESP for authentication
- RFC 4214 defines ISATAP tunnel type
- Protocol number 41 is used for IPv6 over IPv4 encapsulation
- PIM-SM supports RP configuration with static RP, Auto RP and BSR
- In PIM-SM operation, every multicast group can have its own RP to enhance RP scalability
- An IPv6 receives joins an IPv6 multicast group using MLD report
- wireless clients listen in for access point beacons that contain available wireless networks
- Mobile IPv6 uses IPsec SAs for binding updates and acknowledgements
- If ISE and wireless LAN control are not L2 adjacent, then you can use DHCP proxy and configure the Call Station ID Type to be “System MAC Address”
- IPv6 SeND protects against rogue RAs. It also defines secure extensions for NDP
- IPv6 SeND authorizes routers to advertise certain prefixes
- BIDIR-PIM is best suited for applications that use many to many multicast communication
- The native VLAN is used for untagged traffic on an 802.1Q trunk
- Point to point GRE header is 4-byte long and uses protocol number 47
- TKIP provides per packet keying and re-keying mechanisms. It also provides message integrity check.
- Management frame protection mode appends a MIC to management frames. Client mode encrypts management frames
2 Comments
Leave a Reply Cancel reply
0 (0) Today, we live in a world where there is nothing, and I mean nothing, off the limits for cyberattacks and particularly ransomware attacks. Our hospitals, our universities, oil pipelines, and now even our meat is under cyberattack. The cyberattack that flattened the IT operations at JBS Foods over the weekend turns out was […]
0 (0) Ransomware has been a growing menace for years, but there has been a marked increase, during the recent months, in sophistication and level of innovation in this portion of the cybercrime underbelly. If you didn’t know, cybercrime comes in many different types, such as email and internet fraud, identity theft, financial theft like […]
0 (0) It’s time to check your Pulse. I mean your Pulse Connect Secure VPN appliance. Hackers have been exploiting several previously known and one zero-day vulnerabilities affecting Pulse Connect Secure aka PCS VPN appliances. They are targeting defense, government, and financial organizations around the world. According to FireEye, several threat actors have been exploiting […]
5 (1) OK, we now have another supply chain attack that could become the next big hack. When April fools’ jokes were being published online, one company known as Codecov discovered something that was far from a joke. So, who is Codecov? Codecov is one of the many DevOps tools out there. It provides hosted […]
5 (1) So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with […]
Hi Paul,
Thanks for your good work!!!!
I am using your cert guide for taking my CCIE SECURITY WRITTEN EXAM v4.1. In addition to the guide what do you recommend should amount to a successful study plan?
Thanks again!
Aamir Aleem
Hi Aamir,
thanks for your feedback, I truly appreciate it.
In addition to our study guides and practice questions, depending on prior experience and exposure, I’d recommend you to consider adding study resources, strictly fitting the Cisco’s official blueprint, in the form of:
1. Online resources and books that cover blueprint topics, there are tons of free material out there. We have compiled some here.
https://www.cciein8weeks.com/recommended-cisco-books/
2. Hands-on, get a virtual rack or if you have access to equipment, do spend some hands-on time playing with the real stuff. It will enhance your confidence and help you prepare not just for written but also for the lab (the ultimate goal!).
3. Follow us on twitter and other influencers who are creating tremendous amount of valuable learning material in the form of blogs.
Best of luck in your exam prep..
Paul