1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 401:

    Which two statements SCEP are true?(Choose two)

    A. CA servers must support GetCACaps response messages in order in implement extended functionality.
    B. The GetCRL exchange is signed and encrypted only in the response direction
    C. It is vulnerable to downgrade attacks on its cryptographic capabilities.
    D. The GetCACaps response message supports DES encryption and the SHA - 128 hashing algorithm
    E. The GetCRL exchange is signed and encrypted only in the response direction

  • Question 402:

    Which of the following statements correctly describe how DMVPN can be used to provide network segmentation over public transport networks?

    A. The DMVPN hub and spokes must use the same VRF for a given DMVPN cloud.
    B. The tunnel vrf command under the tunnel interface is used to associate clear text data packets with a VRF.
    C. DMVPN can be used to transport MPLS packets inside of an mGRE tunnel D. The vrf forwarding command under the tunnel interface is used to associate encrypted packets with a VRF.
    E. The front door VRF for DMVPN is defined under the isakmp profile.

  • Question 403:

    Refer to the exhibit. Which statement about router R1 is true?

    R1# dir nvram: Directory of nvram:/ 51 -rw- 993 startup-config 52 ---- 3004 private-config 1 ---- 15 persistent-data 2 -rw- 272 config.pub 3 -rw- 963 config.prv 4 -rw- 0 ifIndex-table

    A. Its startup configuration is missing.
    B. Its NVRAM contains public and private crypto keys.
    C. RMON is configured.
    D. Its running configuration is missing.
    E. Its private-config is corrupt.

  • Question 404:

    Which three statement about SXP are true? (Choose three)

    A. It resides in the control plane, where connections can be initiated from a listener.
    B. Packets can be tagged with SGTs only with hardware support.
    C. Each VRF support only one CTS-SXP connection.
    D. To enable an access device to use IP device tracking to learn source device IP addresses, DHCP snooping must be configured.
    E. The SGA ZBFW uses the SGT to apply forwarding decisions.
    F. Separate VRFs require different CTS-SXP peers , but they can use the same source IP addresses.

  • Question 405:

    Refer to the exhibit. Flexible NetFlow is failing to export IPv6 flow records from Router A to your flow collector, what action can you take to allow the IPv6 flow records to be sent to the collector?

    A. Remove the ip cef command from the configuration.
    B. Add the ipv6 cef command to the configuration.
    C. Create a new flow exporter with an IPv6 destination and apply it to the flow manitor.
    D. Set the NetFlow export protocol to v5
    E. Configure the output-features command for the IPV4-Exporter.

  • Question 406:

    Refer to the exhibit. Which data format is used in this script?

    A. JSON
    B. YANG
    C. API
    D. XML
    E. JavaScript

  • Question 407:

    Which two statements about role-based access control are true?(Choose two)

    A. The user profile on an AAA server is configured with the roles that grant user privileges.
    B. If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.
    C. Server profile administrators have read and write access to all system logs by default.
    D. A view is created on the Cisco IOS device to leverage role-based access controls.
    E. Network administrators have read and write access to all system logs by default

  • Question 408:

    DRAG DROP

    Select and Place:

  • Question 409:

    Which statement about Password Authentication Protocol is true?

    A. RADIUS based PAP authentication logs successful authentication attempts only.
    B. Its password in encrypted with a certificate.
    C. It offers strong protection against brute force attacks.
    D. RADIUS based PAP authentication is based on the RADIUS Password attribute
    E. It is the most secure authentication method supported for authentication against the internal Cisco ISE database
    F. It uses a two-way handshake with an encrypted password

  • Question 410:

    Refer to the exhibit. It has been reported that IP Phone is not able to establish connectivity after performing port authentication. Which possible issues is the reason?

    A. Possible issue with the access list applied on the port
    B. Due to multiple device authentication enabled on port
    C. Authentication order should be reversed
    D. Possible issue with dhcp pool configuration
    E. Possible issue with the session DACL
    F. Due to multiple domain authentication enabled on port

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.