1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 541:

    Which three messages are part of the SSL protocol?(Choose three)

    A. Message Authentication
    B. CipherSpec
    C. Record
    D. Alert
    E. Change CipherSpec
    F. Handshake

  • Question 542:

    You are verifying the access to the site www.ccie.local and found the following two log lines in WSA access logs:

    Which of the following statement is true, based on logs shown above?

    A. The request matched Education predefined URL category
    B. End-user, with IP of 10.10.10.10, got the content of site www.ccie.local shown in browser using HTTPS protocol
    C. End-user, with IP of 10.10.10.10, got the content of site www.ccie.local shown in browser using HTTP protocol
    D. The end-user, with IP of 10.10.10.10 needed to authenticate towards the server www.ccie.local

  • Question 543:

    Which of the following is AMP Endpoint offline engine for windows?

    A. ClamAV
    B. ClamAMP
    C. TETRAAMP
    D. TETRA

  • Question 544:

    The SAML Single Sign-On on ISE is supported by which four portals? (Choose four)

    A. Sponsor Portal
    B. BYOD Portal
    C. Employee Portal
    D. Contractor Portal
    E. Guest Portal (sponsored and self-registered)
    F. My devices Portal
    G. Wireless Client Portal
    H. Certificate Provisioning Portal

  • Question 545:

    Which statement about stealth scan is true?

    A. It evades network auditing tools
    B. It relies on ICMP "port unreachable" message to determine if the port is open
    C. It Is used to find the ports that already have an existing vulnerability to exploit
    D. It checks the firewall deployment In the path
    E. It never opens a full TCP connection
    F. It is a directed scan to a known TCP/UDP port

  • Question 546:

    WannaCry uses the SMB protocol {TCP 445, UDP 137-138, TCP 139} to propagate through the network. Which ACLs do you implement on your ASA to block the WannnaCry attack on your perimeter ASA firewall?

    A. Implement the following ACLs on your ASA: access-list global_acl extended deny tcp eq 445 any eq 445 access-list global_acl extended deny tcp any eq 139 any eq 139 access-list global_acl extended deny udp any eq 138 any eq 138 access-list global_acl extended deny udp any eq 139 any eq 139 access-group global global_acl
    B. Implement the following ACLs on your ASA: access-list outside_in extended deny tcp any any eq 445 access-list outside_in extended deny tcp any any eq 139 access-list outside_in extended deny udp any any eq 138 access-list outside_in extended deny udp any any eq 139 access-list outside_in in interface outside
    C. Implement the following ACLs on your ASA: access-list global_acl extended deny tcp any any eq 445 access-list global_acl extended deny tcp any any eq 139 access-list global_acl extended deny udp any any eq 138 access-list global_acl extended deny udp any any eq 139 access-list global_acl global
    D. Implement the following ACLs on your ASA: access-list global_acl extended deny tcp any any eq 445 access-list global_acl extended deny tcp any any eq 139 access-list global_acl extended deny udp any any eq 138 access-list global_acl extended deny udp any any eq 139 access-group global global_acl
    E. Implement the following ACLs on your ASA: access-list global_acl extended deny tcp eq 445 any eq 445 access-list global_acl extended deny tcp any eq 139 any eq 139 access-list global_acl extended deny udp any eq 138 any eq 138 access-list global_acl extended deny udp any eq 139 any eq 139 access-group global_acl global

  • Question 547:

    Which statement correctly describes Botnet attack?

    A. It is launched by a single machine controlled by command and control system
    B. It can be used to participate in DDoS
    C. It is launched by a collection of noncom promised machines controllers by command and control system
    D. It is a form of a man-in-the-middle attack where the compromised machine is controlled remotely
    E. It is a form of a fragmentation attack to evade an intrusion prevent ion security device
    F. It is a form a wireless attack where attacker installs an access point to create backdoor to a network

  • Question 548:

    Which statement about the SDN framework environment is true?

    A. The data plane is controlled by a centralized SDN element
    B. The control plane is pulled from the networking element and put in a SDN controller
    C. The data plane is pulled from the networking element and put in a SDN controller
    D. The control plane and data plane are pulled from the networking element and put in a SDN controller and SON agent E. The control plane functions is split between a SDN controller and the networking element

  • Question 549:

    Which two events can cause a failover event on an active/standby setup? (Choose two)

    A. The active unit experiences interface failure above the threshold.
    B. The unit that was previously active recovers.
    C. The stateful failover link fails.
    D. The failover link fails.
    E. The active unit fails.

  • Question 550:

    Which statement is true about a SMURF attack?

    A. In order to mitigate the attack you need to disable IP directed broadcast on the router interface.
    B. The attacker uses spoofed destination address to launch the attack.
    C. It sends ICMP Echo Replies to known ip addresses in a subnet.
    D. It sends ICMP Echo Requests to a spoofed source address of a subnet.
    E. It is used by the attackers to check if destination addresses are alive.
    F. It exhausts the victim machine resources with large number of ICMP Echo Requests from a subnet.
    G. It is a distributed denial-of-service attack.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.