Cisco 400-251 Free Practice Questions

Q1. Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)

A. Loose mode requires the source address to be present in the routing table.

B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.

C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.

D. Strict mode requires a default route to be associated with the uplink network interface.

E. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.

F. Both loose and strict modes are configured globally on the router.

View Answer

Q2. If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?

A. standby

B. active

C. on

D. passive

View Answer

Q3. Which two statement about DTLS are true ? (choose two)

A. Unlike TLS,DTLS support VPN connection with ASA.

B. It is more secure that TLS.

C. When DPD is enabled DTLS connection can automatically fall back to TLS.

D. It overcomes the latency and bandwidth problem that can with SSL.

E. IT come reduce packet delays and improve application performance.

F. It support SSL VPNs without requiring an SSL tunnel.

View Answer

Q4. Which option describes the purpose of the RADIUS VAP-ID attribute?

A. It specifies the ACL ID to be matched against the client

B. It specifies the WLAN ID of the wireless LAN to which the client belongs

C. It sets the minimum bandwidth for the connection

D. It sets the maximum bandwidth for the connection

E. It specifies the priority of the client

F. It identifies the VLAN interface to which the client will be associated

View Answer

Q5. You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):

With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?

A. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

B. Modify the NHRP hold times to match on the hub and spoke

C. Modify the NHRP network IDs to match on the hub and spoke

D. Modify the tunnel keys to match on the hub and spoke

View Answer

Q6. Which configuration is the correct way to change VPN key Encryption key lifetime to 10800 seconds on the key server?

A)

B)

C)

D)

E)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q7. Which three IP resources is the IANA responsible? (Choose three.)

A. IP address allocation

B. detection of spoofed address

C. criminal prosecution of hackers

D. autonomous system number allocation

E. root zone management in DNS

F. BGP protocol vulnerabilities

View Answer

Q8. DRAG DROP

Drag and drop each RADIUS packet field on the left onto the matching decription on the right.

View Answer

Q9. Refer the exhibit. 

Which of the following is the correct output of the above executed command? 

A)

B)

C)

D)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q10. Which object table contains information about the clients know to the server in Cisco NHRP MIB

implementation?

A. NHRP Cache Table

B. NHRP Client Statistics Table

C. NHRP Purge Request Table

D. NHRP Server NHC Table

View Answer

Q11. What is the first step in performing a risk assessment?

A. Identifying critical services and network vulnerabilities and determining the potential impact of their compromise

or failure.

B. Investigating reports of data theft or security breaches and assigning responsibility.

C. Terminating any employee believed to be responsible for compromising security.

D. Evaluating the effectiveness and appropriateness of the organization’s current risk- management activities.

E. Establishing a security team to perform forensic examinations of previous known attacks.

View Answer

Q12. Refer to the exhibit . Which Statement about this configuration is true?

A. The ASA stops LSA type 7 packets from flooding into OSPF area 1.

B. The ASA injects a static default route into OSPF area 1.

C. The ASA redistributes routes from one OSPF process to another.

D. The ASA redistributes routes from one routing protocol to another.

E. The ASA injects a static default route into OSPF process 1.

View Answer

Q13. According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)

A. ISMS Policy

B. Corrective Action Procedure

C. IS Procedures

D. Risk Assessment Reports

E. Complete Inventory of all information assets

View Answer

Q14. Which two statement about the DES algorithm are true?(choose two)

A. It uses a 64-bit key block size and its effective key length is 65 bits

B. It uses a 64-bits key block size and its effective key length is 56 bits

C. It is a stream cripher that can be used with any size input

D. It is more efficient in software implements than hardware implementations.

E. It is vulnerable to differential and linear cryptanalysis

F. It is resistant to square attacks

View Answer

Q15. DRAG DROP

Drag and drop the DNS record types from the left to the matching descriptions to the right

View Answer

Q16. Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)

A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute

B. It uses AD attribute maps to assign users to group policies configured under the WebVPN context

C. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies

D. It can assign a group policy to a user based on access credentials

E. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA

F. It is a closed standard that manages directory-information services over distributed networks

View Answer