400-251 Premium Bundle

400-251 Premium Bundle

CCIE Security Written Exam Certification Exam

4.5 
(31905 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 21, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 400-251 Exam

Cisco 400-251 Free Practice Questions

Q1. Which three statements about Unicast RPF in strict mode and loose mode are true? (choose three)

A. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.

B. Strict mode requires a default route to be associated with the uplink network interface.

C. Both loose and strict modes are configured globally on the router.

D. Loose mode requires the source address to be present in the routing table.

E. Strict mode is recommended on interfaces that will receive packets only form the same subnet to which the interface is assigned.

F. Interfaces in strict mode drop traffic with return routes that point to the NULL 0 interface.

Answer: D,E,F

Q2. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol Unreachable

B. Destination Unreachable-port Unreachable

C. Time Exceeded-Time to Live exceeded in Transit

D. Redirect-Redirect Datagram for the Host

E. Time Exceeded-Fragment Reassembly Time Exceeded

F. Redirect-Redirect Datagram for the Type of service and Host

Answer: B,C

Q3. Refer to the exhibit. What type of attack is represented in the given Wireshark packet capture?

A. a SYN flood

B. spoofing

C. a duplicate ACK

D. TCP congestion control

E. a shrew attack

Answer: A

Q4. What are two advantages of NBAR2 over NBAR? (Choose two)

A. Only NBAR2 support Flexible NetFlow for extracting and exporting fields from the packet header.

B. Only NBAR2 allows the administrator to apply individual PDL files.

C. Only NBAR2 support PDLM to support new protocals.

D. Only NBAR2 can use Sampled NetFlow to extract pre-defined packet headers for reporting.

E. Only NBAR2 supports custom protocols based on HTTP URLs.

Answer: A,E

Q5. Refer to the exhibit. Which statement about the effect of this configuration is true?

A. reply protection is disable

B. It prevent man-in-the-middle attacks

C. The replay window size is set to infinity

D. Out-of-order frames are dropped

Answer: D

Q6. What ASA feature can do use to restrict a user to a specific VPN group?

A. A webtypeACL

B. MPF

C. A VPN filter

D. Group-lock

Answer: D

Q7. What are the two IPSec modes? (Choose two)

A. Aggressive

B. ISAKMP

C. Transport

D. IKE

E. Main

F. Tunnel

Answer: C,F

Q8. Which Three statement about cisco IPS manager express are true? (Choose three)

A. It provides a customizable view of events statistics.

B. It Can provision policies based on risk rating.

C. It Can provision policies based on signatures.

D. It Can provision policies based on IP addresses and ports.

E. It uses vulnerability-focused signature to protect against zero-day attacks.

F. It supports up to 10 sensors.

Answer: A,B,F

Q9. Refer to the exhibit. 

Which effect of this Cisco ASA policy map is true?

A. The Cisco ASA is unable to examine the TLS session.

B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.

C. it prevents a STARTTLS session from being established.

D. The Cisco ASA logs SMTP sessions in clear text.

Answer: B

Q10. Which two statements about SOX are true? (Choose two.)

A. SOX is an IEFT compliance procedure for computer systems security.

B. SOX is a US law.

C. SOX is an IEEE compliance procedure for IT management to produce audit reports.

D. SOX is a private organization that provides best practices for financial institution computer systems.

E. Section 404 of SOX is related to IT compliance.

Answer: B,E

Q11. Which two statements about the DES algorithm are true? (Choose two)

A. The DES algorithm is based on asymmetric cryptography.

B. The DES algorithm is a stream cipher.

C. The DES algorithm is based on symmetric cryptography.

D. The DES algorithm encrypts a block of 128 bits.

E. The DES algorithm uses a 56-bit key.

Answer: C,E

Q12. What technology can you implement on your network to allow IPv4-dependent applications to work with IPv6- capable application?

A. NAT 6to4

B. DS-lite

C. NAT-PT

D. ISATAP

E. NAT64

Answer: E

Q13. Which statement about the cisco anyconnect web security module is true ?

A. It is VPN client software that works over the SSl protocol.

B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.

C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.

D. It is deployed on endpoints to route HTTP traffic to SCANsafe

Answer: D

Q14. What is the maximum pattern length supported by FPM searches within a packet ?

A. 256 bytes 

B. 1500 bytes

C. 512 bytes

D. 128 bytes

Answer: A

Q15. Which VPN technology is based on GDOI (RFC 3547)?

A. MPLS Layer 3 VPN

B. MPLS Layer 2 VPN

C. GET VPN

D. IPsec VPN

Answer: C

Q16. For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)

A. BVI is required for the inspection of IP traffic.

B. The firewall can perform routing on bridged interfaces.

C. BVI is required if routing is disabled on the firewall.

D. BVI is required if more than two interfaces are in a bridge group.

E. BVI is required for the inspection of non-IP traffic.

F. BVI can manage the device without having an interface that is configured for routing.

Answer: D,F

START 400-251 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com