400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 451:
Refer to the exhibit. RlS is building a Site-To-Site IPSec certificate based VPN tunnel with peer at 20.1.7.16. TheCA is running at port 80 on address 172.16.100.18. R15 has a BGP peer at 20.1.6.18 doing an authenticated session to establish reachability with the VPN remote site. The VPN tunnel secures traffic between 192.168.15.0/24 and 192.168.16.0/24 network. It has been reported that VPN tunnel is not coming up with the remote site. Which two possible issues are true? (Choose two)
A. Incorrect trustpoint configuration
B. Incorrect BGP peer configuration
C. Incorrect static route
D. Incorrect transform set configuration
E. Incorrect crypto map configuration
F. Incorrect ISAKMP policy configuration
G. Incorrect ACL defined for the traffic encryption -
Question 452:
%ASA-and-110001: No route to
from Refer to the exhibit. Which meaning of this error message on a Cisco ASA is true?
A. The route map redistribution is configured incorrectly.
B. The default route is undefined.
C. packed was denied and dropped by an ACL.
D. The host is connected directly to the firewall. -
Question 453:
Which of the following is one of the requirements for the FTD high Availability setup?
A. Units should not have any uncommitted changes on FMC and should be fully deployed.
B. Units should have DHCP configured for the interfaces.
C. Units should be configured in transparent mode.
D. Units should not synchronize using the same NTP source.
E. Units should be configured in routed mode.
F. Units should be in different domains in FMC.
G. Units should have the same major software version running on them, minor and maintenance version could be different. -
Question 454:
Which statement is true about Dual-Hub DMVPN implementation where each spoke has two connections, one to each hub via different ISPs?
A. It does not allow multipoint GRE tunnel
B. It does not allow tunnel protection using IPsec
C. It allow NHRP authentication
D. It uses two tunnel interface on each hub to terminate connection from each spoke.
E. It uses a single tunnel interface on a spoke to connect two different hubs.
F. It uses point-to-point GRE tunnel . -
Question 455:
What technique can an attacker use to obfuscate a malware application payload, allowing it to bypass standard security mechanisms?
A. Teredo tunneling
B. A PE32 header
C. Steganography
D. BASE64
E. Decryption -
Question 456:
Which statement about SenderBase sender-reputation filtering approaches on the Cisco SA is true?
A. The conservative approach provides near zero false positives at the cost lower performance
B. The aggressive approach provides near zero false positives at the cost of lower performance
C. The aggressive approach provides maximum performance at the cost of numerous false positives
D. The moderate approach provides maximum performance with some false positives
E. The conservative approach provides good performance with near zero false position
F. The moderate approach combines high performance with some false positive -
Question 457:
Refer to the exhibit. Which service of feature must be enabled on 209.165.200.255 to produce the given output?
A. the Finger service
B. a BOOTP server
C. a TCP small server
D. the PAD service -
Question 458:
Drag LDAP queries used by ESA to query LDAP server on the left to its functionality on the right
Select and Place:
-
Question 459:
Which two statements about the Cisco AnyConnect VPN Client are true? (Choose two)
A. It can use an SSL tunnel and a DTLS tunnel simultaneously.
B. It enables users to manage their own profiles.
C. It can be configured to download automatically without prompting the user.
D. By default, DTLS connections can fall back to TLS.
E. To improve security, keepalives are disabled by default. -
Question 460:
Policy Sets in ISE are used to:
A. Create different Authorization Policies for a single authentication policy
B. Create different authentication policies for different uses cases while using a single authorization policy.
C. Create different Authentication and Authorization policies for distinct use cases.
D. To create exception rules.
E. To keep RADIUS and TACACS + policies separate from each other.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.