400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 441:
Refer to the exhibit. What IPsec function does the given debug output demonstrate?
A. setting SPIs to pass traffic
B. DH exchange initiation
C. crypto ACL confirmation
D. PFS parameter negotiation -
Question 442:
Refer to the exhibit. Which two effects of this configuration are true? (Choose two)
A. The BGP neighbor session between R1 and R2 re-establishes after 100 minutes.
B. A warning message is displayed on R2 after it receives 50 prefixes.
C. A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1.
D. The BGP neighbor session between R1 and R2 re-establishes after 50 minutes.
E. The BGP neighbor session tears down after R1 receive 100 prefixes from neighbor 1.1.1.1.
F. The BGP neighbor session tears down after R1 receive 200 prefixes from neighbor 2.2.2.2. -
Question 443:
Which statement is true a SMURF attack?
A. The attacker uses spoofed destination address to launch the attack
B. It sends ICMP Echo Requests to a broadcast address of a subnet
C. In order to mitigate the attack you need to enable IP directed broadcast on the router interface
D. It sends ICMP Echo Replies to Known ip addresses in a subnet
E. It is used by the attackers to check if destination addresses are alive
F. It exhausts the victim machine resources with large number of ICMP Echo Requests from a subnet -
Question 444:
All your employees are required to authenticate their devices to the network, be it company owned or employee owned assets, with ISE as the authentication server. The primary identity store used is Microsoft Active directory, with username and password authentication. To ensure the security of your enterprise, your security policy dictates that only company owned assets should be able to get access to the enterprise network, while personal assets should have restricted access. Which option would allow you to enforce this policy using only ISE and Active Directory?
A. Configure an authentication policy that uses the computer credentials in Active Directory to determine whether the device is company owned or personal.
B. This would require deployment of a Mobile Device Management (MDM) solution, which can be used to register all devices against the MDM server, and use that to assign appropriate access levels.
C. Configure an authentication policy that checks against the MAC address database of company assets in ISE endpoints identity store to determine the level of access depending on the device.
D. Configure an Authorization policy that checks against the MAC address database of company assets in ISE endpoint identity store to determine the level of access depending on the device.
E. Configure an authorization policy that assigns the device the appropriate profile based on whether the device passes Machine Authentication or not. -
Question 445:
Refer to the exhibit.
The AMP cloud is configured to report AMP Connector scan events from Windows machines that belong to the Audit group to the FMC. However, the scanned events are not showing up in the FMC.
Which possible cause is true?
A. An incorrect group is selected for the events export in the AMP cloud for FMC.
B. The DNS address is misconfigured on the FMC.
C. The AMP cloud is pointing to an incorrect FMC address
D. The event must be viewed as a malware event in the FMC
E. The FMC is pointing to an incorrect AMP cloud address
F. There is a possible issue with certificate download from the AMP cloud for FMC integration -
Question 446:
A new computer is not getting its IPv6 address assigned by the router. While running WireShark to try to troubleshoot the problem, you find a lot of date that is not helpful to nail down the problem. What two filters would you apply to WireShark to filter the data that you are looking for?(Choose two)
A. icmpv6.type == 135
B. icmpv6type == 136
C. icmpv6.type == 136
D. icmpv5type == 135
E. icmpv6type == 135 -
Question 447:
Refer to the exhibit The ASA at 150.1.7.43 is configured to receive the ip address to SGT mapping from ISE at 161.1.7.14 Which statement about this packet capture from Wireshark is true?
A. The RADIUS connection keep alive using TCP originated from ISE
B. The SXP message uses TCP port 64999 tor connection termination
C. The TACACS connection keep alive using UDP originated from ASA
D. The SXP keep alive message using TCP originated from ASA
E. The ISE keep alive message for NDAC connection using TCP originated from ASA
F. The SXP message uses MD5 for packet encryption
G. The NTP keep alive message using UDP originated "from ISE -
Question 448:
What are three technologies that can be used to trace the source of an attack in a network environment with multiple exit/entry points? (Choose three)
A. ICMP Unreachable messages
B. Sinkholes
C. A honey pot
D. Remotely-triggered destination-based black holing
E. Traffic scrubbing -
Question 449:
Which statement about Cisco VSG functionality is true?
A. It allows administrative segregation, which allows the security administrator to author and manage port profiles
B. It applies the security profile only after VM instantiation
C. It does not allow extension of zone-based firewall capabilities to VMs on VXLAN
D. It allows active/active failover operation mode when deployed as a high availability pair
E. It provides trusted access to VMs in an enterprise data center
F. It does not allow the third-party orchestration tool to interact with XML APis for its provisioning -
Question 450:
When Cisco Web Security Appliance (WSA) is configured for the first time, how is WSA GUI interface accessed?
A. https://$ManegementIP:443
B. http://$ManegementIP:8080
C. https://$ManegementIP:8080
D. https://$ManegementIP:8443
E. http://$ManegementIP:8443
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.