Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 111:

  Which description of the AES encryption algorithm is true?

  A. It uses the block of 128 bits.
  B. Theoretically 3DES is more secure than AES.
  C. Is does not use the substitution and permutation principle
  D. Reapplying the same encryption key three times makes it less vulnerable than 3DES
  E. It provides only data integrity
  F. It uses three encryption keys of lengths 126, 192 and 256
  A. It uses the block of 128 bits.

• Question 112:

  Which description of a Botnet attack is true?

  A. It can be used to participate in DDoS
  B. It is form a wireless attack where the attacker installs an access point to create backdoor to a network
  C. It is launched by a collection of noncompromised machines co ntrolled by the Command and Control system
  D. It is I au nched by a single machine controlled by the Command and Control system
  E. It is form of a f ragmentation attack to evade an intrusion prevention security device
  F. It is a form of a man-in-the-middle attack where the compromised machine is controlled remotely.
  A. It can be used to participate in DDoS

• Question 113:

  Which are three conditions in which ISE profiler issues a CoA request to a NAD? (Choose three.)

  A. A profile policy exception is triggered.
  B. An endpoint is profiled for the first time.
  C. An endpoint disconnects from the network.
  D. An endpoint is deleted from the ISE Endpoint page.
  E. In the global profiler settings, CoA type set to "No CoA".
  A. A profile policy exception is triggered.
  B. An endpoint is profiled for the first time.
  D. An endpoint is deleted from the ISE Endpoint page.

• Question 114:

  

  Refer to the exhibit. Customer has opened a case with Cisco TAC reporting issue that clients are unable to connect to the network using guest account. Looking at the configuration of the switch, what possible issue?

  A. MAB should be disabled on the authentication port
  B. Dynamic authorization configuration has incorrect RADIUS server
  C. Issue with the DHCP pool configuration
  D. Dot1x is disabled on the authentication port
  E. AAA network authorization incorrectly configured
  F. CTS is incorrectly configured
  G. Issue with redirect ACL "cwa_redirect"
  G. Issue with redirect ACL "cwa_redirect"

• Question 115:

  

  Refer to the exhibit. Which two effects of this configuration are true? (Choose two)

  A. User five can execute the show run command.
  B. User five can view usernames and passwords.
  C. User superuser can change usernames and passwords.
  D. User superuser can view the configuration.
  E. User superuser can view usernames and passpords.
  F. User cisco can view usernames and passwords.
  A. User five can execute the show run command.
  D. User superuser can view the configuration.

• Question 116:

  

  Refer to the Exhibit. FMC with address161.1.7.15 not seeing AMP Connectors scan events reported to AMP cloud from "test-pc" windows machine that belongs to "Protect" group. What could be the issue?

  A. Windows machine not reporting scan events to AMP cloud.
  B. Windows machine not reporting events to FMC.
  C. Incorrect group is selected for the events export in AMP cloud for FMC.
  D. AMP cloud not added in FMC.
  E. FMC not added in AMP Cloud.
  F. Windows machine belongs to incorrect group in AMP cloud policy.
  G. Event should be viewed as "Connection" events in FMC.
  F. Windows machine belongs to incorrect group in AMP cloud policy.

• Question 117:

  Refer to the exhibit Which effect of this configuration is true?

  aaa-server network protocol radius aaa-server network (inside) host 10.20.10.10 aaa authentication enable console network LOCAL aaa authentication ssh console network LOCAL aaa authorization exec authenticaation server

  A. If the RADIUS server is unreachable, SSH users cannot authenticate.
  B. Users must be in the RADIUS server to access the serial console.
  C. Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS server
  D. All commands are validated by the RADIUS server before the device executes them.
  E. Only SSH users are authenticated against the RADIUS server.
  C. Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS server

• Question 118:

  How would you prevent making Cisco Email Security Appliance (ESA) an opened relay?

  A. Make sure to configure ESA RAT (Recipient Access Table) of Incoming Mail Listener (Public listener) so it accepts emails for all the domains ESA is responsible for and rejects emails towards all other recipient domains
  B. Handle this by specific configuration of Incoming Mail Flow policy
  C. Include all of your email domains into HAT table into one of the WHITELIST Sender Groups of your Public listener
  D. Make sure ESA Private listener has appropriate external sender domains explicitly included in RELAYLIST in Private Listener's HAT (Host Access Table)
  A. Make sure to configure ESA RAT (Recipient Access Table) of Incoming Mail Listener (Public listener) so it accepts emails for all the domains ESA is responsible for and rejects emails towards all other recipient domains

• Question 119:

  Which two statements about ICMP redirect messages are true? (Choose two)

  A. Redirects are only punted to the CPU if the packets are also source-routed.
  B. The messages contain an ICMP Type 3 and ICMP code 7.
  C. By default, configuring HSRP on the interface disables ICMP redirect functionality.
  D. They are generated when a packet enters and exits the same route interface.
  E. They are generated by the host to inform the router of an temate route to the destination.
  C. By default, configuring HSRP on the interface disables ICMP redirect functionality.
  D. They are generated when a packet enters and exits the same route interface.

• Question 120:

  

  Refer to the exhibit. Whih statement about effect of this configuration is true?

  A. It disabled the use of guest VLANS on the switch
  B. It blocks all EAPOL frames from passing through the switch
  C. It enables 802.1x globally on the switch
  D. It puts all ports on the switch into the authorized state.
  C. It enables 802.1x globally on the switch