1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 471:

    In OpenStack, which two statements about the NOVA component are true? (Choose two)

    A. It provides the authentication and authorization services.
    B. It launches virtual machine instances.
    C. It is considered the cloud computing fabric controller.
    D. It provides persistent block storage to running instances of virtual machines.
    E. It tracks cloud usage statistics for billing purposes.

  • Question 472:

    Which function of MSE in the WIPS architecture is true?

    A. detects over-the-air traffic network anomalies and attacks
    B. scans channels without impacting data-serving radios
    C. provides view of security threats
    D. performs the correlation of security events
    E. channel to connect with ISE to implement CoA
    F. applies rogue policy to mitigate rogue threats
    G. detect rogue APs

  • Question 473:

    Which of the following security services is available on Cisco Email Security Appliance (ESA)?

    A. Cisco Image Analysis
    B. Virus Offload Filters
    C. HTTP load-balancing
    D. Trend Micro Anti-Virus Engine

  • Question 474:

    Refer to the exhibit. What feature must be implemented on the network to produce the given output?

    A. CAR
    B. PQ
    C. WFQ
    D. NBAR
    E. CQ

  • Question 475:

    Which statements is an advantage of network segmentation?

    A. It enables efficient network monitoring due to a flat network.
    B. It takes less time to design a complex with segmentation as one of the critical requirements.
    C. It allows flat network design for better security implementation.
    D. It allows efficient containment of a security incident as the effect will be limited to local subnet.
    E. It improves network performance by having broadcast traffic not limited to local subnets.
    F. It allows users to access the resource even though they won't need to for better visibility.

  • Question 476:

    There is no ICMP connectivity from VPN_PC to Server 1 and Server 2. What could be the possible cause?

    A. The action is incorrect in the access rule
    B. The destination port configuration missing in the access rule
    C. The server network has incorrect mask in the access rule
    D. The VLAN tags configuration missing in the access rule
    E. The source network is incorrect in the access rule
    F. The zone configuration missing in the access rule

  • Question 477:

    Your customer wants to implement Cisco Firepower IPS and the requirement to start off with secure policy. However, a monitoring period of 2 weeks is applied to ensure that the policy is evaluated against real traffic without causing an outage before going in to full blocking mode. You decide to (???) of the default policies as a base and set the policy action to ensure that false positives are not dropped. Which two policies to achieve these requirements are true?

    A. Set IPs policy to trust
    B. Set IPs policy to Monitor
    C. Base the IPS policy on the default Advanced Security over Connectivity policy
    D. Base the IPS policy on the default Balanced Security and Connectivity policy
    E. Base the IPS policy on the default Connectivity over Security policy
    F. Base the IPS policy on the default Security over Connectivity policy
    G. Set IPS Policy to No Drop

  • Question 478:

    Which three statements about the keying methods used by MACSec are true? (Choose three)

    A. SAP is not supported on switch SVls.
    B. SAP is supported on SPAN destination ports.
    C. MKA is implemented as an EAPoL packet exchange.
    D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA.
    E. SAP is enabled by default for Cisco TrustSec in manual configuration mode.
    F. A valid mode for SAP is NULL.

  • Question 479:

    Which statement is true about Dual-Hub DMVPN implementation where each spoke has two connections, one to each hub via different ISPs?

    A. It does not allow multipoint GRE tunnel
    B. It does not allow tunnel protection using IPsec
    C. It allows NHRP authentication
    D. It uses two tunnel interface on each hub to terminate connection from each spoke.
    E. It uses a single tunnel interface on a spoke to connect two different hubs.
    F. It uses point-to-point GRE tunnel .

  • Question 480:

    Which two statements about the SeND protocol are true?(Choose two)

    A. It counters neighbor discovery threats.
    B. It must be enabled before you can configure IPv6 addresses.
    C. It supports numrous custom neighbor discovery messages
    D. It logs IPv6-related threats to an external log server
    E. It supports an autoconfiguration mechanism
    F. It uses IPsec as a baseline mechanism

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.