400-251 Premium Bundle

400-251 Premium Bundle

CCIE Security Written Exam Certification Exam

4.5 
(7920 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
January 4, 2025Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 400-251 Exam

Cisco 400-251 Free Practice Questions

Q1. Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)

A. L2TP-Encryption

B. Web-VPN-ACL-Filters

C. IPsec-Client-Firewall-Filter-Name

D. Authenticated-User-Idle-Timeout

E. IPsec-Default-Domain

F. Authorization-Type

Answer: B,D,E

Q2. Which two statements about the ISO are true? (Choose two)

A. The ISO is a government-based organization.

B. The ISO has three membership categories: member, correspondent, and subscribers.

C. Only member bodies have voting rights.

D. Correspondent bodies are small countries with their own standards organization.

E. Subscriber members are individual organizations.

Answer: B,C

Q3. Class -map nbar_rtp

Match protocol rtp payload-type “0,1,4-0x10, 10001b – 10010b,64”

The above NBAR configuration matches RTP traffic with which payload types? 

A)

B)

C)

D)

A. Option A

B. Option B

C. Option C

D. Option D

Answer: A

Q4. Which two statement about the IPv6 Hop-by-Hop option extension header (EH. are true?9Choose two)

A. The Hop-by-Hop EH is processed in hardware at the source and the destination devices only.

B. If present, network devices must process the Hop-by-Hop EH first

C. The Hop-by-Hop extension header is processed by the CPU by network devices

D. The Hop-by-Hop EH is processed in hardware by all intermediate network devices

E. The Hop-by-Hop EH is encrypted by the Encapsulating Security Header.

F. If present the Hop-by-Hop EH must follow the Mobility EH.

Answer: B,C

Q5. You have discovered unwanted device with MAC address 001c.0f12.badd on port FastEthernet1/1 on

VLAN 4.what command or command sequence can you enter on the switch to prevent the

MAC address from passing traffic on VLAN 4? 

A)

B)

C)

D)

E)

A. Option A

B. Option B

C. Option C

D. Option D

Answer: D

Q6. Which two options are open-source SDN controllers? (Choose two)

A. OpenContrail

B. OpenDaylight

C. Big Cloud Fabric

D. Virtual Application Networks SDN Controller

E. Application Policy Infrastructure Controller

Answer: A,B

Q7. Refer to the exhibit. 

Which effect of this Cisco ASA policy map is true?

A. The Cisco ASA is unable to examine the TLS session.

B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.

C. it prevents a STARTTLS session from being established.

D. The Cisco ASA logs SMTP sessions in clear text.

Answer: B

Q8. DRAG DROP

Drag each IPsec term on the left to the definition on the right?

Answer:

Explanation: AH: Provides integrity service only for IP packets ESP: Provides integrity and encryption services for IP packets

SA: The relationship between two peers that determine which algo and keys the peers use to communicate securely

SADB: A container that stores the policy requirements for a security ass to be esta SPD: A container for the parameters of each active security asso

SPI: An identification tag that is added to the packet header of traffic intended to be tunneled

Q9. Which object table contains information about the clients know to the server in Cisco NHRP MIB

implementaion?

A. NHRP Server NHC Table

B. NHRP Client Statistics Table

C. NHRP Cache Table

D. NHRP Purge Request Table

Answer: A

Q10. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?

A. Authentication

B. Passthrough

C. Conditional Web Redirect

D. Splash Page Web Redirect

E. On MAC Filter Failure

Answer: E

Q11. Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?

A. Configure Unicast RPF Loose Mode on R2 and R3 only.

B. Configure Unicast RPF Loose Mode on R1 only.

C. Configure Unicast RPF Strict Mode on R1 only.

D. Configure Unicast RPF Strict Mode on R1,R2 and R3.

E. Configure Unicast RPF Strict Mode on R2 and R3 only.

Answer: E

Q12. Refer to the exhibit . What is the meaning of the given error message?

A. The PFS groups are mismatched.

B. The pre-shared keys are mismatched.

C. The mirrored crypto ACLs are mismatched.

D. IKE is disabled on the remote peer.

Answer: B

Q13. What are feature that can stop man-in-the-middle attacks? (Choose two)

A. ARP sniffing on specific ports

B. ARP spoofing

C. Dynamic ARP inspection

D. DHCP snooping

E. destination MAC ACLs

Answer: C,D

Q14. Which three options are methods of load-balancing data in an ASA cluster environment?(Choose three)

A. HSRP

B. spanned EtherChannel

C. distance-vector routing

D. PBR

E. floating static routes

F. ECMP

Answer: B,D,F

Q15. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?

A. The finger service

B. A BOOTp server

C. A TCP small server

D. The PAD service

Answer: C

Q16. Which two options are unicast address types for IPv6 addressing? (Choose two)

A. Established

B. Static

C. Global

D. Dynamic

E. Link-local

Answer: C,E

START 400-251 EXAM
© All pages Copyright to 2025 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com