1. Home
  2. Cisco
  3. 400-251

Cisco 400-251 Online Practice Questions and Exam Preparation

400-251 Exam Details

  • Exam Code
    :400-251
  • Exam Name
    :CCIE Security Written
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :665 Q&As
  • Last Updated
    :Dec 10, 2021

Cisco 400-251 Online Questions & Answers

  • Question 591:

    Refer to the exhibit. What are two effects of the given configuration? (Choose two)

    A. FTP clients will be able to determine the server's system type.
    B. The connection will remain open if the size of the STOR command is greater than a fixed constant.
    C. TCP connections will be completed only to TCP ports from 1 to 1024.
    D. The client must always send the PASV reply.
    E. The connection will remain open if the PASV reply command includes 5 commas.

  • Question 592:

    How does a Cisco ISE server determine whether a client supports EAP chaining?

    A. It sends an MDS challenge to the client and analyzes the response
    B. It analyzes the options field in the TCP header of the first packet it receives from the client
    C. It analyzes the EAPol message the client sends during the initial handshake
    D. It sends an identity-type TLV to the client and analyzes the response
    E. It analyzes the X509 certificate it receives from the client through the TLS tunnel

  • Question 593:

    An organization is deploying FTD in the data center. Productions tests are performed after applications have been connected; however, ping tests to resources behind the firewall are falling. This firewall has two interfaces, INSIDE and OUTSIDE. The problem might be in either direction. The failed testing scenario is from the OUTSIDE. Which two commands can be used as an initial step to troubleshoot the situation and determine where the issue might be? (Choose two)

    A. Packet-tracer input Outside
    B. Packet-tracer input Outside < Destination IP>
    C. Packet-tracer input Inside
    D. Packet-tracer input Inside < Destination Port>
    E. Packet-tracer input Outside < Destination Port>
    F. Packet-tracer input Inside

  • Question 594:

    What is an example of a stream cipher?

    A. RC4
    B. RC5
    C. DES
    D. Blowfish

  • Question 595:

    Which two requirements are necessary to generate the self-signed certificate for SSL VPN deployment using AnyConnect with IOS router at the headend? (Choose two)

    A. Enable WebVPN
    B. Generate RSA key pair
    C. Install AnyConnect package
    D. Enable HTIP server
    E. Configures PKI trust point
    F. Enable CHAP

  • Question 596:

    There is no SGT mapping update from the speaker 10.1.1.1, looking at the configuration below what could be the potential issue?

    A. SXP mode should be remote.
    B. Routing issue on SW1.
    C. The SXP default password should not be used.
    D. SXP peer address is incorrect.
    E. SW1 should also be configured as speaker peer.
    F. SXP hold-time configuration is invalid.

  • Question 597:

    Which of the following statements about GETVPN are correct? (Choose two.)

    A. GETVPN Key Servers uses the stateful HSRP protocol to provide redundancy
    B. A GETVPN Key Server can use either IKEv1 or IKEv2 protocol to authenticate Group Members C. GETVPN uses transport mode Ipsec encapsulation
    D. GETVPN does not provide a tunnel overlay
    E. GETVPN requires multicast enabled Group Members for group SA rekey

  • Question 598:

    In your ISE design, there are two TACACS profiles that are created for a device administration:

    IOS_HelpDesk_Profile, and IOS_Admin_Profiile. The HelpDesk profile should login the user with privilege 1, with ability to change privilege level to 15. The Admin profile should login the user with privilege 15 by default.

    Which two commands must the HelpDesk enter on the IOS device to access privilege level 15? (Choose two)

    A. Enable secret
    B. Enable 15
    C. Privilege level 15
    D. Enable privilege 15
    E. Enable
    F. Enable IOS_Admin_profile
    G. Enable password

  • Question 599:

    Whcih two statements about uRPF are true? (Choose two)

    A. The administrator can configure the allow-default command to force the routing table to user only default route.
    B. Is is not supported on the Cisco ASA security appliance.
    C. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work through HSRP routing groups.
    D. The administrator can use the show cef interface command to determine whether uRPF is enable.
    E. In strict mode, only one routing path can be available to reach network devices on a subnet.

  • Question 600:

    Which is an important consideration when deploying WSA load-balancing solution?

    A. RIP is most efficient dynamic routing protocol when it comes to convergence and stability.
    B. Management interface has to be shared with data interface being under-utilized.
    C. Avoid the use of DNS server due to the network latency issue that could slow down the resolutions.
    D. Only one data interface has to be deployed.
    E. Make sure that spanning-tree operation is stable at layer-2.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 400-251 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.