Cisco 400-251 Free Practice Questions

Q1. Which option describes the purpose of the RADIUS VAP-ID attribute?

A. It specifies the ACL ID to be matched against the client

B. It specifies the WLAN ID of the wireless LAN to which the client belongs

C. It sets the minimum bandwidth for the connection

D. It sets the maximum bandwidth for the connection

E. It specifies the priority of the client

F. It identifies the VLAN interface to which the client will be associated

View Answer

Q2. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)

A. FPM

B. DCAR

C. NBAR

D. IP source Guard

E. URPF

F. Dynamic ARP inspection

View Answer

Q3. when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?

A. 0 to 65535

B. 1 to 1024

C. 0 to 4,294,967,295

D. 1 to 65535

E. 1 to 4,294,967,295

F. 0 to 1024

View Answer

Q4. DRAG DROP

Drag each OSPF security feature on the left to its description on the right.

View Answer

Q5. Which two options are differences between a automation and orchestration?(Choose two)

A. Automation is an IT workflow composed of tasks, and orchestration is a technical task.

B. Orchestration is focused on multiple technologies to be integrated together.

C. Orchestration is focused on an end-to-end process or workflow

D. Automation is to be used to replace human intervention.

E. Automation is focused on automating a single or multiple tasks.

View Answer

Q6. DRAG DROP

Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.

View Answer

Q7. Which two statements about CoPP are true? (Choose two)

A. When a deny rule in an access list is used for MQC is matched, classification continues on the next class

B. It allows all traffic to be rate limited and discarded

C. Access lists that are used with MQC policies for CoPP should omit the log and log-input keywords

D. The mls qos command disables hardware acceleration so that CoPP handles all QoS

E. Access lists that use the log keyword can provide information about the device’s CPU

usage

F. The policy-map command defines the traffic class

View Answer

Q8. Which three statements about the Cisco IPS sensor are true? (Choose three.)

A. You cannot pair a VLAN with itself.

B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.

C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can

be a member of an inline VLAN pair on more than one sensing interface.

D. The order in which you specify the VLANs in a inline pair is significant.

E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

View Answer

Q9. What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?

A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater

B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets

C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes

D. It configures the interface to fragment packets on connections with MTUs of 1024 or less

E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes

View Answer

Q10. What feature on Cisco IOS router enables user identification and authorization based on per-user policies

A. CBAC

B. IPsec

C. Authentication proxy

D. NetFlow v9

E. Zone-based firewall

F. EEM

View Answer

Q11. Which two statements about SOX are true? (Choose two.)

A. SOX is an IEFT compliance procedure for computer systems security.

B. SOX is a US law.

C. SOX is an IEEE compliance procedure for IT management to produce audit reports.

D. SOX is a private organization that provides best practices for financial institution computer systems.

E. Section 404 of SOX is related to IT compliance.

View Answer

Q12. Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?

A. Configure Unicast RPF Loose Mode on R2 and R3 only.

B. Configure Unicast RPF Loose Mode on R1 only.

C. Configure Unicast RPF Strict Mode on R1 only.

D. Configure Unicast RPF Strict Mode on R1,R2 and R3.

E. Configure Unicast RPF Strict Mode on R2 and R3 only.

View Answer

Q13. Which protocol does VNC use for remote access to a GUI?

A. RTPS

B. RARP

C. E6

D. SSH

E. RFB

View Answer

Q14. Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?

A. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors

B. The ASA supports policy-based routing with route maps

C. Routes to the Null0 interface cannot be configured to black-hole traffic

D. The translations table cannot override the routing table for new connections

View Answer

Q15. Which two statement about MSDP ate true? (Choose three)

A. It can connect to PIM-SM and PIM-DM domains

B. It announces multicast sources from a group

C. The DR sends source data to the rendezvous point only at the time the source becomes active

D. It can connect only to PIM-DM domains

E. It registers multicast sources with the rendezvous point of a domain

F. It allows domains to discover multicast sources in the same or different domains.

View Answer

Q16. Which three statements about the IANA are true? (Choose three.)

A. IANA is a department that is operated by the IETF

B. IANA oversees global IP address allocation.

C. IANA managed the root zone in the DNS.

D. IANA is administered by the ICANN.

E. IANA defines URI schemes for use on the Internet.

View Answer