1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 231:

    Which statement about EAP chaining is true?

    A. It performs authentication on a device-only basis.
    B. It requires EAP-FAST authentication.
    C. It supports RADIUS and TACACS+ authentication
    D. It locks a unique certificate to BYOD devices to differentiate them from corporate-owned devices
    E. It can be deployed in an agentless environment
    F. By default, devices on which EAP chaining is not supported are immediately denied access to the network.

  • Question 232:

    In OpenStack, which two staements about the NOVA component are true?(Choose two)

    A. It provides the authentication and authorization services
    B. It launches virtual machine instances
    C. It is considered the cloud computing fabric controller
    D. It provides persistent block storage to running instances of virtual machines.
    E. It tracks cloud usage statistics for billing purposes.

  • Question 233:

    Which difference between DomainKeys and DKIM in a Cisco ESA deployment is true?

    A. Only DomainKeys support incoming-mail authentication
    B. AsyncOS supports mail signing fo DKIM only
    C. Bounce and delay messages can use DKIM only
    D. AsyncOS supports mail signing and incoming-mail authentication for DomainKeys only
    E. Bounce and delay messages can use DomainKeys only
    F. If DomainKeys and DKIM are associated to a mail flow AsyncOS uses only DKIM to sign outgoing messages
    G. Only DKIM supports incoming-mail verification.

  • Question 234:

    Which statement about enabling SMTP encryption on ESA is true?

    A. TLS can be enabled only for receiving
    B. Enabling TLS for receiving goes under the "Destination Controls" menu of mail policies
    C. It allows self-signed certificates to be used
    D. Enabling TLS is an optional step
    E. TLS can be enabled only for delivery
    F. It only allows certificates to be imported from CA

  • Question 235:

    How does Scavenger-class QoS mitigate DoS and worm attacks?

    A. It matches traffic from individual hosts against the specific network characteristics of known attack types
    B. It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is detected
    C. It monitors normal traffic flow and drops burst traffic above the normal rate for a single host
    D. It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from multiple hosts

  • Question 236:

    As an enterprise, you have decided to use Cisco Umbrella (OpenDNS) services for all public. DNS requests. In which two ways can you ensure that all DNS clients (endpoints) use this service for external requests only?(Choose two)

    A. Install the umbrella proxy server on all the supported operating systems and configure it appropriately
    B. Use DHCP to push the OpenDNS servers to the endpoints
    C. Install the Umbrella server in your data center that will provide these services locally
    D. Install the Umbrella client on all the supported operating systems and configure it appropriately
    E. Configure the OpenDNS servers as forwarders on your Internal DNS servers

  • Question 237:

    Which option does a wired MAB appear in ISE RADIUS live logs?

    A. (Radius:Service-Type equals Framed) and (Radius:NAS-Port-Type equals Ethernet)
    B. (Radius:Service-Type equals Call-Check) and (Radius:NAS-Port-Type equals Ethernet)
    C. (Radius:Service-Type equals Call-Check) and (Radius:NAT-Port-Type equals PPPoEoVLAN)
    D. (Radius:Service-Type equals Call-Check) and (Radius:NAS-Port-Type equals PPPoEoVLAN)

  • Question 238:

    Which two statements about MACSec are true?(Choose two)

    A. It can be enabled on individual ports at Layer 3 to allow MACsec devices to access the network.
    B. It encrypts packets at Layer 3, which allows devices to handle packets in accordance with network policies.
    C. It maintains network intelligence as it is applied to router uplinks and downlinks.
    D. It users symmetric-key encyption to protect data confidentiality.
    E. It can use IEEE 802.1x master keys to encrypt wired and wireless links.
    F. It works in conjunction with IEEE 802.1x - 2010 prot-based access control.

  • Question 239:

    Which type of attack uses a large number of spoofed MAC addresses to emulate wireless clients?

    A. DoS against a client station
    B. device-probing attack
    C. authentication-failure attack
    D. Airsnarf attack
    E. chopchop attack
    F. DoS against an access point

  • Question 240:

    DRAG DROP

    Drag and drop the DNS record types from the left to the matching descriptions to the right.

    Select and Place:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.