400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 161:
Which file extensions are supported on the Firesight Management Center 6.1 file policies that can be analyzed dynamically using the Threat Grid Sandbox integration?
A. MSEXE MSOLE2 NEW-OFFICE PDF
B. DOCX WAV XLS TXT
C. TXT MSOLE2 WAV PDF
D. DOC MSOLE2 XML PDF -
Question 162:
Which statement about the failover link when ASAs are configured in the failover mode is true?
A. The information sent over the failover link can be in clear text
B. The information sent over the failover link cannot be sent in clear text, but it could be secured communication using a failover key
C. The Information sent over the failover link can be sent only as a secured communication
D. Fall over key ls not required for the secure communication over the failover link
E. Only the configuration replication that is sent across the link can be secured using a fall over key
F. It is not recommended to use secure communication over the 'allover link when ASA terminating the VPN tunnel -
Question 163:
DRAG DROP
Select and Place:
-
Question 164:
Which two characteristics of DTLS are true? (Choose two)
A. It supports long data transfers and connectionless data transfers.
B. It includes a retransmission method because it uses an unreliable datagram transport.
C. It includes a congestion control mechanism.
D. It is used mostly by applications that use application layer object-security protocols.
E. It completes key negotiation and bulk data transfer over a single channel.
F. It cannot be used if NAT exists along the path. -
Question 165:
Which three statements about WCCP are true? (Choose three)
A. If a specific capability is missing from the Capabilities Info Component, the router is assumed to support the default capability.
B. The web cache transmits its capabilities as soon as it receives a receive ID from a router.
C. The minimum WCCP-Fast Timers message interval is 500 ms.
D. The assignment method supports GRE encapsulation for sending traffic.
E. If the packet return method is missing from a packet return method advertisement, the web cache uses the Layer 2 rewrite method.
F. The router must receive a valid receive ID before it negotiates capabilities. -
Question 166:
DRAG DROP
Drag each attack type on the left to the matching attack category on the right.
Select and Place:
-
Question 167:
Which three statements are correct regarding EAP-Chaining? (Choose three)
A. Allows user and machine authentication with one RADIUS / EAP session
B. EAP-Chaining is enabled on AnyConnect NAM automatically when EAP-FAST user and machine authentication is enabled
C. EAP-FAST's PAC provisiong phase is responsible to establish SSH tunnel between supplicant and ISE to perform EAP-Chaining
D. EAP-Chaining is enabled on NAM automatically when EAP-TLS user and machine authentication is enabled
E. EAP-Chaining can only use EAP-FAST and requires the use of AnyConnect NAM
F. EAP-Chaining is supported on the Windows 802.1x supplicant
G. EAP-FAST does not allow to bind multiple authentication and this limitation is used for manual authentication in EAP-Chaining -
Question 168:
You have configured a site-to-site tunnel using static VTI, with IKEv2 On one of the routers, you continuously see the IKE session establish and then get torn down with a message that indicates a policy mismatch. Which option is a possible cause?
A. One router has its tunnel configured in GRE mode, and the other has its tunnel in IPsec mode.
B. Tunnel IP addressing is in different subnets
C. The incorrect IPsec profile applied to one of the routers
D. The preshared key is incorrect
E. The identities are not matching -
Question 169:
DRAG DROP
Drag each step in the configuration of a cisco ASA NSEL export to a NETFLOW collector on the left into the correct order of operations on the right?
Select and Place:
-
Question 170:
In ISO 27002, access control code of practice for Information Security Management serves which of the following objective?
A. Implement proper control of user, network and application access.
B. Prevent the physical damage of the resources.
C. Optimize the audit process.
D. Educating employees on security requirements and issues.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.