1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 331:

    What is the effect of the given command?

    control-plane host management-interface FastEhternet 0/0 allow ssh snmp

    A. It enables CoPP on the FastEthernet 0/0 interface for SSH and SNMP management traffic.
    B. It enables QoS policing on the control plane of the FastEthernet 0/0 interface.
    C. It enables MPP on the FastEthernet 0/0 interface, allowing only SSH and SNMP management traffic.
    D. It enables MPP on the FastEthernet 0/0 interface by enforcing rate-limiting for SSH and SNMP management traffic.
    E. It enables MPP on the FastEthernet 0/0 interface for SNMP management traffic and CoPP for all other protocols.

  • Question 332:

    Which statement is true regarding Private VLAN?

    A. A private VLAN domain can have only one primary VLAN
    B. Each secondary VLAN in a private VLAN domain must have a separate associated primary VLAN
    C. Each port in a private VLAN domain is a member of all the secondary VLANs in that domain
    D. In a private VLAN domain a secondary VLAN port needs to be an isolated port for it to be able to communicate with a layer-3 device
    E. In a private VLAN domain a secondary VlAN can have only one promiscuous port
    F. A subdomain in a primary VLAN domain must have a separate associated primary VLAN

  • Question 333:

    Which statement is correct regarding password encryption and integrity on a cisco IOS device?

    A. With "enable secret" missing in the configuration the console session cannot get privilege access using console password due to missing encryption
    B. The "enable password" is preferred over "enable secret" as it uses a stronger encryption algorithm
    C. The "service password-encryption" global command encrypts all the passwords except the CHAP secret
    D. The "username secret" command encrypts the password with SHA-256 hashing
    E. The "enable secret" uses MD5 for the password hashing
    F. The "service password-encryption" global command performs both encryption and hashing of all the passwords

  • Question 334:

    Router(config)#crypto key zeroize pubkey-chain

    Which effect of this command is true?

    A. The route immediately deletes its current public key from the cache and generates a new one.
    B. The public key of the remote peer is deleted from the router cache.
    C. The CA revokes the public key certificate of the router.
    D. The current public key of the router is deleted from the cache when the router reboots, and the router generates a new one.
    E. The router sends a request to the CA to delete the router certificate from its configuration.

  • Question 335:

    In SNORT rules, the rule header contains which five elements? (Choose five.)

    A. message
    B. source and destination ports
    C. direction operator
    D. name
    E. sid
    F. source and destination IP addresses and netmasks
    G. action
    H. protocol

  • Question 336:

    Which port is used by ISE pxGrid services for inter-node communication?

    A. UDP port 161 and 162
    B. TCP port 443
    C. TCP port 5222
    D. UDP port 9995

  • Question 337:

    Which tunnel type does the Cisco unified Wireless Solution use to map a provisioned guest WLAN to an anchor WLC?

    A. PEAP
    B. IPsec
    C. TLS
    D. GRE
    E. EAPoL
    F. EoIP

  • Question 338:

    Which three statements about SXP are true? (Choose three)

    A. To enable an access device to use IP device tracking to learn source device IP addresses, DHCP snooping must be configured
    B. Each VRF supports only one CTS-SXP connection
    C. It resides in the control plane, where connections can be initiated from a listener
    D. Separate VRFs require different CTS-SXP peers, but they can use the same source IP addresses
    E. The SGA ZBPF uses the SGT to apply forwarding decisions
    F. Packets can be tagged with SGTs only with hardware support

  • Question 339:

    DRAG DROP

    Select and Place:

  • Question 340:

    Which two characteristic of a loT network are true? (Choose two)

    A. loT network must be designed for low-powered devices
    B. The transmission rate in an loT network is consistent
    C. loT networks are 100% reliable
    D. loT networks use IS-IS for routing
    E. loT networks are bandwidth constrained

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.