"Passed on the first try! I loved that the questions are updated as new exams are released, in order to keep up the most recent content being covered in the test. The date at the top of each page shows how current the material was, which was nice to see. "
"At first glance I thought this site is just like the other 99% websites in this industry, but boy I was wrong...its funny that two weeks before the exam I knew nothing about 400-251, but with this amazing site I managed to study very quickly and pass the exam easily without spending tons of money and time on preparing for the exam."
"As a professional in my field for over 8 years I could tell that not only were these questions real, but that an expert had been involved in designing and reviewing the questions for the CCIE Security Written Exam 400-251 exam. "
Are you looking for real exams dumps for the 400-251 CCIE Security Written Exam exam? ITExamLabs.com is dedicated to provide real and updated exam questions and answers, FREE of cost.
The best way to prepare for 400-251 exam is not reading a text book, but taking 400-251 vce exam and understanding the correct answers. Practice questions help prepare students for not only the concepts, but also the manner in which questions and answer options are presented during the real exam.
ITExamLabs.com provides not only actual Cisco 400-251 practice test, but also detailed answers, explanations and diagrams. Having authentic and current exam questions, will you pass your test on the first try!
Q1. Which Cisco product solution is designed for workload mobility between public-public andprivate-public clouds?A. Cisco Cloud OrchestratorB. Cisco Unified CloudC. Cisco Intercloud FabricD. Cisco MetapodView AnswerAnswer: CQ2. Refer to the exhibit. Which two effect of this configuration are true ? (Choose two)A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.B. The Cisco ASA use…
Q1. Which two statements about SGT Exchange Protocol are true? (Choose two)A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to performSGT tagging at Layer 2 to devices that support itB. SXP runs on UDP port 64999C. A connection is established between a “listener” and a “speaker”D. SXP is only supported across two…
Q1. A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?A. LDPB. VXLANC. VRFD. Extended VLAN rangesView AnswerAnswer: BQ2. Event Store is…
Q1. Which two options are differences between automation and orchestration? (Choose two)A. Automation is to be used to replace human interventionB. Automation is focused on automating a single or multiple tasksC. Orchestration is focused on an end-to-end process or workflowD. Orchestration is focused on multiple technologies to be integrated togetherE. Automation is an IT workflow composed of tasks, and Orchestration…
Q1. Which three statements about Unicast RPF in strict mode and loose mode are true? (choose three)A. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.B. Strict mode requires a default route to be associated with the uplink network interface.C. Both loose and strict modes are configured globally on the router.D. Loose mode requires the source…
Q1. Refer to the exhibit, which conclusion can be drawn from this output?A. The license of the device supports multiple virtual firewallsB. The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platformC. The license of the device allows for it to be used in a failover setD. The…
Q1. DRAG DROPDrag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?View AnswerAnswer: Explanation:1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.Q2. In which class of applications security threads does HTTP header…
Q1. DRAG DROPDrag each OSPF security feature on the left to its description on the right.View AnswerAnswer: Explanation:TTL security check:protects ospf neighbor sessions against CPU prefix length: protects the routers in an ospf neighbor sessionType0:Establishes OSPF sessions without authenthication Type1:Uses Clear-text authenthication to protectType2:Uses MD5 authenthication to protectQ2. What feature on Cisco IOS router enables user identification and authorization based…
Q1. Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?A. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.B. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.C. AV pairs are only string values.D. AV pairs are of two types: string and integer.View AnswerAnswer: CQ2. Refer…
Q1. According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)A. Router Renumbering(Type 138)B. Node Information Query(Type 139)C. Router Solicitation(Type 133)D. Node information Response(TypeE. Router Advertisement(Type 134)F. Neighbor Solicitaion(Type 135)View AnswerAnswer: A,B,DQ2. What are three QoS features supported on the ASA running version 8.x? (Choose Three)A. Traffic shaping and standard priority queuing on the same…
Q1. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?A. Allow only POST requests.B. Mark all cookies as HTTP only.C. Use per-session challenge tokens in links within your web application.D. Always use the "secure" attribute for cookies.E. Require strong passwords.View AnswerAnswer: CQ2. Which three IP resources is IANA responsible for? (Choose three.)A. IP address allocationB.…
Q1. Which Three statement about cisco IPS manager express are true? (Choose three)A. It provides a customizable view of events statistics.B. It Can provision policies based on risk rating.C. It Can provision policies based on signatures.D. It Can provision policies based on IP addresses and ports.E. It uses vulnerability-focused signature to protect against zero-day attacks.F. It supports up to 10…
Q1. DRAG DROPDrag and drop the description on the left on to the associated item on the right.View AnswerAnswer: Explanation: Collection of similar programs that work together to execute specific tasks: BotnetIndependent malicious program copies itself: WormsPrograms that appear to have one function but actually performs a different function: Trojan horsePrograms that modify other programs: VirusQ2. Which object table contains…
Q1. Which option describes the purpose of the RADIUS VAP-ID attribute?A. It specifies the ACL ID to be matched against the clientB. It specifies the WLAN ID of the wireless LAN to which the client belongsC. It sets the minimum bandwidth for the connectionD. It sets the maximum bandwidth for the connectionE. It specifies the priority of the clientF. It…
Q1. What context-based access control (CBAC. command sets the maximum time that a routerrunning Cisco IOS Will wait for a new TCP session to reach the established state?A. IP inspect max-incompleteB. IP inspect tcp finwait-timeC. Ip inspect udp idle-timeD. Ip inspect tcpsynwait-timeE. Ip inspect tcp idle-timeView AnswerAnswer: DQ2. What are two advantages of NBAR2 over NBAR? (Choose two)A. Only NBAR2…
Q1. Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)A. confidentiality and integrity of customer records and credit card informationB. accountability in the event of corporate fraudC. financial information handled by entities such as banks, and mortgage and insurance brokersD. assurance of the accuracy of financial recordsE. US Federal government informationF. security standards…
Q1. Which statement about ICMPv6 filtering is true? A)B)C)D)E)F)A. Option AB. Option BC. Option CD. Option DView AnswerAnswer: BQ2. You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch’s port mode to trunk?A. device-traffic-class=switchB. device-traffic-class=trunkC. framed-protocol=1D. EAP-message-switchE. Authenticate=AdministrativeF. Acct-Authentic=radiusView AnswerAnswer: AQ3. Refer to the…
Q1. Which two options are differences between automation and orchestration? (Choose two)A. Automation is to be used to replace human interventionB. Automation is focused on automating a single or multiple tasksC. Orchestration is focused on an end-to-end process or workflowD. Orchestration is focused on multiple technologies to be integrated togetherE. Automation is an IT workflow composed of tasks, and Orchestration…
Q1. DRAG DROPDrag and drop the description on the left on to the associated item on the right.View AnswerAnswer: Explanation: Collection of similar programs that work together to execute specific tasks: BotnetIndependent malicious program copies itself: WormsPrograms that appear to have one function but actually performs a different function: Trojan horsePrograms that modify other programs: VirusQ2. MWhich three are RFC…
Q1. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)A. It is an inbound policy.B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.E. It will allow…
Q1. Refer to the Exhibit. What is the effect of the given ACL policy ?A. The policy will deny all IPv6 eBGP session.B. The policy will disable IPv6 source routing.C. The policy will deny all IPv6 routing packet.D. The policy will deny all IPv6 routed packet.View AnswerAnswer: BQ2. Refer to the exhibit. Which statement about the effect of this configuration…
Q1. Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)A. L2TP-EncryptionB. Web-VPN-ACL-FiltersC. IPsec-Client-Firewall-Filter-NameD. Authenticated-User-Idle-TimeoutE. IPsec-Default-DomainF. Authorization-TypeView AnswerAnswer: B,D,EQ2. Which two statements about the ISO are true? (Choose two)A. The ISO is a government-based organization.B. The ISO has three membership categories: member, correspondent, and subscribers.C. Only member bodies have voting rights.D. Correspondent bodies are small countries…
Q1. Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)A. Loose mode requires the source address to be present in the routing table.B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.D. Strict mode…
Q1. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)A. FPMB. DCARC. NBARD. IP source GuardE. URPFF. Dynamic ARP inspectionView AnswerAnswer: D,EQ2. Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?A. In a failover pair of ASAs, the standby firewall establishes a peer…