Cisco 400-251 Free Practice Questions

Q1. Which Cisco product solution is designed for workload mobility between public-public and

private-public clouds?

A. Cisco Cloud Orchestrator

B. Cisco Unified Cloud

C. Cisco Intercloud Fabric

D. Cisco Metapod

View Answer

Q2. Refer to the exhibit. 

Which two effect of this configuration are true ? (Choose two)

A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.

B. The Cisco ASA use the cisco directory as the starting point for the user search.

C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.

D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.

E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.

F. The admin user is authenticated against the members of the security.cisco.com group.

View Answer

Q3. What security element must an organization have in place before it can implement a security audit and validate the audit results?

A. firewall

B. network access control

C. an incident response team

D. a security policy

E. a security operation center

View Answer

Q4. Which command can you enter on the Cisco ASA to disable SSH?

A. Crypto key generate ecdsa label

B. Crypto key generate rsa usage-keys noconfirm

C. Crypto keys generate rsa general-keys modulus 768

D. Crypto keys generate ecdsa noconfirm

E. Crypto keys zeroize rsa noconfirm

View Answer

Q5. Which three statements about the RSA algorithm are true? (Choose three.)

A. The RSA algorithm provides encryption but not authentication.

B. The RSA algorithm provides authentication but not encryption.

C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.

D. The private key is never sent across after it is generated.

E. The public key is used to decrypt the message that was encrypted by the private key.

F. The private key is used to decrypt the message that was encrypted by the public key.

View Answer

Q6. Which two statement about MLD version 2 on the ASA are true ? (Choose two)

A. It allows the ASA to function as a multicast router.

B. It enables the ASA to discover multicast address listeners on attached and remote links.

C. It discover other multicast address listeners by listening to multicast listener reports.

D. It enables the ASA to discover multicast address listeners to attached links only.

E. It sends multicast listener reports in response to multicast listener quires.

View Answer

Q7. Which two statements about ICMP redirect messages are true? (choose two)

A. By default, configuring HSRP on the interface disables ICMP redirect functionality.

B. They are generated when a packet enters and exits the same router interface.

C. The messages contain an ICMP Type 3 and ICMP code 7.

D. They are generated by the host to inform the router of an alternate route to the destination.

E. Redirects are only punted to the CPU if the packets are also source-routed.

View Answer

Q8. Which configuration is the correct way to change VPN key Encryption key lifetime to 10800 seconds on the key server?

A)

B)

C)

D)

E)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q9. DRAG DROP

Drag and drop the DNS record types from the left to the matching descriptions to the right

View Answer

Q10. DRAG DROP

Drag and drop each syslog facility code on the left onto its description on the right.

View Answer

Q11. On Which encryption algorithm is CCMP based?

A. IDEA

B. BLOWFISH

C. RCS

D. 3DES

E. AES

View Answer

Q12. Which three statements are true regarding Security Group Tags? (Choose three.)

A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.

B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.

C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.

D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and

WebAuth methods of authentication.

E. A Security Group Tag is a variable length string that is returned as an authorization result.

View Answer

Q13. Class -map nbar_rtp

Match protocol rtp payload-type “0,1,4-0x10, 10001b – 10010b,64”

The above NBAR configuration matches RTP traffic with which payload types? 

A)

B)

C)

D)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q14. Refer to the exhibit. 

What are the two effects of the given configuration? (Choose two)

A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded

B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering

C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the

destination address specified in the datagram

D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed

E. It permits Parameter Problem messages that indicate an error in the header

F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram

View Answer

Q15. Which three statement about VRF-Aware Cisco Firewall are true? (Choose three)

A. It can run as more than one instance.

B. It supports both global and per-VRF commands and DoS parameters.

C. It can support VPN networks with overlapping address ranges without NAT.

D. It enables service providers to implement firewalls on PE devices.

E. It can generate syslog massages that are visible only to individual VPNs.

F. It enables service providers to deploy firewalls on customer devices.

View Answer

Q16. DRAG DROP

Drag each step in the SCEP workflow on the left into the correct order of operations on the right?

View Answer