Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 381:

  

  Refer to the exhibit. Flexible NetFlow is failing to export IPv6 flow records from Router A to your flow collector. What action can you take to allow the IPv6 flow records to be sent to the collector?

  A. Remove the ip cef command from the configuration.
  B. Add the ipv6 cef command to the configuration.
  C. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor.
  D. Set the NetFlow export protocol to v5.
  E. Configure the output-features command for the IPV4-EXPORTER.
  B. Add the ipv6 cef command to the configuration.

• Question 382:

  Which two options are important considerations when you use NetFlow to obtain the full picture of network taffic? (Choose two)

  A. It monitors only TCP connections.
  B. It monitors only routed traffic.
  C. It monitors all traffic on the interface on which it is deployed.
  D. It monitors only ingress traffic on the interface on which it is deployed.
  E. It is unable to monitor over time.
  C. It monitors all traffic on the interface on which it is deployed.
  E. It is unable to monitor over time.

• Question 383:

  

  There is no ICMP connectivity from VPN_PC to Server 1 and Server 2. What could be the possible cause?

  A. The destination port configuration missing in the access rule
  B. The source network is incorrect in the access rule
  C. The action is incorrect in the access rule
  D. The network address of the servers is configured incorrectly in the access rule
  E. The zone configuration missing in the access rule
  F. The VLAN tags configuration missing in the access rule
  D. The network address of the servers is configured incorrectly in the access rule

• Question 384:

  Which of the following is the correct rule with regards to Zone-Based Firewall implementation?

  A. Interface can be a member of only one zone.
  B. All the interfaces of the device cannot be the part of a same zone.
  C. If interface belong to a zone then the traffic to and from the interface is always allowed.
  D. By default traffic between the interfaces in the same zone is dropped.
  E. Zone pair cannot have a zone as both source and destination.
  F. If default zone is enabled then traffic from zone interface to non-zone interface will be dropped.
  A. Interface can be a member of only one zone.

• Question 385:

  Which of the following is true regarding OSPFv2 configuring on ASA?

  A. It support stub area and not-so-stubby area.
  B. ASA can exist as ABR but not as ASBR.
  C. It does not supports virtual links.
  D. It only supports MD5 authentication with the peers.
  E. Routing decision is based on the hop counts to the destination.
  F. It allows only one routing process.to configure.
  C. It does not supports virtual links.

• Question 386:

  ISE can be integrated with an MDM to ensure that only registered devices are allowed on the network, and use the MDM to push policies to the device. Devices can go in and out of compliance either due to policy changes on the MDM server, or another reason. Consider a device that has already authenticated on the network, and stays connected, but fails out of compliance. Which action can you take to ensure that a noncompliant device is checked periodically and reassessed before allowing access to the network?

  A. Enable change of authorization on MDM
  B. Fire-AMP connector scan can be used to relay posture information to ISE via FireAMP cloud
  C. The MDM agent periodically sends a packet with compliance info that the wireless controller can be used to limit network access
  D. Enable Period compliance checking on ISE
  E. Enable Change of authorization on ISE
  F. The MDM agent automatically disconnects the device from the network when it is noncompliant
  E. Enable Change of authorization on ISE

• Question 387:

  On which geographic basis can the Cisco Firepower NGFW filter traffic?

  A. Source and destination country and continent
  B. Source city and country
  C. Source country
  D. Source and destination city and country
  E. Source and destination country
  F. Source country and continent
  E. Source and destination country

• Question 388:

  Nexus 9000 Platform supports the following configuration management tools?

  Which configuration management tools does the Cisco Nexus 9000 platform support?

  A. Ansible
  B. Chef
  C. Jenkins
  D. Puppet
  E. Salt
  D. Puppet

• Question 389:

  Which statement about a social engineering attack is true?

  A. It is a method of extracting confidential information
  B. It is always performed through an email from a person that you know
  C. The phishing technique cannot be used to launch the attack
  D. It is always done by having malicious ads on untrusted websites for the users to browse
  E. it cannot be done by a person who is inside or outside or the organization
  F. It uses the reconnaissance method for exploitation
  A. It is a method of extracting confidential information

• Question 390:

  Which statement about OSPFv2 configuration on ASA is true?

  A. ASA can exist as ABR but not as ASBR.
  B. It allows only one routing process to be configured.
  C. It does not support virtual links.
  D. It only support MD5 authentication with the peers.
  E. Routing decision is based on the hop counts to the destination.
  F. It supports stub areas and not-so-stubby areas.
  F. It supports stub areas and not-so-stubby areas.