Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 341:

  DRAG DROP

  Drag each Management Frame Protection feature on the Left to the function it performs on the right.

  Select and Place:

  

  

• Question 342:

  You are inspecting Cisco Email Security Appliance (ESA) mail_logs, and find the following log lines:

  

  Which two off the following statements are true?

  A. E-mail message was not delivered successfully to the remote SMTP server yet, but it is queued by ESA for further delivery
  B. ESA didn't detect any Spam inside received message
  C. E-mail message was successfully delivered to the destination SMTP server responsible for ccie.local domain D. There are two recipients of the email message
  E. The message was sandboxed and scanned by AMP/ThreatGRID file analysis
  A. E-mail message was not delivered successfully to the remote SMTP server yet, but it is queued by ESA for further delivery
  B. ESA didn't detect any Spam inside received message

• Question 343:

  Refer to the exhibit. One of the Windows machines in your network is having connectivity issues using 802.1x. Windows machines are setup to acquire an IP address from the DHCP server configured on the switch, which is supposed to hand out IP addresses from the 50.1.1.0/24 network, and forward AAA requests to the radius server at 161.1.7.14 using shared key "cisco". Knowing that interface Gi0/2 on switch may receive authentication requests from other devices and looking at the provided switch configuration, what could be the possible cause of this failure?

  aaa new model aaa authentication login default group radius aaa authentication login NO_AUTH none aaa authentication login vty local aaa authentication dot1x default group radius aaa authentication network default froup radius aaa accounting dot1x default start-stop group radius ! username cisco privilege 15 password 0 cisco dot1x system-auth-control ! interface GigabitEthernet0/2 switchport mode access ip access-group Pre-Auth in authentication open authentication port-control auto dot1x pae authenticator ! vlan 50 interface Vlan50 ip address 50.1.1.1 255.255.255.0 ! ip dhcp excluded-address 50.1.1.1 ip dhcp pool pc-pool network 50.1.1.0 255.255.255.0 default-router 50.1.1.1 ! ip access-list extended Pre-Auth permit udp any eq bootpc any eq bootps deny ip any any ! radius server ccie address ipv4 161.1.7.14 auth-port 1645 acct-port 1646 key cisco ! line con 0 login authentication NO_AUTH line vty 0 4 login authentication vty

  A. an incorrect default route is pushed on supplicant from SW1
  B. 802.1x is disabled on the switch
  C. aaa network authorization is not configured
  D. authentication for multiple hosts not configured on interface Gi0/2
  E. an incorrect ip address is configured for SVI 50
  F. 802.1x authentication is not enabled on interface Gi0/2
  G. There is a RADIUS key mismatch
  D. authentication for multiple hosts not configured on interface Gi0/2

• Question 344:

  Which statement is true regarding SSL policy implementation in a Firepower system?

  A. Access control policy is invoked first before the SSL policy tied to it
  B. If SSL policy is not supported by the system then access control policy handles all the encrypted traffic
  C. Access control policy is required for the SSL policy implementation
  D. Intrusion policy is mandatory to configure the SSL inspection
  E. If Firepower system cannot decrypt the traffic, it allows the connection.
  F. Access control policy is responsible to handle all the encrypted traffic if SSL policy is tried to it.
  C. Access control policy is required for the SSL policy implementation

• Question 345:

  Which two statements about AMP Threat Grid are true? (Choose two)

  A. It can transmit suspected malware to the public AMP threat Grid cloud for deeper analysis
  B. It provides two separate on premises appliances to support powerful malware analysis and threat intelligence features.
  C. It provides dynamic analysis reports and generates threat scores
  D. It supports real time threat and behavioral analysis
  E. It can be installed on individual endpoints to inspect local files for malware
  F. It can act as an anomymized proxy to transport endpoint prevent data to the public AMP Threat Grid cloud for threat detection
  B. It provides two separate on premises appliances to support powerful malware analysis and threat intelligence features.
  C. It provides dynamic analysis reports and generates threat scores

• Question 346:

  Which two statements about a wireless access point configured with the guest-mode command are true? (Choose two)

  A. It can support more than once guest mode SSID.
  B. It supports associations by clients that perform passive scans.
  C. It allows clients configured without SSIDs to associate.
  D. It allows associated clients to transmit packets using its SSID
  E. If one device on a network is configure in guest-mode, clients can use the guest-mode SSID to connect to any device in the same network.
  B. It supports associations by clients that perform passive scans.
  C. It allows clients configured without SSIDs to associate.

• Question 347:

  Which command sequence can you enter to enable IP multicast for WCCPv2?

  A. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0 Router(config-if)#ip wccp web-cache redirect out
  B. Router(config)#ip wccp web-cache group-list Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache group-listen
  C. Router(config)#ip wccp web-cache service-list Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache group-listen
  D. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache redirect in
  E. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache group-listen
  E. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache group-listen

• Question 348:

  Which three statements ablout WCCP are true?(Choose three)

  A. If specific capability is missing from the Capabilities info Compoment, the router is assumed to support the default capability.
  B. The web cache transmits its capabilities as soon as it receives a receive ID from a router.
  C. The minimum WCCP-Fast Timers message interval is 500 ms.
  D. The assignment method supports GRE encapsulation for sending traffic
  E. If the packet return method is missing from a packet return method advertisement, the web cache uses the Layer2 rewrite method.
  F. The router must receive a valid receive ID before it negotiates capabilities.
  A. If specific capability is missing from the Capabilities info Compoment, the router is assumed to support the default capability.
  C. The minimum WCCP-Fast Timers message interval is 500 ms.
  F. The router must receive a valid receive ID before it negotiates capabilities.

• Question 349:

  Which mechanism is used by ISE to provide user information to WSA?

  A. SNMP
  B. IKEvl
  C. SSH
  D. pxGrid
  E. IKEv2
  F. TLS
  D. pxGrid

• Question 350:

  DRAG DROP

  Drag each IPsec term on the left to the definition on the right?

  Select and Place: