400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 21:

    Which Cisco Firepower Intrusion Event Impact level indicates the host on the monitored network vulnerable to the attack, and requires the most immediate urgent response to be taken?

    A. Impact Level 3
    B. Impact Level 4
    C. Impact Level 2
    D. Impact Level 0
    E. Impact Level 1

  • Question 22:

    Which statement about zone-based policy firewall implementation is true?

    A. A zone pair can have a zone as both source and destination
    B. All the interfaces of the device cannot be the part of the same zone
    C. An interface can be member of multiple zones
    D. By default, traffic between the interfaces in the same zone is dropped
    E. If an interface belongs to a zone, then the traffic to and from that interface is always allowed
    F. If default zone is enabled, then traffic from zone interface to non-zone interface is dropped

  • Question 23:

    Drag and drop the protocols on the left onto their descriptions on the right.

    Select and Place:

  • Question 24:

    Which two statements about the TTL value in an IPv4 header are true? (Choose two)

    A. It is a 4-bit value.
    B. It can be used for traceroute operations.
    C. When it reaches 0, the router sends an ICMP Type 11 message to the originator.
    D. Its maximum value is 128.
    E. It is a 16-bit value.

  • Question 25:

    Which two statements about ping flood attacks are true?(Choose two)

    A. They attack by sending ping requests to the broadcast address of the network
    B. They use SYN packets
    C. The attack is intended to overwhelm the CPU of the target victim
    D. They use UDP packes.
    E. They use ICMP packes.
    F. They attack by sending ping requests to the return address of the network.

  • Question 26:

    Which statement about NVGRE functionality is true?

    A. It allows physical Layer 2 topologies to be created on a virtual Layer 3 network
    B. In an NVGRE network the endpoints are not responsible for the NVGRE encapsulation removal
    C. It tunnels Ethernet frames inside an IP packet over a virtual network.
    D. It allows physical Layer 2 topologies to be created on a physical layer 3 network.
    E. In an NVGRE network, VSID must be unique
    F. It tunnels PPP frames inside an IP packet over a physical network
    G. In an NYGRE network, VSID i.s used to identify Layer 3 network address space

  • Question 27:

    Refer to the Exhibit. FMC with address161.1.7.15 is not seeing AMP Connectors scan events reported to AMP cloud from "testꞏpc" windows machine that belongs to "Protect" group. What could be the issue?

    A. The Windows machine belongs to an incorrect group in the AMP cloud policy
    B. FMC was not added in the AMP cloud
    C. The incorrect group is sheeted for the events ex~ort m the AMP cloud for the FMC.
    D. The Event must be viewed as a Connection event in the FMC
    E. The AMP cloud was not added in the FMC
    F. The Windows machine is not reporting scan events to the AMP cloud
    G. The Windows machine is not reporting events to the FMC

  • Question 28:

    Refer to the exhibit. A customer has opened a case with Cisco TAC reporting an issue that clients are unable to connect to the network using the guest account. Looking at the configuration of the switch. What cloud be the possible issue?

    aaa authentication login default group radius aaa authentication login NO_AUTH none aaa authentication login vty local aaa authentication dot1x default group radius aaa authentication network default group radius aaa accounting update newinfo aaa accounting dot1x default start-stop group radius ! aaa server radius dynamic-author client 161.1.7.14 server key cisco ! ip dhcp pool mabpc-pool network 60.1.1.0 255.255.255.0 default-router 60.1.1.2 ! cts sxp enable cts sxp default soure-ip 10.9.31.22 cts sxp connection peer 10.9.31.1 password default mode peer listener hold time 0 ! interfacce G1/0/9 switchport mode access ip device tracking maximum 10 authentication host mode multi-auth authentication order mab authentication priority mab authentication port-control auto mab ! ip access-list extended cwa_redirect permit ip any host 161.1.7.14 ! radius-server host 161.1.7/14 key cisco radius-server timeout 60

    A. CTS is incorrectly configured
    B. MAB should be disabled on the authentication port
    C. Dot1X is disabled on the authentication port
    D. There is an issue with the redirect ACL "cwa_redirect"
    E. AAA network authorization is incorrectly configrued
    F. Dynameic authorization configuration has incorrect RADIUS server
    G. There is an issue with the DHCP pool configuration

  • Question 29:

    How is the Cisco IronPort email data loss prevention licensed?

    A. It is a per-site license
    B. It comes free with iron Port Email Server
    C. It is a per-enterprise license
    D. It is a per-server license
    E. It is a per-user license

  • Question 30:

    Which statement is true about the traffic substitution and insertion attack?

    A. It is a form pivoting in the network
    B. It only works with FTP session
    C. It is form of a DoS attack
    D. It is an evasion technique
    E. It is form of a timing attack
    F. It is used for reconnaissance

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.