Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 481:

  Which two statements about the Cisco FireAMP solution are true?

  A. When a FireAMP Connector detects malware in network traffic, it generates a malware event and a network event
  B. It can perform dynamic analysis in the FireAMP Private Cloud
  C. The FireAMP Connector can provide information about potentially malicious network connections
  D. The FireAMP Private Cloud can act as an anonymized proxy to transport endpoint event data to the AMP public cloud for disposition lookups
  E. The FireAMP Connector can detect malware in network traffic and when files are downloads and executed
  F. The FireAMP private Cloud provides an on-premises option for file disposition lookups and retrospective event generation
  G. The FireAMP connector is compatible with antivirus software on the endpoint, but you must configure an exclusion to prevent the Connector from scanning the antivirus directory
  B. It can perform dynamic analysis in the FireAMP Private Cloud
  F. The FireAMP private Cloud provides an on-premises option for file disposition lookups and retrospective event generation

• Question 482:

  Which effect of the ip nhrp map multicast dynamic command is true?

  A. It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface.
  B. It configures a hub router to automatically add spoke routers to the multicast replication list of the hub.
  C. It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs.
  D. it enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel.
  B. It configures a hub router to automatically add spoke routers to the multicast replication list of the hub.

• Question 483:

  Which two statements about NVGRE are true? (Choose two)

  A. It supports up to 32 million virtual segments per instance.
  B. The network switch handles the addition and removal of NVGRE encapsulation.
  C. NVGRE endpoints can reside within a virtual machine.
  D. It allows a virtual machine to retain its MAC and IP addresses when it is moved to a different hypervisor on a different L3 network.
  E. The virtual machines reside on a single virtual network regardless of their physical location.
  C. NVGRE endpoints can reside within a virtual machine.
  E. The virtual machines reside on a single virtual network regardless of their physical location.

• Question 484:

  DRAG DROP

  Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.

  Select and Place:

  

  

• Question 485:

  Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three)

  A. sysopt connection tcomss.
  B. nve-only
  C. default-mcast-group
  D. inspect vxlan
  E. set ip next-hop verity-availability
  F. segment-id
  B. nve-only
  C. default-mcast-group
  F. segment-id

• Question 486:

  

  Refer to the exhibit. What are two effects of the given configuration? (Choose two)

  A. It enables the ASA to download the static botnet filter database.
  B. It enables the ASA to download the dynamic botnet filter database.
  C. It enables botnet filtering in single context mode.
  D. It enables botnet filtering in mutiple context mode.
  E. It enables multiple context mode.
  F. It enables single context mode.
  B. It enables the ASA to download the dynamic botnet filter database.
  D. It enables botnet filtering in mutiple context mode.

• Question 487:

  Which three statement about PKI on Cisco IOS Software are true? (Choose three)

  A. OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.
  B. The match certificate and allow expired-certificate commands are ignored unless the router clock is set.
  C. If a certificate-based ACL specifies more than one field ,any one successful field-to-value test is treated as a match
  D. OCSP enables a PKI to use CRL without time limitations.
  E. Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.
  F. Different OCSP servers can be configured for different groups of client certificates.
  A. OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.
  E. Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.
  F. Different OCSP servers can be configured for different groups of client certificates.

• Question 488:

  In FMC, which two elements can the correlation rule be based on? (Choose two.)

  A. authorization rule
  B. Security Group Tag mapping
  C. discovery event
  D. user activity
  E. database type
  F. authentication condition
  G. Change of Authorization
  H. Network Device Admisson Control
  C. discovery event
  D. user activity

• Question 489:

  Which protocol does ISE use to secure connection through the Cisco IronPort Tunnel infrastructure?

  A. TLS
  B. SNMP
  C. IKEv1
  D. SSH
  E. IKEv2
  D. SSH

• Question 490:

  Which two characteristics correctly identify attributes of LPWA technologies? (Choose two)

  A. Supports high-throughput bandwidth requirements
  B. Provides better Quality of Service features than NB-loT
  C. Supports over-the-air distances of over 30km
  D. capable of using unlicensed technologies such as SigFox
  E. End-device with battery life lasting over 10 years
  D. capable of using unlicensed technologies such as SigFox
  E. End-device with battery life lasting over 10 years