Cisco 400-251 Free Practice Questions

Q1. Which two statements about SGT Exchange Protocol are true? (Choose two)

A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform

SGT tagging at Layer 2 to devices that support it

B. SXP runs on UDP port 64999

C. A connection is established between a “listener” and a “speaker”

D. SXP is only supported across two hops

E. SXPv2 introduces connection security via TLS

Answer: A,C

Q2. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

A. Network translation mode

B. Single-context routed mode

C. Multiple-context mode

D. Transparent mode

Answer: B

Q3. Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.

B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.

C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.

D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.

Answer: C,D

Q4. Which three statements about the keying methods used by MAC Sec are true (Choose Three)

A. MKA is implemented as an EAPoL packet exchange

B. SAP is enabled by default for Cisco TrustSec in manual configuration mode.

C. SAP is supported on SPAN destination ports

D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA

E. SAP is not supported on switch SVIs .

F. A valid mode for SAP is NULL

Answer: A,B,F

Q5. DRAG DROP

Drag each IP transmission and fragmentation term on the left to the matching statement on the right?

Answer:

Explanation: DF bit: A value in the IP header that indicates whether packet fragmentation is permitted.

Fragment offset: A value in the IP packet that indicates the location of a fragment in the datagram.

MF bit: Indicates that this is last packet with the biggest offset.

MSS: The amount of data that the receiving host can accept in each TCP segment. MTU: A value representing the maximum acceptable length of a packet to be transmitted over a link. PMTUD: A technology used to prevent fragmentation as data travels between two end points.

Tunnel: A logical interface allows packet to be encapsulated inside a passenger protocol for transmission across a

different carrier protocol.

Q6. Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?

A. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors

B. The ASA supports policy-based routing with route maps

C. Routes to the Null0 interface cannot be configured to black-hole traffic

D. The translations table cannot override the routing table for new connections

Answer: C

Q7. The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA, What command can you use to block all current and future connections from the infected host?

A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4

B. shun 10.10.10.4 168.65.201.120 6000 80

C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120

D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4

E. shun 168.65.201.120 10.10.10.4 6000 80

Answer: C

Q8. Which two statement about router Advertisement message are true? (Choose two)

A. Local link prefixes are shared automatically.

B. Each prefix included in the advertisement carries lifetime information f Or that prefix.

C. Massage are sent to the miscast address FF02::1

D. It support a configurable number of retransmission attempts for neighbor solicitation massage.

E. Flag setting are shared in the massage and retransmitted on the link.

F. Router solicitation massage are sent in response to router advertisement massage

Answer: A,F

Q9. when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?

A. 0 to 65535

B. 1 to 1024

C. 0 to 4,294,967,295

D. 1 to 65535

E. 1 to 4,294,967,295

F. 0 to 1024

Answer: C

Q10. Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?

A. Configure Unicast RPF Loose Mode on R2 and R3 only.

B. Configure Unicast RPF Loose Mode on R1 only.

C. Configure Unicast RPF Strict Mode on R1 only.

D. Configure Unicast RPF Strict Mode on R1,R2 and R3.

E. Configure Unicast RPF Strict Mode on R2 and R3 only.

Answer: E

Q11. You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

(A) You need two customer contexts, named contextA and contextB

(B) Allocate interfaces G0/0 and G0/1 to contextA

(D) The physical interface name for G0/1 within contextA should be "inside".

(E) All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

A. context contextA