1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 551:

    Refer to the exhibit. Which effect of this configuration is true?

    A. The minimum size of TCP SYN+AK packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes.
    B. The minimum size of TCP SYN+AK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes.
    C. The MSS of TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes.
    D. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes.
    E. SYN packets carry 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes.

  • Question 552:

    Which statement correctly describes AES encryption algorithm?

    A. It works on substitution and permutation principle
    B. It uses three encryption keys of length 168, 112 and 56 bits
    C. Reapplying same encryption key three times makes it less vulnerable then 3DES
    D. It only provides data integrity
    E. Theoretically 3DES is more secure then AES

  • Question 553:

    What are the most common methods that security auditors use to access an organizations security processes? (Choose two)

    A. physical observation
    B. social engineering attempts
    C. penetration testing
    D. policy assessment
    E. document review
    F. interviews

  • Question 554:

    Which statement is correct about Cisco Web Security Appliance (WSA)?

    A. WSA can have only one routing table
    B. WSA does not offer out-of-bound Management capability
    C. WSA cannot decrypt HTTPS traffic
    D. WSA policies can be configured using GUI interface only

  • Question 555:

    Which four types of traffic should be allowed during an unknown posture state? (Choose four.)

    A. traffic from the Cisco AnyConnect client, with posture module, to ASA
    B. traffic to the public search engines
    C. DNS traffic
    D. traffic to the remediation servers, if needed
    E. SSH traffic for network device administration
    F. traffic to the ISE PSNs to which Client Provisioning Portal FQDN points
    G. DHCP traffic
    H. traffic to the FireAMP cloud for AMP for endpoint scan results

  • Question 556:

    Which two statements about DTLS are true?(Choose two)

    A. If DPD is enabled.DTLS can fall back to a TLS connection.
    B. It is disabled by default if you enable SSL VPN on the interface.
    C. It uses two simultaneous IPSec tunnels to carry traffic.
    D. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
    E. Because if requires two tunnels, it may experience more latency issues than SSL connections.

  • Question 557:

    Which Cisco Firepower interface mode allows you to send inline traffic directly through the device and only inspect a copy of the traffic?

    A. TAP mode
    B. Automatic application bypass mode
    C. Delay thresh-hold mode
    D. Fast-path mode

  • Question 558:

    A Network architect has been tasked to migrate a customer's legacy infrastructure switches from Nexus 9000 platform. Which process will help him achieve this milestone?

    A. Create a container providing separate execution space
    B. Manage software upgrades via guest shell
    C. Setup a Web-based interface for configuration management
    D. Allow guests temporary access to the CLI without logging in

  • Question 559:

    Which statement about the restrictions of redirection on Cisco Cloud Web Security tunnels on ISR4000 Series Router is true?

    A. The cws-tunnel out command can be configured up to a maximum of three WAN interfaces
    B. User authentication (through NTLM) is supported
    C. Access lists based on object groups are supported in whitelisting and redirect list configuration
    D. IPv6 is not supported
    E. Multiple access lists are supported for whitelisting

  • Question 560:

    In your network, you require all guests to authenticate to the network before getting access, however, you don't want to be stuck creating or approving accounts. It is preferred that this is all taken care by the user, as long as their device is registered. Which two mechanisms can be used to provide this functionality? (Choose two)

    A. Social media login, with device registration
    B. Guest's own organization authentication service, with device registration
    C. PAP based authentication, with device registration
    D. Active Directory, with device registration
    E. 802.1x based user registration, with device registration
    F. Self-registration of user, with device registration

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.