Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 241:

  Which statement Is true regarding x.S09 certificate?

  A. The version number in the certificate is the OS version of CA
  B. The Subject distinguished name in the certificate is of the entity who issued the certificate
  C. The serial number in the certificate is common across the certificates issued by the same CA
  D. The algorithm in the certificate is used by the receiver to sign the certificate
  E. The issuer distinguished name in the certificate is of the entity issuing the certificate
  F. The algorithm in the certificate is used by the subject to encrypt the traffic
  E. The issuer distinguished name in the certificate is of the entity issuing the certificate

• Question 242:

  What are the three configurations in which SSL VPN can be implemented? (Choose three)

  A. WebVPN
  B. PVC Tunnel mode
  C. Thin-Client
  D. AnyConnect Tunnel Mode
  E. CHAP
  F. Clientless
  G. L2TP over IPsec
  C. Thin-Client
  D. AnyConnect Tunnel Mode
  F. Clientless

• Question 243:

  Which of the following Cisco products gives ability to interact with malware for its behavior analysis?

  A. NGIPS
  B. FMC
  C. ASA
  D. DNA
  E. Threat Grid
  F. pxGrid
  E. Threat Grid

• Question 244:

  Which three statements are true after a successful IPSec negotiation has taken place? (Choose three)

  A. After the IPsec tunnel is established data is encrypted using one set of DH-generated keying material
  B. After the IPsec tunnel is established data is encrypted using two sets of DH-generated keying material
  C. Two tunnels were established, the first one is for ISAKMP and IPsec negotiation and the second one is for data encryption as a result of IPsec negation
  D. The ISAKMP tunnel was established to authenticate the peer and discretely negotiate the IPsec parameters
  E. One secure channel and one tunnel were established, the secure channel was established by ISAKMP
  F. The ISAKMP secure channel was established to authenticate the peer and discretely negotiate the IPsec parameters.
  B. After the IPsec tunnel is established data is encrypted using two sets of DH-generated keying material
  C. Two tunnels were established, the first one is for ISAKMP and IPsec negotiation and the second one is for data encryption as a result of IPsec negation
  E. One secure channel and one tunnel were established, the secure channel was established by ISAKMP

• Question 245:

  Which are three remediation types that cannot be configured in stealth mode posture? (Choose three.)

  A. File remediation
  B. USB remediation
  C. Manual remediation
  D. Link remediation
  E. Path management remediation
  A. File remediation
  C. Manual remediation
  D. Link remediation

• Question 246:

  

  Refer to the exhibit R2 is configured as a WCCP router to redirect HTTP traffic for policy implementation to WSA at 171.1.7.12 with the passphrase used for authentication as "ccie". The redirection is for the traffic on R2 Gi2 interface in the inbound direction. There is an issue reported that websites are not accessible anymore. What could the cause be?

  A. There is an issue with WSA server listbinded for the redirection
  B. There is an issue with routing of traffic between R2 and WSA
  C. There is an issue with WCCP redirection applied on Gi2 interface
  D. There is an issue with destination servers defined for WCCP redirection
  E. There is an issue with WCCP passphrase configured on R2
  F. There is an issue with source network defined for WCCP redirection
  A. There is an issue with WSA server listbinded for the redirection

• Question 247:

  A device on your internal network is hard-coded with two DNS servers on the internet (1.1.1.53, 2.2.2.53). However, you want to send all requests to your OpenDNS server(208.67.222.222). Which set of commands do you run on the ASA to achieve this goal?

  A. Static (inside, outside) source any 1.1.1.53destination 208.61.222.222 eq domain Static (inside, outside) source any 2.2.2.53 destination 208.67.222.222 eq domain
  B. Static (inside, outside) source any 208.67.222.222destination 1.1.1.53 eq domain Static (inside, outside) source any 208.67.222.222 destination 2.2.2.53 eq domain
  C. Static (inside, outside) source any destination 208.67.222.222 eq domain
  D. Static (outside, inside) source any 208.67.222.222desination 1.1.1.56 eq domain Static (outside, inside) source any 208.67.222.222 destination 2.2.2.53 eq domain
  E. Net (inside, outside) source any 1.1.1.53 destination 208.67.222.222 eq domain Nat (inside, outside) source any 2.2.2.53 destination 208.67.222.222 eq domain
  F. Object network OpenDNS Host 208.67.222.222 ! Object network Rogue1-DNS Host 1.1.1.53 Object network Rogue2-DNS Host 2.2.2.53 ! Object-group network Rogue-DNS Network-object object Rogue1-DNS Network-object object Rogue2-DNS ! object service udp-DNS Service udp destination eq domain ! object service tcp-DNS Service tcp destination eq domain ! nat(inside, outside) source static any interface destination static Rogue-DNS OpenDNS service udp- DNS udp-DNS nat(inside, outside) source static any interface destination static Rogue-DNS OpenDNS service tcp- DNS tcp-DNS
  G. nat (inside, outside) source static any interface destination static Rogue-DNS OpenDNS service udp- DNS udp-DNs nat (inside, outside) source static any interface destination static Rogue-DNS OpenDNS service udp- DNS udp-DNS
  H. object network OpenDNS host 1.1.1.53 object network Rogue1-DNS host 2.2.2.53 ! Object-group network rogue1-DNS Network-object object Rogue1-DNS Network-object object Rogue2-DNS ! Object service udp-DNS Service udp destination eq domain ! Object service tcp-DNS Service tcp destination eq domain ! Nat (inside, outside) source static any interface destination static OpenDNS Rogue-DNS service udp- DNS udp-DNS Nat (inside, outside) source static any interface destination static OpenDNS Rogue-DNS service tcp- DNS tcp-DNS
  F. Object network OpenDNS Host 208.67.222.222 ! Object network Rogue1-DNS Host 1.1.1.53 Object network Rogue2-DNS Host 2.2.2.53 ! Object-group network Rogue-DNS Network-object object Rogue1-DNS Network-object object Rogue2-DNS ! object service udp-DNS Service udp destination eq domain ! object service tcp-DNS Service tcp destination eq domain ! nat(inside, outside) source static any interface destination static Rogue-DNS OpenDNS service udp- DNS udp-DNS nat(inside, outside) source static any interface destination static Rogue-DNS OpenDNS service tcp- DNS tcp-DNS

• Question 248:

  Which three options are fields in a CoA Request Response code packet?

  A. Calling-station-ID
  B. identifier
  C. state
  D. length
  E. acct-session-ID
  F. authenticator
  B. identifier
  D. length
  F. authenticator

• Question 249:

  Which effect of the crypto pki authenticate command is true?

  A. It sets the certificate enrollment method.
  B. It retrieves and authenticates a CA certificate.
  C. It configures a CA trustpoint.
  D. It displays the current CA certificate.
  B. It retrieves and authenticates a CA certificate.

• Question 250:

  Which two statements about MPP (Management Plane Protection) are true? (Choose two)

  A. It is supported on both distributed and hardware-swithched platforms.
  B. Only out-of-band management interfaces are supported.
  C. Only virtual interfaces associated with physical interfaces are supported.
  D. It is supported on both active and standby management interfaces.
  E. Only in-band management interfaces are supported.
  F. Only virtual interfaces associated with sub-interfaces are supported.
  C. Only virtual interfaces associated with physical interfaces are supported.
  E. Only in-band management interfaces are supported.