CCIE Security 350-018 V4.1 WRITTEN EXAM ESSENTIALS – Infrastructure, Connectivity, Communications, and Network Security

In a series of blog posts, I will go over each of the Cisco’s official blueprint sections for CCIE Security 350-018 V4.1 written exam and call out the very essential topics and knowledge base that are must-know for passing the exam. Please note that all of our CCIE Written Exam Cert Study Guides include similar exam essentials at the end of each chapter to reinforce key concepts for our readers.

I hope that you find them useful!

• During IP reassembly, the receives uses IP Identification field, More Fragment field, and Fragment Offset field to put the fragments together into an complete IP datagram
• Transparent VTP mode doesn’t propagate VLAN changes to other switches
• A transit FW must never drop an ICMP packet with Type 2/Code 0 (Packet too big) in order for PMTUd to function properly
• A FW doing HTTP inspection is operating at OSI layer 7
• OSPFv3 can use IPSec AH/ESP for authentication
• Point to point communication is supported by both manual and GRE based IPv6 tunnels
• EIGRP hello and acknowledgement packets use unreliable transport
• Mobile IPv6 doesn’t need a foreign agent unlike IPv4
• Mobile IPv6 supports natively supports route summarization
• Cisco IBNS flexible authentication supports dot1x, MAB, and web authentication methods
• Root and BPDU guard protect against STP packet alternation
• Ports inside community PVLANs can communicate both among themselves and with others that are in promiscuous mode
• In IPv6, transit IP nodes don’t perform any packet fragmentation. It is only performed by the source node of a large packet
• OSPFv3 doesn’t use AuType and Authentication fields, it rather uses IPv6 AH and ESP for authentication
• RFC 4214 defines ISATAP tunnel type
• Protocol number 41 is used for IPv6 over IPv4 encapsulation
• PIM-SM supports RP configuration with static RP, Auto RP and BSR
• In PIM-SM operation, every multicast group can have its own RP to enhance RP scalability
• An IPv6 receives joins an IPv6 multicast group using MLD report
• wireless clients listen in for access point beacons that contain available wireless networks
• Mobile IPv6 uses IPsec SAs for binding updates and acknowledgements
• If ISE and wireless LAN control are not L2 adjacent, then you can use DHCP proxy and configure the Call Station ID Type to be “System MAC Address”
• IPv6 SeND protects against rogue RAs. It also defines secure extensions for NDP
• IPv6 SeND authorizes routers to advertise certain prefixes
• BIDIR-PIM is best suited for applications that use many to many multicast communication
• The native VLAN is used for untagged traffic on an 802.1Q trunk
• Point to point GRE header is 4-byte long and uses protocol number 47
• TKIP provides per packet keying and re-keying mechanisms. It also provides message integrity check.
• Management frame protection mode appends a MIC to management frames. Client mode encrypts management frames