1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 361:

    What does NX-API use as its transport?

    A. SCP
    B. FTP
    C. SSH
    D. SFTP
    E. HTTP/HTTPS

  • Question 362:

    Which statement about VRF-aware GDOI group members is true?

    A. The GM cannot route control traffic through the same VRF as data traffic.
    B. Multiple VRFs are used to separate control traffic and data traffic.
    C. Registration traffic and rekey traffic must operate on different VRFs.
    D. IPsec is used only to secure data traffic.

  • Question 363:

    Which three of these are properties of RC4? (Choose three)

    A. It is a block cipher.
    B. It is a stream cipher.
    C. It is used in AES.
    D. It is a symmetric cipher.
    E. It is used in SSL.
    F. It is an asymmetric cipher.

  • Question 364:

    What are three pieces of data you should review in response to a supported SSL MITM attack? (Choose three)

    A. the MAC address of the SSL server
    B. the MAC address of the attacker
    C. the IP address of the SSL server
    D. the X.509 certificate of the attacker
    E. the X.509 certificate of the SSL server
    F. the DNS name of the SSL server

  • Question 365:

    Which two statments about 6to4 tunneling are true?(Choose two)

    A. It provides a /128 address block.
    B. It supports static and BGPV4 rouging
    C. It provides a /48 address block.
    D. It supports managed NAT along the path of the tunnel.
    E. The prefix address of the turnnel is determined by the IPv6 configuration of the interface.
    F. It supports multihoming

  • Question 366:

    Which of the following is true regarding OSPFv2 configuring on ASA?

    A. It does not support stub area and not-so-stubby area.
    B. ASA can exist as ABR but not as ASBR.
    C. It supports virtual links
    D. It only supports MD5 authentication with the peers.
    E. Routing decision is based on the hop counts to the destination.
    F. It allows to configure only one routing process.

  • Question 367:

    While troubleshooting access to site www.cisco.com. you notice the following access_logs line in Cisco Web Security Appliance (WSA):

    Which two of the following statements are true regarding this request? (Choose two.)

    A. The request matched W_LIST Access Policy
    B. WSA allowed traffic from client 10.10.42.42 to https://www.cciedomain.com
    C. The request matched Default Access Policy
    D. WSA allowed traffic from client 10.10.42.42 to https://www.cciedomain.com
    E. www.cciedomain.com (or subdomains of cciedomain.com) are part of a custom URL category
    F. WSA blocked traffic from client 10.10.42.42 to https://www.cciedomain.com

  • Question 368:

    Which two limitations of ISE inline posture are true? (Choose Two)

    A. The Cisco Discovery Protocol is not supported.
    B. Multicast is not supported.
    C. Flexible NetFlow is not supported.
    D. The Simple Network Management Protocol agent is not supported.
    E. QoS is not supported in a virtual environment.

  • Question 369:

    Which command is used to enable 802.1x authorization on an interface?

    A. authentication open
    B. aaa authorization auth-proxy default
    C. authentication control-direction both
    D. aaa authorization network default group tacacs+
    E. authentication port-control auto

  • Question 370:

    In FMC the correlation rule could be based on which two elements? (Choose two.)

    A. Authorization rule
    B. Intrusion event
    C. CoA (Change of authorization)
    D. Traffic profile Variation E. NDAC (Network Device Admission Control)
    F. SGT (Security Group TAG) mapping
    G. Database type
    H. Authentication condition

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.