1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 291:

    Which statement is t rue about a dual-hub DMVPN implementation where each spoke has two connect ions, one to each hub via different ISPs?

    A. It uses point-to-point GRE tunnel
    B. It allows tunnel protection using IPse
    C. It does not allow multipoint GRE tunnels
    D. It uses a single tunnel interface on a spoke to connect two different hubs
    E. It does not allow NHRP authentication
    F. It uses two tunnel interfaces on each hub to terminate connection from each spoke

  • Question 292:

    You deployed Unbrella Romaing through your Cisco AnyConnect deployment to secure your mobile workforce when they are not connected to VPN An employee is working at home and is connected to his home network. The employee reports that site that he is browsing to that uses his home's public IP to identify his account and provide service is reporting the incorrect IP address. As a result, none of the services are working as expected. When he uses a personal computer to access the same site, everything works as expected Which two options are possible causes of this issue?(Choose two)

    A. The Umbrella Roaming module is malfunctioning.
    B. The Cisco AnyConnect software is malfunctioning.
    C. Umbrella has identified the site as malicious and is proxying all traffic through its cloud service.
    D. The computer has the incorrect default gateway
    E. The computer is ; configured to use a proxy.

  • Question 293:

    When using Cisco FlexVPN to provide Remote Access for AnyConnect clients, which two of the following authentication are supported? (Choose two.)

    A. RSA encryption
    B. RSA Signature with certificates
    C. Extended authentication (XAUTH)
    D. Pre-shared keys
    E. Extensible Authentication Protocol (EAP)

  • Question 294:

    Refer to the exhibit. Which two effects of this configuration are true?(Choose two)

    authentication priority dot1q authentication order dot1 authentication event fail action next-method authentication event server dead action ************ vlan 50 authentication host-mode multi-auth authentication vielation restrict

    A. The switch penodically sends an EAP-identity-request to the endpoint supplicant.
    B. The device allows multiple authenticated sessions for a single MAC address in the voice domain
    C. If the TACACS+ server is unreachable, the switch places hosts on critical ports in VLAN 50
    D. If the authentication priority is changed, the order in which authentication is performed also changes.
    E. If multiple hosts have authenticated to the same port, each can be in their own assigned VLAN
    F. The port attempts 802.1x authentication first, and then falls back to MAC authentication bypass.

  • Question 295:

    Which statement about the TLS security protocol is true?

    A. TLS version 1.0 is less secure then SSL version 3.0
    B. The TLS and SSL versions can interoperate in the client-server handshake
    C. It is always recommended to disable TLS version 1.0 in the browser so that it only supports SSL for better security
    D. You need to replace SSL certificate with TLS certificate for successfu l TLS operation
    E. There are differences between TLS and SSL version 2 and 3
    F. It only supports data authentication for the client-server session using a browser

  • Question 296:

    Which description of SaaS is true?

    A. a service offering on-demand licensed applications for end users
    B. a service offering that allowing developers to build their own applications
    C. a service offering on-demand software downloads
    D. a service offering a software environment in which applications can be build and deployed.

  • Question 297:

    Which three statements about 802.1x multiauthentication mode are true? (Choose three)

    A. It is recommended for guest VLANs.
    B. On non-802.1x devices, it can support only one authentication method on a single port.
    C. Each multiauthentication port can support only one voice VLAN.
    D. It is recommended for auth-fall VLANs.
    E. It requires each connected client to authenticate individually.
    F. It can be deployed in conjunction with MDA functionality on voice VLANs.

  • Question 298:

    Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)

    A. It is a closed standard that manages directory-information services over distributed networks.
    B. It can combine AD attributes and LDAP attributes to configure group policies on the Cisco ASA.
    C. It uses attribute maps to map the AD memberOf attribute to the Cisco ASA Group-Policy attribute.
    D. It can assign a group policy to a user based on access credentials.
    E. It uses AD attribute maps to assign users to group policies configured under the WebVPN context.
    F. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies.

  • Question 299:

    What are the major components of a Firepower health monitor alert?

    A. The severity level, one or more alert responses, and a remediation policy.
    B. A health monitor, one or more alert responses, and a remediation policy.
    C. One of more health modules, the severity level, and an alert response.
    D. One of more health modules, one or more alert responses, and one or more alert actions.
    E. One health modules and one or more alert responses.

  • Question 300:

    (version 1)

    (version 2)

    Refer to the exhibit, what is the effect of the given service policy configuration?

    A. It blocks cisco.com, msn.com, and facebook.com and permit all other domains
    B. It blocks facebook.com, msn.com, cisco.com and google.com and permit all other domains
    C. It blocks all domains except facebook.com, msn.com, cisco.com and google.com
    D. It blocks all domains except cisco.com, msn.com, facebook.com

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.