400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 191:
Which statement a bout the wireless security tech nologies is true?'
A. WPA2-PSK mode provides better security by having same passphrase across the network
B. WPA2 provides message integrity using AES
C. WPA2-PSK mode does not allow a passphrasçİ to be stored lo~cally on the device
D. WPA2 is more secure than WPA because it uses TKIP for encryption
E. WEP is more secure than WPA2 because it uses AES for encryption
F. WPA2-ENT mode does not require RADIUS for authentication -
Question 192:
What is the main benefit in placing the IPS behind the perimeter firewall instead of in front of the perimeter firewall?
A. Increase the number of true positives
B. Reduce the number of false positives
C. Increase the number of true negatives
D. Reduce the number of false negatives -
Question 193:
Which statement about securing TLS connections on the ESA is true?
A. The pre-configured demonstration certificate installed on the ESA can establish a secure, verifiable TLS connection
B. If you apply a certificate to an ESA in cluster mode, it is automatically propagated to the other ESAs in the cluster
C. Self-signed certificates and CA certificates can provide a verifiable connection. The ESA supports certificates in PKCS#7 and PKCS#12 format
D. Certificates that are imported to secure RLS connections can also be used by other services on the ESA including LDAP and HTTPS
E. The ESA encrypts all messages with a certificate before sending them over a TLS connection.
F. After a certificate is applied to an ESA Cluster using centralized management, new devices added to the cluster automatically adopt the existing certificate. -
Question 194:
Which two options are benefits of network summarization? (Choose two)
A. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.
B. It can increase the convergence of the network.
C. It can summarize discontiguous IP addresses.
D. It can easily be added to existing networks.
E. It reduces the number of routes. -
Question 195:
When an organization is choosing a cloud computing model to adopt, many considerations are studied to determine the most suitable model. To which model is cloud interdependency mainly attributed?
A. Hybrid cloud
B. Public cloud
C. Community cloud
D. Private cloud -
Question 196:
What IOS feature can header attacks by using packet-header information to classify traffic?
A. TTL
B. CAR
C. FPM
D. TOS
E. LLQ -
Question 197:
Which statement is true about Dual-Hub DMVPN implementation where each spoke has two connections, one to each hub via different ISPs.
A. It uses two tunnel interfaces on each hub to terminate connection from each spoke
B. It uses point-to-point GRE tunnel
C. It does not allow multipoint GRE tunnel
D. It does not allow tunnel protection using IPSec
E. It allows NHRP authentication
F. It uses a single tunnel interface on a spoke to connect two different hubs -
Question 198:
DRAG DROP
Select and Place:
-
Question 199:
Refer to the exhibit. AMP cloud is configured to report AMP Connector scan events from windows machine belong to "Audit" group to FMC but the scanned events are not showing up in FMC, what could be the possible cause?
A. AMP cloud is pointing to incorrect FMC address
B. Possible issues with certificate download from AMP cloud for FMC integration
C. Incorrect group is selected for the events export in AMP cloud for FMC
D. Event should be viewed as "Malware" event in FMC
E. DNS address is misconfigured on FMC
F. FMC is pointing to incorrect AMP cloud address -
Question 200:
If an ASA device is configured as a remote access IPsec server with RADIUS authentication and password management enabled, which type of authentication will it use?
A. RSA
B. MS-CHAPv2
C. MS-CHAPv1
D. NTLM
E. PAP
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.