Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 261:

  Which statement about VRF-Lite implementation in a service provider network is true?

  A. It disables the sharing of one CE device among multiple customers
  B. It can have multiple VRF instances associated with a single interface on a CE device
  C. It requires multiple links between CE and PE for each VPN connection to enable privacy
  D. It supports multiple VPNs at aCE device but their address spaces must not overlap
  E. It uses input interfaces to differentiate routes for different VPNs on the CE device.
  F. It can support only one VRF instance per CE device.
  E. It uses input interfaces to differentiate routes for different VPNs on the CE device.

• Question 262:

  Which tool or program is a version control system?

  A. Git
  B. SmartC
  C. Travis Cl
  D. Logstash
  E. Jenkins
  A. Git

• Question 263:

  In a Cisco ISR with cloud Web Security Connector deployment, which command can you enter on the Cisco ISR G2 to verify connectivity to the CWS tower?

  A. Show policy-map
  B. Show service-policy
  C. Show ip nbar
  D. Show sw-module
  E. Mtrace
  F. Show content-scan summary
  A. Show policy-map

• Question 264:

  Which statements is true regarding ESA HAT configuration for the incoming mail?

  A. It points to the address of ESA management interface
  B. It points to the address of recipient mall server
  C. It points to the address of DNS server
  D. It points to the address of ESA listener interface
  E. It points to the recipient address
  F. It points to the sender address
  F. It points to the sender address

• Question 265:

  What are the most common methods that security auditors use to access an organization's security processes? (Choose two)

  A. physical observation
  B. social engineering attempts
  C. penetration testing
  D. policy assessment
  E. document review
  F. interviews
  A. physical observation
  F. interviews

• Question 266:

  Which two statements about ping flood attacks are true? (Choose two)

  A. They attack by sending ping requests to the broadcast address of the network.
  B. They use SYN packets.
  C. The attack is intended to overwhelm the CPU of the target victim.
  D. They use UDP packets.
  E. They use ICMP packets.
  F. They attack by sending ping requests to the return address of the network.
  C. The attack is intended to overwhelm the CPU of the target victim.
  E. They use ICMP packets.

• Question 267:

  Which statement about password encryption and integrity on a Cisco lOS device is true?

  A. The "enable secret" uses DES for the password hashing
  B. When "enable secret" is missing from the configuration, the console session cannot get privilege access using console password due to missing encryption
  C. The "service password-encryption" global command performs encryption and hashing of all the passwords.
  D. The "enable password" is preferred over "enable secret" because it uses a stronger encryption algorithm
  E. The "username secret " command encrypts the password with SHA-256 hashing
  F. The "service password-encryption" globaI command encrypts all the passwords
  F. The "service password-encryption" globaI command encrypts all the passwords

• Question 268:

  Which two statements are t rue about FireAMP private cloud deployment? (Choose two)

  A. It can be deployed as hybrid mode
  B. It can be deployed as air gap or cloud-proxy mode
  C. When deployed as cloud-proxy mode internet connection is required for dispositions
  D. It can be as an external mode
  E. It can be deployed as internal mode
  F. It can be deployed as public mode
  B. It can be deployed as air gap or cloud-proxy mode
  C. When deployed as cloud-proxy mode internet connection is required for dispositions

• Question 269:

  Refer to the exhibit. A customer has opened a case with Cisco TAC reporting an issue that one of the Windows client supposed to logion to the network using MAB is no longer able to access any allowed resources. Looking at the configuration of the switch. What cloud be the possible issue?

  aaa authentication login default group radius aaa authentication login NO_AUTH none aaa authentication login vty local aaa authentication dot1x default group radius aaa authentication network default group radius aaa accounting update newinfo aaa accounting dot1x default start-stop group radius ! aaa server radius dynamic-author client 161.1.7.14 server key cisco ! ip dhcp excluded-address 60.1.1.11 ip dhcp excluded-address 60.1.1.2 ! ip dhcp pool mabpc-pool network 60.1.1.0 255.255.255.0 default-router 60.1.1.2 ! cts sxp enable cts sxp default soure-ip 10.9.31.22 cts sxp connection peer 10.9.31.1 password default mode peer listener hold time 0 ! interfacce G1/0/9 switchport mode access ip device tracking maximum 10 authentication host mode multi-auth authentication port-control auto ! radius-server host 161.1.7.14 key cisco radius-server timeout 60 ! line con 0 login authentication NO_AUTH

  A. There is an issue with the DHCP pool configuration
  B. There is an issue with the CoA configuration
  C. AAA authorzation is incorrectly configured
  D. incorrect CTS configuration on the switch
  E. Dot1x should be globally disabled for the MAB to work
  F. The Switch is properly configured and the issue is on the radius server
  G. Authentication port Gi1/0/9 is not configured to perform Dot1x
  G. Authentication port Gi1/0/9 is not configured to perform Dot1x

• Question 270:

  DRAG DROP

  Drag and drop each RADIUS packet field on the left onto the matching description on the right.

  Select and Place: