CCIE Security 350-018 V4.1 WRITTEN EXAM ESSENTIALS – Infrastructure, Connectivity, Communications, and Network Security

Back to Posts

CCIE Security 350-018 V4.1 WRITTEN EXAM ESSENTIALS – Infrastructure, Connectivity, Communications, and Network Security

In a series of blog posts, I will go over each of the Cisco’s official blueprint sections for CCIE Security 350-018 V4.1 written exam and call out the very essential topics and knowledge base that are must-know for passing the exam. Please note that all of our CCIE Written Exam Cert Study Guides include similar exam essentials at the end of each chapter to reinforce key concepts for our readers.

I hope that you find them useful!

  • During IP reassembly, the receives uses IP Identification field, More Fragment field, and Fragment Offset field to put the fragments together into an complete IP datagram
  • Transparent VTP mode doesn’t propagate VLAN changes to other switches
  • A transit FW must never drop an ICMP packet with Type 2/Code 0 (Packet too big) in order for PMTUd to function properly
  • A FW doing HTTP inspection is operating at OSI layer 7
  • OSPFv3 can use IPSec AH/ESP for authentication
  • Point to point communication is supported by both manual and GRE based IPv6 tunnels
  • EIGRP hello and acknowledgement packets use unreliable transport
  • Mobile IPv6 doesn’t need a foreign agent unlike IPv4
  • Mobile IPv6 supports natively supports route summarization
  • Cisco IBNS flexible authentication supports dot1x, MAB, and web authentication methods
  • Root and BPDU guard protect against STP packet alternation
  • Ports inside community PVLANs can communicate both among themselves and with others that are in promiscuous mode
  • In IPv6, transit IP nodes don’t perform any packet fragmentation. It is only performed by the source node of a large packet
  • OSPFv3 doesn’t use AuType and Authentication fields, it rather uses IPv6 AH and ESP for authentication
  • RFC 4214 defines ISATAP tunnel type
  • Protocol number 41 is used for IPv6 over IPv4 encapsulation
  • PIM-SM supports RP configuration with static RP, Auto RP and BSR
  • In PIM-SM operation, every multicast group can have its own RP to enhance RP scalability
  • An IPv6 receives joins an IPv6 multicast group using MLD report
  • wireless clients listen in for access point beacons that contain available wireless networks
  • Mobile IPv6 uses IPsec SAs for binding updates and acknowledgements
  • If ISE and wireless LAN control are not L2 adjacent, then you can use DHCP proxy and configure the Call Station ID Type to be “System MAC Address”
  • IPv6 SeND protects against rogue RAs. It also defines secure extensions for NDP
  • IPv6 SeND authorizes routers to advertise certain prefixes
  • BIDIR-PIM is best suited for applications that use many to many multicast communication
  • The native VLAN is used for untagged traffic on an 802.1Q trunk
  • Point to point GRE header is 4-byte long and uses protocol number 47
  • TKIP provides per packet keying and re-keying mechanisms. It also provides message integrity check.
  • Management frame protection mode appends a MIC to management frames. Client mode encrypts management frames
We hate spam as much as you do.

Comments (2)

  • Aamir

    Hi Paul,

    Thanks for your good work!!!!

    I am using your cert guide for taking my CCIE SECURITY WRITTEN EXAM v4.1. In addition to the guide what do you recommend should amount to a successful study plan?

    Thanks again!

    Aamir Aleem

    September 3, 2016 at 3:43 am
    • Paul Adam

      Hi Aamir,

      thanks for your feedback, I truly appreciate it.

      In addition to our study guides and practice questions, depending on prior experience and exposure, I’d recommend you to consider adding study resources, strictly fitting the Cisco’s official blueprint, in the form of:

      1. Online resources and books that cover blueprint topics, there are tons of free material out there. We have compiled some here.

      2. Hands-on, get a virtual rack or if you have access to equipment, do spend some hands-on time playing with the real stuff. It will enhance your confidence and help you prepare not just for written but also for the lab (the ultimate goal!).

      3. Follow us on twitter and other influencers who are creating tremendous amount of valuable learning material in the form of blogs.

      Best of luck in your exam prep..


      September 3, 2016 at 3:04 pm

Leave a Reply

Back to Posts
Did you know
Evolving Technologies V1.1 is now part of all CCIE/CCDE Written exams.
All of our study material is already updated with V1.1 material!
We hate spam as much as you do.