1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 1:

    ISE can be integrated with an MDM to ensure that only registered devices are allowed on the network, and use the MDM to push policies to the device. Devices can go in and out of compliance either due to policy changes on the MDM server, or another reason. Consider a device that has already authenticated on the network, and stays connected, but fails out of compliance. Which action can you take to ensure that a noncompliant device is checked periodically and reassessed before allowing access to the network?

    A. Enable change of authorization on MDM
    B. Fire-AMP connector scan can be used to relay posture information to ISE via FireAMP cloud
    C. The MDM agent periodically sends a packet with compliance info that the wireless controller can be used to limit network access
    D. Enable Period compliance checking on ISE
    E. Enable Change of authorization on ISE
    F. The MDM agent automatically disconnects the device from the network when it is noncompliant

  • Question 2:

    If a packet capture is taken between ISE and an endpoint to capture an EAP-TLS session, you will be able to see.

    A. Certificate and associated private keys from endpoints only
    B. Certificate from ISE only
    C. Certificate from ISE and the endpoint
    D. Certificate and associated private keys from ISE only

  • Question 3:

    Refer to the exhibit. There is no ICMP connectivity from BranchPC to the Engineering server at 192.168.4.1. Based on the provided FTD1 access policy and network topology in the exhibits.

    What could be the possible reason for this failure?

    A. The VLAN tags configuration is missing in the access rule
    B. The source network address is incorrect in the access rule
    C. The required port configuration is missing in the access rule
    D. The zone configuration is missing in the access rule
    E. The server network address is incorrect m the access rule
    F. The rule action is incorrect in the access rule

  • Question 4:

    Which three statements correctly describe the encoding used by NETCONF and RESTONF? (Choose three.)

    A. NETCONF uses YAML-encoded data
    B. RESTCONF uses XML-encoded data
    C. RESTCONF uses JSON-encoded data
    D. NETCONF uses JSON-encoded data
    E. RESTCONF uses YAML-encoded data
    F. NETCONF uses XML-encoded data

  • Question 5:

    Which four types of traffic should be allowed during an unknown posture state? (Choose four.)

    A. traffic from the Cisco AnyConnect client, with posture module, to ASA
    B. traffic to the public search engines
    C. DNS traffic
    D. traffic to the remediation servers, if needed
    E. SSH traffic for network device administration
    F. traffic to the ISE PSNs to which Client Provisioning Portal FQDN points
    G. DHCP traffic
    H. traffic to the FireAMP cloud for AMP for endpoint scan results

  • Question 6:

    Which two of the following probes can be configured on Cisco Identity service engine? (Choose two.)

    A. DHCP
    B. RADIUS
    C. HTTP
    D. FTP
    E. CTS
    F. SXP

  • Question 7:

    Which markup language is used to format Ansible's playbook?

    A. ADML
    B. NAML
    C. YAML
    D. HTML
    E. XML

  • Question 8:

    Which three policies are building blocks of vSmart policies architecture? (Choose three.)

    A. data policy
    B. control policy
    C. site policy
    D. bandwidth policy
    E. service policy
    F. application aware policy

  • Question 9:

    Which tool or program is a version control system?

    A. Git
    B. SmartC
    C. Travis Cl
    D. Logstash
    E. Jenkins

  • Question 10:

    Which two descriptions of the encoding formats supported by RESTONF and NETCONF are true? (Choose two.)

    A. NETCONF supports JSON and XML encoding.
    B. RESTCONF supports XML encoding.
    C. RESTCONF supports JSON encoding.
    D. NETCONF supports JSON encoding.
    E. RESTCONF supports JSON and XML encoding.
    F. NETCONF supports XML encoding.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.