1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 531:

    Which two types of ipv6 capabilities does Cisco ISE release 2.0 support? (Choose two)

    A. Enable DHCP for 1Pv6
    B. Ability to add IPv6 addresses in host local table
    C. Ability to only detect 1Pv6 traffic from endpoints
    D. Ability to traceroute IPv6
    E. Ability to configure IPv6 static routes

  • Question 532:

    What are three pieces of data you should review in response to a supported SSL MITM attack?

    A. the MAC address of the SSL server
    B. the MAC address of the attacker
    C. the IP address of the SSL server
    D. the X.509 certificate of the attacker
    E. the X.509 certificate of the SSL server
    F. the DNS name of the SSL server.

  • Question 533:

    Which policy action allows to pass without any further inspection by the intrusion when implementing Cisco Firepower access control policy?

    A. Pass
    B. Interactive block
    C. Allow
    D. Monitor
    E. Block
    F. Trust

  • Question 534:

    Which three VSA attributes are present in a RADIUS WLAN Access-Accept packet? (Choose three)

    A. Tunnel-Private-Group-ID
    B. Tunnel-Type
    C. SSID
    D. EAP-Message
    E. LEAP Session-Key
    F. Authorization-Algorithm-Type

  • Question 535:

    Which entity is responsible for the Stealthwatch Management Center to interact with ISE?

    A. FMC
    B. DNA
    C. pxGrid
    D. ASA
    E. Threat Grid
    F. NGIPS

  • Question 536:

    Refer to the exhibit. A customer has opened a case with Cisco TAC reporting an issue that one of the Windows client supported to logion to the network using MAB is no longer able to access any allowed resources. Looking at the configuration of the switch. What cloud be the possible issue?

    aaa authentication login default group radius aaa authentication login NO_AUTH none aaa authentication login vty local aaa authentication dotix default group radius aaa authentication network default group radius aaa accounting update newinfo aaa accounting dotix default start-stop group radius ! ip dhcp excluded-address 60.1.1.11 ip dhcp excluded-address 60.1.1.2 ! ip dhcp pool mabpc-pool network 60.1.1.0.255.255.255.0 default-router 60.1.1.2 ! cts sxp enable cts sxp default source-ip 10.9.31.22 cts sxp default password ccie cts sxp connection peer 10.9.31.1 password default mode peer listener hold-time 0 ! dotix system-auth-control !

    interface GigabitEthernet1/0/9 switchport mode access ip device tracking maximum 10 authentication host-mode multi-auth authentication port-control auto mab ! radius-server host 161.1.7.14 key cisco radius-server timeout 60 ! interface Vlan10 ip address 10.9.31.22.255.255.255.0 ! interface Vlan50 no ip address ! interface Vlan60 ip address 60.1.1.2.255.255.255.0 ! interface Vlan150 ip address 150.1.7.2.255.255.255.0

    A. CoA configuration is missing.
    B. Switch configuration is properly configured and the issue is on the radius server.
    C. Incorrect CTS configuration on the switch.
    D. The VLAN configuration is missing on the authentication port.
    E. There is an Issue with DHCP pool configuration.
    F. AAA authorization is incorrectly configured.

  • Question 537:

    Which of these command sequences will send an email to [email protected] using SMTP?

    A. HELO invalid.com MAIL TO: MESSAGE END
    B. MAIL FROM: RCPT TO: DATA
    C. HELO invalid.com MAIL FROM: RCPT TO: BODY
    D. MAIL FROM: RCPT TO: MESSAGE

  • Question 538:

    Which statement is correct about MTA, ESA, and LDAP working together?

    A. The LDAP initiates local query to route the incoming messages triggered by ESA.
    B. The sending MTA acts on the query results from LDAP server to route the message.
    C. The ESA initiates the LDAP query and act upon the data received from LDAP server.
    D. The ESA initiates the LDAP query and forwards the results to sending MTA for routing,
    E. The sending MTA initiates LDAP query and forwards results to ESA for message authentication.

  • Question 539:

    Which criteria does ASA use for packet classification if multiple contexts share an ingress interface MAC address?

    A. policy-based routing on ASA
    B. destination MAC address
    C. ASA ingress interface IP address
    D. ASA NAT configuration
    E. destination IP address
    F. ASA ingress interface MAC address
    G. ASA egress interface IP address

  • Question 540:

    Which three statements about the keying methods used by MACSec are true?(Choose three)

    A. SAP is not supported on swicht SVLs.
    B. SAP is supported on SPAN destination ports
    C. MKA is implemented as an EAPlL packet exchange
    D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA
    E. SAP is enabled by default for Cisco TrustSec in manual configuration mode.
    F. A valid mode for SAP is NULL

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.