Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 391:

  Which two statements about the Cognitive Threat Analytics feature of Cisco AMP for Web Security are true? (Choose two)

  A. It can locate and identify indicators of prior malicious activity on the network and preserve information for forensic analysis.
  B. It can identify potential data exfiltration.
  C. It uses a custom virtual appliance to perform reputation-based evaluation and blocking of incoming files.
  D. It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats.
  E. It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity.
  F. It can identify anomalous traffic within the network by comparing it to an established baseline of expected activity.
  B. It can identify potential data exfiltration.
  F. It can identify anomalous traffic within the network by comparing it to an established baseline of expected activity.

• Question 392:

  An organization is deploying FTD in the data center. Productions tests are performed after the appliances have been connected; however, ping tests to resources behind the firewall are failing. This firewall has two interfaces, INSIDE and OUTSIDE. The problem might be in either direction. The failed testing scenario is from the OUTSIDE. Which two commands can be used as an initial step to troubleshoot the situation and determine where the issue might be?(Choose two)

  A. Packet-tracer input inside
  B. Packet-tracer input inside
  C. Packet-tracer input outside
  D. Packet-tracer input outside
  E. Packet-tracer input outside
  F. Packet-tracer input inside
  A. Packet-tracer input inside
  C. Packet-tracer input outside

• Question 393:

  Which three HTTP methods are supported by a REST API? (Choose three.)

  A. RETRIEVE
  B. POST
  C. SET
  D. PUT
  E. COPY
  F. GET
  B. POST
  D. PUT
  E. COPY

• Question 394:

  

  Refer to the exhibit.Which two effects of this configuration are true?(Choose two)

  A. Configuration commands on the router are authorized without checking the TACACS+ server
  B. When a user logs in to privileged EXEC mode, the router will track all user activity
  C. Requests to establish a reverse AUX connection to the router will be authorized against the TACACS+ server
  D. When a user attempts to authenticate on the device, the TACACS+ server will prompt the user to enter the username stored in the router's database
  E. If a user attempts to log in as a level 15 user, the local database will be used for authentication and the TACACS+ will be used for authorization
  F. It configures the router's local database as the backup authentication method for all TTY, console, and aux logins
  A. Configuration commands on the router are authorized without checking the TACACS+ server
  B. When a user logs in to privileged EXEC mode, the router will track all user activity

• Question 395:

  Which of the following statement about Cisco Web Security Appliance is true?

  A. Cisco Web Security Appliance (WSA) Management interface can be accessed using GUI interface only
  B. Cisco Web Security Appliance (WSA) has HTTPS decryption services enabled by default
  C. HTTPS access to WSA's Management interface is enabled by default
  D. FTP access to WSA's Management interface is enabled by default
  C. HTTPS access to WSA's Management interface is enabled by default

• Question 396:

  Which WEP configuration can be exploited by a weak IV attack?

  A. When the static WEP password has been stored without encryption.
  B. When a per-packet WEP key is in use.
  C. When a 64-bit key is in use.
  D. When the static WEP password has been given away.
  E. When a 40-bit key is in use.
  F. When the same WEP key is used to create every packet.
  F. When the same WEP key is used to create every packet.

• Question 397:

  Which statement is true regarding the failover link when ASAs are configured in a failover mode?

  A. The information sent over the failover link cannot be in dear text
  B. Failover key is not required for the secure communication over the failover link
  C. Configuration replication sent across the link can be secured using a failover key
  D. The information sent over the failover link cannot be in dear text but it could be secured communication using a failover key
  E. It is not recommended to use secure communication over failover link when ASA terminating the VPN tunnel.
  F. The information sent over the failover link can only be sent as a secured communication
  C. Configuration replication sent across the link can be secured using a failover key

• Question 398:

  Which security capability can best prevent zero-day malware and attacks?

  A. Intrusion Prevention System
  B. Threat Intelligence
  C. Identity and Access Management
  D. Anti-Virus
  E. Stateful Firewall
  B. Threat Intelligence

• Question 399:

  Which security capability can best prevent compromised inside victim machines from connecting to the attacker's command and control infrastructure?

  A. Identity and Access Management
  B. DNS Security
  C. Stateful Firewall
  D. Anti-Virus
  E. Intrusion Prevention System
  A. Identity and Access Management

• Question 400:

  A user attempts to brose the internet through a CWS-integrated router, and the HTTP 403 Forbidden error message is returned. Which reason for the problem is the most likely?

  A. The connection timed out
  B. The CWS license has expired
  C. The user attempted to access a web site that is blocked by CWS policy
  D. User authentication failed
  E. The user is not logged in to CWS
  F. The CWS connector is down
  B. The CWS license has expired