400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 501:
Refer to the exhibit. Which address is visible to the outside for the destination address with name "engineering int" ?
A. 60.1.1.1
B. 19.16.2.3
C. 192.168.2.3
D. 19.16.1.3
E. 192.168.1.3
F. 50.1.1.1
G. 161.1.7.14 -
Question 502:
Which statements is an advantage of network segmentation?
A. It enables efficient network monitoring due to a flat network.
B. It takes less time to design a complex network with segmentation as one of the critical requirements.
C. It allows flat network design for better security implementation.
D. It allows efficient containment of a security incident as the effect will be limited to local subnet.
E. It improves network performance by having broadcast traffic not limited to local subnets.
F. It allows users to access the resource even though they won't need to for better visibility. -
Question 503:
Which feature does Cisco VSG use to redirect traffic in a Cisco Nexus 1000v Series Switch?
A. VEM
B. VPC
C. VDC
D. vPath -
Question 504:
Which three options are fields in a CoA Request Response code packet? (Choose three)
A. calling-station-ID
B. identifier
C. state
D. length
E. acct-session-ID
F. authenticator -
Question 505:
Which two characteristics of DTLS are true?(Choose two)
A. It is used mostly by applications that use application layer object-protocols
B. It includes a congestion control mechanism
C. It completes key negotiation and bulk data transfer over a single channel.
D. It supports long data transfers and connectionless data transfers.
E. It cannot be used if NAT exists along the path.
F. It concludes a retransmission method because it uses an unreliable datagram transport. -
Question 506:
Which statement correctly describes AES encryption algorithm?
A. It does not use substitution and permutation principle
B. It uses three encryption keys of length 128, 192 and 256
C. Reapplying same encryption key three times makes it less vulnerable then 3DES
D. Theoretically 3DES is more secure then AES
E. It provides only data integrity
F. It uses the block of 64 bits -
Question 507:
Refer to the exhibit. R2 is getting time synchronized from NTP server R1. It has been reported that clock on R2 is not able to associate with the NTP server R1. What could be the possible cause?
A. R2 has incorrect NTP server address
B. R1 has incorrect NTP source interface defined
C. R2 has incorrect trusted key binded with the NTP server
D. R2 does not support NTP authentication
E. R2 should not have two trusted keys for the NTP authentication
F. R2 has connectivity issue with the NTP server -
Question 508:
Which three NETCONF datastores are valid? (Choose three)
A. candidate
B. running
C. startup
D. state
E. capabilities
F. notification -
Question 509:
Which statement is correct regarding the SenderBase functionality?
A. ESA sees a high negative score from SenderBase as very unlikely that sender is sending spam.
B. SenderBase uses DNS-based blacklist as one of the sources of information to define reputation score of sender's IP address.
C. WSA uses SenderBase information to configure URL filtering policies.
D. ESA uses destination address reputation information from SenderBase to configure mail policies.
E. SenderBase uses spam complaints as one of the sources of information of define reputation score of receiver IP address.
F. ESA sees a high positive score from SenderBase as very likely that sender is sending spam. -
Question 510:
Which markup language is used to format Ansible's playbook?
A. ADML
B. NAML
C. YAML
D. HTML
E. XML
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.