400-251 Premium Bundle

400-251 Premium Bundle

CCIE Security Written Exam Certification Exam

4.5 
(23550 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 21, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 400-251 Exam

Cisco 400-251 Free Practice Questions

Q1. Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?

A. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.

B. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.

C. AV pairs are only string values.

D. AV pairs are of two types: string and integer.

Answer: C

Q2. Refer to the exhibit. 

What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two)

Refer to the exhibit What are two TLS inspection methods you could implement for- outbound Internet traffic that can prevent the given error? (Choose two)

A. Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the client

B. Apply an intermediate CA certificate from a trusted authority on the inspection appliance.

C. Download a copy of the private key from the content provider,

D. Update your organizational procedures to instruct users to click "I Understand the Risks" to accept the error and continue

E. Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance

Answer: A,B

Q3. Refer to the exhibit.

While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?

A. The NTP continuously received the previous 8 packets.

B. The NTP process is waiting to receive its first acknowledgement.

C. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.

D. The NTP process received only the most recent packet.

Answer: C

Q4. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)

A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.

B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.

C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.

D. It disables PMTUD discovery for tunnel interfaces.

E. The DF bit are copied to the GRE IP header.

F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.

Answer: B,E

Q5. What is the default communication port used by RSA SDI and ASA ?

A. UDP 500

B. UDP 848

C. UDP 4500

D. UDP 5500

Answer: D

Q6. Refer to the exhibit. 

After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?

A. R2 received a packet with an incorrect area form the loopback1 interface

B. OSPFv3 area authentication is missing

C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface

D. The SPI and the authentication key are unencrypted

E. The SPI value and the key are the same on both R1 and R2

Answer: C

Q7. Event Store is a component of which IPS application?

A. SensorApp

B. InterfaceApp

C. MainApp

D. NotificationApp

E. AuthenticationApp

Answer: C

Q8. Refer to the exhibit. 

Which effect of this configuration is true?

A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes.

B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.

C. NUD retransmits Neighbor Solicitation messages every 4 seconds.

D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.

E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.

F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.

Answer: E

Q9. Which three statements about RLDP are true? (Choose three)

A. It can detect rogue Aps that use WPA encryption

B. It detects rogue access points that are connected to the wired network

C. The AP is unable to serve clients while the RLDP process is active

D. It can detect rogue APs operating only on 5 GHz

E. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network

F. It can detect rogue APs that use WEP encryption

Answer: A,B,D

Q10. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol Unreachable

B. Destination Unreachable-port Unreachable

C. Time Exceeded-Time to Live exceeded in Transit

D. Redirect-Redirect Datagram for the Host

E. Time Exceeded-Fragment Reassembly Time Exceeded

F. Redirect-Redirect Datagram for the Type of service and Host

Answer: B,C

Q11. Which two options are open-source SDN controllers? (Choose two)

A. OpenContrail

B. OpenDaylight

C. Big Cloud Fabric

D. Virtual Application Networks SDN Controller

E. Application Policy Infrastructure Controller

Answer: A,B

Q12. Why is the IPv6 type 0 routing header vulnerable to attack?

A. It allows the receiver of a packet to control its flow.

B. It allows the sender to generate multiple NDP requests for each packet.

C. It allows the sender of a packet to control its flow.

D. It allows the sender to generate multiple ARP requests for each packet.

E. It allows the receiver of a packet to modify the source IP address.

Answer: C

Q13. Refer to the exhibit. What protocol format is illustrated?

A. GR

B. AH

C. ESP

D. IP

Answer: B

Q14. You have configured an authenticator switch in access mode on a network configured with NEAT.

WhatRADIUS attribute must the ISE sever return to change the switch's port mode to trunk?

A. device-traffic-class=switch

B. device-traffic-class=trunk

C. Framed-protocol=1

D. EAP-message=switch

E. Acct-Authentic=RADIUS

F. Authenticate=Administrative

Answer: A

Q15. Which statement about ICMPv6 filtering is true? 

A)

B)

C)

D)

E)

F)

A. Option A

B. Option B

C. Option C

D. Option D

Answer: B

Q16. Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)

A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute

B. It uses AD attribute maps to assign users to group policies configured under the WebVPN context

C. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies

D. It can assign a group policy to a user based on access credentials

E. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA

F. It is a closed standard that manages directory-information services over distributed networks

Answer: A,B

START 400-251 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com