400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 311:
Which option best describes RPL?
A. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
B. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two root border routers.
C. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
D. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router. -
Question 312:
Which statement about Cisco Firepower user agents is true?
A. User agents with the correct password can connect to the Firepower Management Center without additional configuration of the server.
B. They can be installed on Windows computers only
C. The user agent connection to the Firepower Management Center can be secured with IPsec
D. A single user agent can send data to up to 10 Firepower Management Centers simultaneously.
E. It supports multiple user-management options, including Active Directory and LDAP. -
Question 313:
Which option happens for traffic analysis is an inline, intrusion prevention and AMP for Firepower deployment?
A. Intrusion policy
B. Security intelligence
C. Access control rule
D. Network discovery policy
E. Network analysis policy
F. File policy
G. SSL policy -
Question 314:
Which two options are benefits of global ACLs? (Choose two)
A. They save memory because they work without being replicated on each interface.
B. They are more efficient because they are processed before interface access rules.
C. They are flexible because they match source and destination IP addresses for packets that arrive on any interface.
D. They only operate on logical interfaces.
E. They can be applied to multiple interfaces. -
Question 315:
Refer to the exhibit. ASA2 is configured for the cl ient less SSL VPN connection with DNS server at 150.1.7.201 that is reachable only from the Management0/0 interface. The incoming VPN session Is received on the outside Interface with authentication credentia is Username:ccie, Password: ccie ASA2 is configured for the self-signed certificate with trustpoint "ccietrust" enabled for the outside interface. It has been reported that resources accessibility is timing out after the VPN connection establishment. Which possible reason is true?
A. WebVPN must be enabled on the management interface
B. The tunnel group is tied up with the incorrect group policy
C. The DNS configuration is incorrect
D. The "cccieacl" must be configured for port 443
E. The management interface has an incorrect security level configured
F. The group policy has an incorrect banner value -
Question 316:
Which type of attack use a large number of spoofed MAC addresses to emulate wireless client?
A. DoS against an access point
B. Dos against a client station
C. chopchop attack
D. Airsnaf attack
E. device-probing attack
F. authentication-failure attack -
Question 317:
In which two modes can a private AMP cloud be deployed? (Choose two.)
A. internaI mode
B. hybrid mode
C. air gap mode
D. cloud-proxy mode
E. public mode
F. external mode -
Question 318:
Refer to the exhibit. One of the Windows machines in your network is having connectivity issues using 802.1x. Windows machines are setup to acquire an IP address from the DHCP server configured on the switch, which is supposed to hand over IP address from the 50.1.1.0/24 network, and forward AAA requests to the radius server at 161.1.7.14 using shared key "cisco". Knowing that interface Gi0/2 on the switch may receive authentication requests from other devices and looking at the provided switch configuration, what could be the possible cause of this failure?
aaa new model aaa authentication login default group radius aaa authentication login NO_AUTH none aaa authentication login vty local aaa authenticatio dot1x default group radius aaa authentication network default group radius aaa accounting dot1x default start-stop group radius ! username cisco privilege 15 password 0 cisco dot1x system-auth-control ! interface GigabitEthernet0/2 switchport mode access ip access-group Pre-Auth in authentication host-mode multi-auth authentication open authentication port-control auto dot1x pae authenticator ! vlan 50 interface Vlan50 ip address 50.1.1.1 255.255.255.0 ! ip dhcp excluded-address 50.1.1.1 ip dhcp pool pc-pool network 50.1.1.0 255.255.255.0 default-router 50.1.2.1 ! ip access-list extended Pre-Auth permit udp any eq bootpc any eq bootps deny ip any any ! radius server ccie address ipv4 161.1.7.4 auth-port 1645 acct-port 1646 key cisco ! line con 0 login authentication NO_AUTH line vty 0 4 login authentication vty
A. AAA network authorization is not configured.
B. 802.1X authentication is not enabled on interface Gi0/2.
C. 802.1X is disabled on the switch.
D. There is a RADIUS key mismatch.
E. An incorrect ip address is configured for SVI 50.
F. An incorrect default route is pushed on the supplicant.
G. Authentication for multiple host not configured on interface Gi0/2. -
Question 319:
Refer to the exhibit. Destination address with name "engineering_int" is visible to the outside as which of the following address?
A. 19.16.1.3
B. 192.168.1.3
C. 50.1.1.1
D. 161.1.7.14
E. 60.1.1.1
F. 19.16.2.3
G. 192.168.2.3 -
Question 320:
Which three types of addresses can the Botnet Filter feature of the Cisco ASA monitor? (Choose three)
A. Known allowed addresses
B. Dynamic addresses
C. Internal addresses
D. Ambiguous addresses
E. Known malware addresses
F. Listed addresses
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.