CCIE Security 350-018 V4.1 WRITTEN EXAM ESSENTIALS

CCIE Security 350-018 V4.1 WRITTEN EXAM ESSENTIALS – Infrastructure, Connectivity, Communications, and Network Security

By Paul Adam CCIE Security 350-018 V4.1 2 Comments

In a series of blog posts, I will go over each of the Cisco’s official blueprint sections for CCIE Security 350-018 V4.1 written exam and call out the very essential topics and knowledge base that are must-know for passing the exam. Please note that all of our CCIE Written Exam Cert Study Guides include similar exam essentials at the end of each chapter to reinforce key concepts for our readers.

I hope that you find them useful!

During IP reassembly, the receives uses IP Identification field, More Fragment field, and Fragment Offset field to put the fragments together into an complete IP datagram
Transparent VTP mode doesn’t propagate VLAN changes to other switches
A transit FW must never drop an ICMP packet with Type 2/Code 0 (Packet too big) in order for PMTUd to function properly
A FW doing HTTP inspection is operating at OSI layer 7
OSPFv3 can use IPSec AH/ESP for authentication
Point to point communication is supported by both manual and GRE based IPv6 tunnels
EIGRP hello and acknowledgement packets use unreliable transport
Mobile IPv6 doesn’t need a foreign agent unlike IPv4
Mobile IPv6 supports natively supports route summarization
Cisco IBNS flexible authentication supports dot1x, MAB, and web authentication methods
Root and BPDU guard protect against STP packet alternation
Ports inside community PVLANs can communicate both among themselves and with others that are in promiscuous mode
In IPv6, transit IP nodes don’t perform any packet fragmentation. It is only performed by the source node of a large packet
OSPFv3 doesn’t use AuType and Authentication fields, it rather uses IPv6 AH and ESP for authentication
RFC 4214 defines ISATAP tunnel type
Protocol number 41 is used for IPv6 over IPv4 encapsulation
PIM-SM supports RP configuration with static RP, Auto RP and BSR
In PIM-SM operation, every multicast group can have its own RP to enhance RP scalability
An IPv6 receives joins an IPv6 multicast group using MLD report
wireless clients listen in for access point beacons that contain available wireless networks
Mobile IPv6 uses IPsec SAs for binding updates and acknowledgements
If ISE and wireless LAN control are not L2 adjacent, then you can use DHCP proxy and configure the Call Station ID Type to be “System MAC Address”
IPv6 SeND protects against rogue RAs. It also defines secure extensions for NDP
IPv6 SeND authorizes routers to advertise certain prefixes
BIDIR-PIM is best suited for applications that use many to many multicast communication
The native VLAN is used for untagged traffic on an 802.1Q trunk
Point to point GRE header is 4-byte long and uses protocol number 47
TKIP provides per packet keying and re-keying mechanisms. It also provides message integrity check.
Management frame protection mode appends a MIC to management frames. Client mode encrypts management frames