Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 491:

  Which description of configuring the port security feature for maximum number of MACs true?

  A. With regards to setting the maximum number of MACs for port security, it is possible to set maximum number of allowed MACs for the access and voice VLANs
  B. With regards to setting the maximum number of MACs for port security, it is possible to set maximum number of allowed MACs for the access VLAN only
  C. It is not possible to set the maximum number MACs on the access VLAN if voice VLAN is already configured on the same switch port
  D. With regards to setting the maximum number of port security, it is possible to set the maximum number of allowed MACs for the voice VLAN only as a phone can utilize more than one MACs.
  A. With regards to setting the maximum number of MACs for port security, it is possible to set maximum number of allowed MACs for the access and voice VLANs

• Question 492:

  

  Refer to the exhibit. Which effect of this configuration is true?

  A. It creates a resource class.
  B. It creates a default class.
  C. It oversubscribes VPN sessions for the given class.
  D. It allows each context to use all available resources.
  A. It creates a resource class.

• Question 493:

  Which option best describes RPL?

  A. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
  B. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two root border routers.
  C. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
  D. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router
  D. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router

• Question 494:

  If a packet capture is taken between ISE and an endpoint to capture an EAP-TLS session, you will be able to see.

  A. Certificate and associated private keys from endpoints only
  B. Certificate from ISE only
  C. Certificate from ISE and the endpoint
  D. Certificate and associated private keys from ISE only
  C. Certificate from ISE and the endpoint

• Question 495:

  Which statement about Health Monitoring on the Firepower System is true?

  A. When you delete a health policy that is applied to a device, the device reverts to the default health policy.
  B. If you apply a policy without active modules to a device, the previous health policy remains in effect unless you delete it.
  C. Health events are generated even when the health monitoring status is disabled.
  D. Descendant domains in a multi-domain deployment can view, edit, and apply policies from ancestor domains.
  E. The administrator of a descendant domain is unable to edit or delete blacklists applied by the administrator of an ancestor domain.
  F. The default health policy is automatically applied to all managed devices.
  C. Health events are generated even when the health monitoring status is disabled.

• Question 496:

  

  Refer to the exhibit. What is the maximum number of site-to-site VPNs allowed by this configuration?

  A. 10
  B. unlimited
  C. 5
  E. 1
  F. 15
  F. 15

• Question 497:

  Which statement about enabling SMTP encryption on ESA is true?

  A. It only allows certificates to be imported from CA
  B. TLS can be enabled only for receiving
  C. Enabling TLS for receiving goes under the Destination Controls menu of mall policies
  D. TLS can be enabled only for delivery
  E. It allows self-signed certificates to be used
  F. Enabling TLS is an optional step
  E. It allows self-signed certificates to be used

• Question 498:

  

  Refer to the exhibit. What feature does the given configuration implement?

  A. DHCP Secured IP Address Assignment
  B. DHCP snooping
  C. dynamic ARP learning
  D. ARP probing
  A. DHCP Secured IP Address Assignment

• Question 499:

  In your Corporate environment, you have various Active Directory groups based o the organizational structure and would like to ensure that users are only able to access certain resources depending on which groups(s) they belong to.This policy should apply across the network. You have ISE, ASA and WSA deployed, and would like to ensure the appropriate policies are present to ensure access is only based on the user's group membership. Addionally, you don't want the user to authenticate multiple times to get access. Which two ploicies are used to set this up? (Choose two)

  A. Deploy Cisco TrustSec Infrastructure, with ASA and WSA integrated with the ISE to transparently identity user based on SGT assignment. when the user authenticates to the network. The SGTs can then be used in access policies
  B. Deploy ISE, intergrate it with Active Directory, and based on group membership authirize the user to specific VLANs. These VLANs. These VLANs (with specific subnets) should then be used in access policies on the ASA as well as the WSA.
  C. Deploy a Single Sign-On Infrastructure such as Ping, and Integrate ISE, ASA and WSA with it. Access policies will be applied based on the user's group membership retrieved from the authentication Infrastructure.
  D. Configure ISE as an SSO Service Provider, and integrate with ASA and WSA using pxGrid. ASA and WSA will be able to extract the relevant identity information from ISE to apply to the access policies once the user has authenticated to the network.
  E. Integrate ISE, ASA and WSA with Active Directory. Once user is authenticated to the network through ISE, the ASSA and WSA will automatically extract the identity information from AD to apply the appropriate access policies.
  F. Configure ISE to relay learned SGTs for the authenticates sessions with the binded destination address using SXP ro SXp speakers that will be used to apply access policies at the traffic ingress point for segmentation
  A. Deploy Cisco TrustSec Infrastructure, with ASA and WSA integrated with the ISE to transparently identity user based on SGT assignment. when the user authenticates to the network. The SGTs can then be used in access policies
  C. Deploy a Single Sign-On Infrastructure such as Ping, and Integrate ISE, ASA and WSA with it. Access policies will be applied based on the user's group membership retrieved from the authentication Infrastructure.

• Question 500:

  Which action must happen before you enroll a devices to a mobile device management service from a different vendor?

  A. Wipe the entire device and start from scratch
  B. Allow both vendor profiles to remain on the device
  C. Remove the profiles from the previous vendor from the device
  D. Alert the administrator so that they can remove this device form the network
  C. Remove the profiles from the previous vendor from the device