400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 1:

    What are the advantages of using LDAP over AD?

    A. LDAP does not require ISE to join the AD domain
    B. The closest LDAP servers are used for authentication
    C. LDAP provides for faster authentication
    D. LDAP allows for granular policy control, whereas AD does not.
    E. LDAP can be configured to use a primary and secondary server, whereas AD cannot

  • Question 2:

    Which three protocols are used by the management plane in a Cisco lOS device? (Choose three)

    A. Telnet
    B. HTTPS
    C. TLS
    D. RIP
    E. 3DES
    F. CHAP
    G. SSH
    H. PAP
    I. DHCP

  • Question 3:

    Which describes a capability of Stealth Watch?

    A. It triggers an alerts as soon as the Concern index (CI) value goes down by one point
    B. It uses the base line of normal behavior pre-configured by the user
    C. Target index (TI) is same as Concern (CI) but it works on file sharing activities
    D. Stealth Watch Flow sensor component is responsible to increment Concern Index (CI)
    E. It uses the TCP SYN packets to detect anomalies in the network devices
    F. It uses the Concern index to detect host anomalies

  • Question 4:

    Which best practice can limit inbound TTL expiry attacks?

    A. Setting the TTL value to zero
    B. Setting the TTL value to more than longest path in the network
    C. Setting the TTL value equal to the longest path in the network.
    D. Setting the TTL value to less than the logest path in the network

  • Question 5:

    Refer to the exhibit. Customer has opened a case with Cisco TAC reporting issue that one of the Windows client supposed to login to the network using MAB is no longer able to access any allowed resources. Looking at the configuration of the switch, what could be the possible cause of MAB failure?

    A. AAA authorization is incorrectly configured
    B. Switch configuration is properly configured and the issue is on the radius server.
    C. Incorrect CTS configuration on switch
    D. Issue with CoA configuration
    E. Dot1x should be globally disabled for the MAC to work
    F. Issue with the DHCP pool configuration
    G. Authentication port G1/0/9 is not configured to perform MAB

  • Question 6:

    Drag the PCI-DSS requirements on the left to its security controls on the right

    Select and Place:

  • Question 7:

    Refer to the exhibit. One of the Windows machines in your network is experiencing a Dot1x authentication failure. Windows machines are setup to acquire an IP address from the DHCP server configured on the switch, which is supposed to hand over IP addresses from the 50.1.1.0/24 network, and forward AAA requests to the radius server at 161.1.7.14. Knowing that interface Gi0/2 on the switch may receive authentication requests from other devices and looking at the provided switch configuration, what could be the possible cause of this failure?

    aaa new model aaa authentication login default group radius aaa authentication login NO_AUTH none aaa authentication login vty local aaa authentication dot1x default group radius aaa accounting dot1x default start-stop group radius ! username cisco privilege 15 password 0 cisco dot1x system-auth-control ! interface GigabitEthernet0/2 switchport mode access ip access-group Pre-Auth in authentication host-mode multi-auth authentication port-control auto dot1x pae authenticator ! vlan 50 interface Vlan50 ip address 50.1.1.1 255.255.255.0 ! ip dhcp excluded-address 50.1.1.1 ip dhcp pool pc-pool network 50.1.1.0 255.255.255.0 default-router 50.1.1.1 ! ip access-list extended Pre-Auth permit udp any eq bootpc any eq bootps deny ip any any ! radius server ccie address ipv4 161.1.7.14 auth-port 1645 acct-port 1646 key cisco ! line con 0 login authentication NO_AUTH line vty 0 4 login authentication vty

    A. aaa login authentication is not configured
    B. authentication port-control is not set on interface gi0/2
    C. an incorrect dhcp pool is configured
    D. aaa dot1x authentication is not configured
    E. Open authentication is not enabled on interface gi0/2
    F. an incorrect radius server address is defined
    G. an incorrect pre-authentication acl is configured

  • Question 8:

    Which two statements about Cisco AMP for Web Security are true? (Choose two)

    A. It can detect and block malware and other anomalous traffic before it passes through the Web gateway.
    B. It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity
    C. It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats
    D. It continues monitoring files after they pass the Web gateway
    E. It can prevent malicious data exfiltration by blocking critical files from exiting through the Web gateway
    F. It can perform reputation-based evaluation and blocking by uploading of incoming files to a cloud- based threat intelligence network

  • Question 9:

    Which requirements for the FTD high avai lability setup is true?

    A. Units must not synchronize using the same NTP source
    B. Units must have DHCP configured for the interfaces.
    C. Units must have the same major, minor, and maintenance software version running on them or Units must have the same major software version running on them, minor and maintenance version could be different
    D. Units can have any uncommitted changes on FMC and need not be fully deployed
    E. Units must be in different domains in FMC
    F. Units must be configured in routed mode.
    G. Units must be configured in transparent mode

  • Question 10:

    When TCP Intercept is enabled in its default mode, how does it react to a SYN request?

    A. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established.
    B. It monitors the attempted connection and drops it if it fails to establish within 30 seconds.
    C. It allows the connection without inspection.
    D. It intercepts the SYN before it reaches the server and responds with a SYN-ACK.
    E. It drops the connection.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.