400-251 Exam Details
-
Exam Code
:400-251 -
Exam Name
:CCIE Security Written -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:665 Q&As -
Last Updated
:Dec 10, 2021
Cisco 400-251 Online Questions & Answers
-
Question 561:
DRAG DROP
Drag and drop the role on the left onto their responsibility in the change-management process on the right.
Select and Place:
-
Question 562:
Which IETF standard is the most efficient messaging protocol used in a loT network?
A. CoAP
B. MQTT
C. SNMP
D. HTTP -
Question 563:
Refer to the exhibit. One of the Windows machines in your network is experiencing a Dot1x authentication failure. Windows machines are setup to acquire an IP address from the DHCP server configured on the switch, which is supposed to hand over IP addresses from the 50.1.1.0/24 network, and forward AAA requests to the radius server at 161.1.7.14 using shared key "cisco". Knowing that interface Gi0/2 on switch may receive authentication requests from other devices and looking at the provided switch configuration, what could be the possible cause of this failure?
aaa new model aaa authentication login NO_AUTH none aaa authentication login vty local aaa authentication dot1x default group radius aaa authentication network default group radius aaa accounting dot1x default start-stop group radius ! username cisco privilege 15 password 0 cisco dot1x system-auth-control ! interface GigabitEthernet0/2 switchport mode access ip access-group Pre-Auth in authentication host-mode multi-auth authentication open authentication port-control auto dot1x pae authenticator ! vlan 50 interface Vlan50 ip address 50.1.1.1 255.255.255.0 ! ip dhcp excluded-address 50.1.1.1 ip dhcp pool pc-pool network 50.1.1.0 255.255.255.0 default-router 50.1.1.1 ! ip access-list extended Pre-Auth permit udp any eq bootpc any eq bootps deny ip any any ! radius server ccie address ipv4 161.1.7.14 auth-port 1645 acct-port 1646 key cisco ! line con 0 login authentication NO_AUTH line vty 0 4
login authentication vty
A. an incorrect dhcp pool is configured
B. aaa network authorization is not configured
C. an incorrect pre-authentication acl is configured
D. authentication port-control is not set on interface gi0/2
E. an incorrect radius server addresss is defined
F. aaa login authentication is not configured
G. authentication is not enabled on interface gi0/2 -
Question 564:
Refer to the exhibit. R2 is getting time synchronized from NTP server Rl.It has been reported that clock on R2 cannot associate with the NTP server R1. Which possible cause is true?
A. R2 has connectivity issue with the NTP server
B. R1 has an incorrect NTP source Interface defined
C. R2 should not have two trusted keys for the NTP authentication
D. R2 does not support NTP authentication
E. R2 has an incorrect trusted key binded with the NTP server
F. R2 has incorrect NTP server address -
Question 565:
Which statement describes a pure SDN framework environment?
A. The control plane and data plane is pulled from the networking element and put in a SDN controller and SDN agent
B. The control plane function is split between a SDN controller and the networking element.
C. The data plane is pulled from the networking element and put in a SDN controller
D. The data plane is controlled by a centralized SDN element
E. The Control plane is pulled from the networking element and put in a SDN controller -
Question 566:
Which three loT attack areas as defined by OWASP are true? (Choose three)
A. Ecosystem access control
B. Local device vector injection
C. Remote data storage tempering
D. Local data storage
E. Middleware exploitation
F. Device physical interfaces
G. Vendor frontend API enumeration -
Question 567:
Which three types of addresses can the Botnet Traffic Filter feature of the Cisco ASA monitor?(Choose three)
A. dynamic address
B. known malware addresses
C. known allowed addresses
D. ambiguous addresses
E. internal addresses
F. listed addresses -
Question 568:
Which two protocols are supported when using TACACS+? (Choose two)
A. MS-CHAP
B. CHAP
C. NASI
D. HDLC
E. AppleTalk -
Question 569:
Within Platform as a Service, which two components are managed by the customer?(Choose two)
A. Data
B. networking
C. middleware
D. applications
E. operating system -
Question 570:
Refer to the exhibit. This error message is displayed while troubleshooting a newly set up IPsec VPN tunnel. Which cause is the most probable?
A. Peer information is incorrectly configured on the remote IPsec router
B. The phase 1 policies are not compatible
C. The phase 2 policies are not compatible
D. Crypto ACLs are not correctly mirrored on both ends of the tunnel
E. Peer information is incorrectly configured on both sides of the tunnel.
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.