1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 271:

    Refer to the exhibit. Which two effects of this configuration are true? (Choose two)

    A. The switch periodically sends an EAP-Identity-Request to the endpoint supplicant.
    B. The device allows multiple authenticated sessions for a single MAC address in the voice domain.
    C. If the TACACS+ server is unreachable, the switch places hosts on critical ports in VLAN 50.
    D. If the authentication priority is changed, the order in which authentication is performed also changes.
    E. If multiple hosts have authenticated to the same port, each can be in their own assigned VLAN.
    F. The port attempts 802.1x authentication first, and then falls back to MAC authentication bypass.

  • Question 272:

    Which statement about VRF-Lite implementation in a service provider network is true?

    A. It uses output interfaces to differentiate routes for different VPNs on the CE device.
    B. It disables the sharing of one CE device among multiple customers C. It supports multiple VPNs at a CE device with overlapping address spaces.
    D. It requires multiple links between CE and PE for each VPN connection to enable privacy.
    E. It can support only one VRF instance per CE device.
    F. It can have multiple VRF instances associated with a single interface on a CE device.

  • Question 273:

    Which Cisco NGFW interface mode can direct intrusion attempts inline but can't drop malicious traffic inline?

    A. Passive
    B. Transparent
    C. Inline Pair
    D. ERSPAN
    E. Inline Tap

  • Question 274:

    Which statement about a SMURF attack is true?

    A. It is used by the attackers to check if destination addresses are alive
    B. To mitigate the attack you must disable IP directed broadcast on the router interface
    C. It sends ICMP Echo Replies to known IP addresses in a subnet
    D. It sends ICMP Echo Replies to a spoofed source address of a subnet
    E. It exhausts the victim machine resources with large number of ICMP Echo Requests from a subnet
    F. The attacker uses a spoofed destination address to launch the attack

  • Question 275:

    Which three authorization technologies does Cisco TrustSec support? (Choose three)

    A. 802.1X
    B. SGACL
    C. DACL
    D. MAB
    E. SGT
    F. VLAN

  • Question 276:

    Your manager asks you to roughly determine the devices and their operating systems that are connected to a certain subnet in your enterprise environment. With which method or tool do you start your discovery process?

    A. ICMP
    B. Wireshark
    C. NMAP
    D. DNS servers
    E. Use your network infratructure(switches, wlcs) to collect the MAC addresses and that information

  • Question 277:

    Refer to the exhibit. R2 is configured as a WCCP router to redirect HTTP traffic for policy implementation sourced from 172.16.1.0/24 network to WSA at 171.1.7.21 with the passphrase used for authentication is "ccie". The redirection is for traffic on the R2 Gi2 interface in the in bound direction. An issue is reported that web sites are not accessible anymore. Which cause is true?

    A. There is an issue with the routing of traffic between R2 and WSA.
    B. There Is an Issue with the INCCP passphrase configured on R2.
    C. There Is an issue with the WCCP redirection applied G2 interface.
    D. There is an issue with the source network defined for WCCP redirection.
    E. There is an issue with the WSA server list binded for the redirection
    F. There is an issue with the destination servers defined for WCCP redirection

  • Question 278:

    Which two statemens about Cisco URL Filtering on Cisco IOS software are true?(Choose two)

    A. It supports Websense and N2H2 filtering at the same time.
    B. It supports local URL lists and third - party URL filtering servers
    C. By default, it uses ports 80 and 22.
    D. It supports HTTP and HTTPS traffic.
    E. By default, it allows all URLs when the connection to the filtering server is down.
    F. It requires minimal CPU time

  • Question 279:

    Drag each component of an Adaptive Wireless IPS deployment on the left to the matching description on the right

    Select and Place:

  • Question 280:

    Which security control in PCI-DSS is responsible for restrictive card holder data access?

    A. rapid threat containment of infected host using Lancope and ISE
    B. using strong encryption when sending card holder data over the network
    C. network access policy orchestration using DNAC
    D. realtime traffic analysis for malware using ThreatGRID
    E. identification of security vulnerabilities and their risk analysis
    F. creating users access policies based on the least privilege concept
    G. making sure card holder data is not recoverable after aut horization
    H. restricting public internet access to cardholder data environment

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.