1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 201:

    Which two design options are best to reduce security concerns when adopting loT into an organization? (Choose two)

    A. Segment the Field Area Network from the Data Center network.
    B. Encrypt sensor data in transit.
    C. Ensure that application can gather and analyze data at the edge.
    D. Implement video analytics on IP cameras.
    E. Encrypt data at rest on all devices in the loT network.

  • Question 202:

    DRAG DROP

    Drag and drop each syslog facility code on the left onto its description on the right.

    Select and Place:

  • Question 203:

    How would you best describe Jenkins?

    A. An orchestration tool
    B. Continuous integration and delivery application
    C. Operations in a client/server model
    D. Web-based repository hosting service
    E. A REST client

  • Question 204:

    In which two ways does the OpenDNS Infrastructure ensure reliability? (Choose two)

    A. It ensures redundancy by using at least two teIecom carriers at each site.
    B. It limits caching to reduce the incidence of state and dead links.
    C. It uses a self-healing network to protect against individual failures.
    D. its networks we geographicaIly Integrated to reduce the potential Impact of local issues.
    E. Regional sites load-balance among one another to prevent bottlenecks.
    F. It uses multicast routing to ensure that requests are routes to the nearest data center.
    G. It uses a specialized form of multicast addressing called Geocast ensure the most efficient routing when a local site goes down

  • Question 205:

    Which statement about VRF-Ute implementation in a service provider network is true?

    A. It requires multiple links between CE and PE for each VPN connection to enable privacy
    B. It uses output interfaces to differentiate routes for different VPNs on the CE device
    C. It can only support one VRF Instance per CE device
    D. It can support multiple VPNs at a CE device with overlapping address space.
    E. It disables t he sharing of one CE device among multiple customers
    F. It can have multiple VRF instances associated with a single interface on a CE device

  • Question 206:

    Which two statements about Cisco VSG are true? (Choose two)

    A. Because it is deployed at Layer 2, it can be inserted without significant reengineering of the network.
    B. According to Cisco best practices, the VSG should use the same VLAN for VSM-VEM control traffic and management traffic.
    C. It uses optional IP-to-virtual machine mappings to simplify management of virtual machines.
    D. It uses the Cisco VSG user agent to register with the Cisco Prime Network Services Controller.
    E. It can be integrated with VMWare vCenter to provide transparent provisioning of policies and profiles.
    F. It has built-in intelligence for redirecting traffic and fast-path offload.

  • Question 207:

    A university has hired you as a consultant to advise them on the best method to prevent DHCP starvation attacks in the campus. They have already implemented DHCP snooping and port security to control the situation but those do not fully contain the issue. Which two actions do you suggest to fix this issue?(Choose two)

    A. Use the ip dhcp snooping limit rate command on trusted and untrusted interfaces set to the rate same value
    B. Use the ip dhcp snooping limit rate command only on untrusted interfaces and set the rate to suitable values that are relevant to the interface
    C. Use the ip dhcp snooping verify mac-address command to ensure that the source MAC address in the DHCP request matches the client hardware address (CHADDR) sent to the DHCP server
    D. Use the ip dhcp snooping limit rate command on Trusted and Untrusted interface and set the rate to suitable values that are relevant to each interface respectively
    E. Use the ip dhcp snooping verify mac-address command to ensure that the source MAC address in the DHCP request matches the client identifier (CLID) field send to the DHCP server

  • Question 208:

    Which four task items need to be performed for an effective rick assessment and to evaluate network posture? (Choose four)

    A. discovery
    B. baselining
    C. scanning
    D. notification
    E. validation
    F. escalation
    G. mitigation
    H. profiling

  • Question 209:

    Which command can be used to disable 802.1x on a switch interface?

    A. no authentication port-control
    B. authentication port-control disable
    C. authentication port-control force-authorized
    D. authentication control-direction both
    E. dot1x authentication disable
    F. no dot1x authentication

  • Question 210:

    Which statement about the pxGrid connection agent is true?

    A. It leverages Cisco ISE control functions to manage connections and share information between partner platforms.
    B. It supports an agentless solution for Cisco ISE.
    C. It manages the sharing of contextual information between partner platforms.
    D. It can fetch user information from Active Directory on behalf of a WSA or Cisco ISE.
    E. It fetches user information from Active Directory and transmits it to the pxGrid controller.
    F. It enables communication from the partner platform to the pxGrid controller.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.