Cisco 400-251 Free Practice Questions

Q1. Which two options are differences between automation and orchestration? (Choose two)

A. Automation is to be used to replace human intervention

B. Automation is focused on automating a single or multiple tasks

C. Orchestration is focused on an end-to-end process or workflow

D. Orchestration is focused on multiple technologies to be integrated together

E. Automation is an IT workflow composed of tasks, and Orchestration is a technical task

View Answer

Q2. Which two statements about the SHA-1 algorithm are true? (Choose two)

A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.

B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.

C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.

D. The purpose of the SHA-1 algorithm is to provide data confidentiality.

E. The purpose of the SHA-1 algorithm is to provide data authenticity.

View Answer

Q3. Refer to the exhibit. 

A. Modify the tunnel keys to match on the hub and spoke

B. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

C. Modify the NHRP hold times to match on the hub and spoke

D. Modify the NHRP network IDs to match on the hub and spoke

View Answer

Q4. DRAG DROP

Drag each OSPF security feature on the left to its description on the right.

View Answer

Q5. Which two statement about MSDP ate true? (Choose three)

A. It can connect to PIM-SM and PIM-DM domains

B. It announces multicast sources from a group

C. The DR sends source data to the rendezvous point only at the time the source becomes active

D. It can connect only to PIM-DM domains

E. It registers multicast sources with the rendezvous point of a domain

F. It allows domains to discover multicast sources in the same or different domains.

View Answer

Q6. Which two statement about MLD version 2 on the ASA are true ? (Choose two)

A. It allows the ASA to function as a multicast router.

B. It enables the ASA to discover multicast address listeners on attached and remote links.

C. It discover other multicast address listeners by listening to multicast listener reports.

D. It enables the ASA to discover multicast address listeners to attached links only.

E. It sends multicast listener reports in response to multicast listener quires.

View Answer

Q7. Which two statements about NAT-PT with IPv6 are true?(choose twp)

A. It can be configured as dynamic, static, or PAT.

B. It provides end-to-end security.

C. It supports IPv6 BVI configurations.

D. It provides support for Cisco Express Forwarding.

E. It provides ALG support for ICMP and DNS.

F. The router can be a single point of failure on the network.

View Answer

Q8. NWhich two statements about the ISO are true? (Choose two.

A. The ISO is a government-based organization.

B. The ISO has three membership categories: Member, Correspondent, and Subscribers.

C. Subscriber members are individual organizations.

D. Only member bodies have voting rights.

E. Correspondent bodies are small countries with their own standards organization.

View Answer

Q9. You want to enable users in your company’s branch offices to deploy their own access points using WAN link from the central office, but you are unable to a deploy a controller in the branch offices. What lightweight access point wireless mode should you choose?

A. TLS mode

B. H-REAP mode

C. Monitor mode

D. REAP mode

E. Local mode

View Answer

Q10. Refer to the Exhibit, What is a possible reason for the given error?

A. One or more require application failed to respond.

B. The IPS engine is busy building cache files.

C. The IPS engine I waiting for a CLI session to terminate.

D. The virtual sensor is still initializing.

View Answer

Q11. Which two OSPF network types support the concept of a designated router? (Choose two.)

A. broadcast

B. NBMA

C. point-to-multipoint

D. point-to-multipoint nonbroadcast

E. loopback

View Answer

Q12. DRAG DROP

Drag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the Right?

View Answer

Q13. Which three statements are true regarding Security Group Tags? (Choose three.)

A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.

B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.

C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.

D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and

WebAuth methods of authentication.

E. A Security Group Tag is a variable length string that is returned as an authorization result.

View Answer

Q14. What are the three response types for SCEP enrollment requests? (Choose three.)

A. PKCS#7

B. Reject

C. Pending

D. PKCS#10

E. Success

F. Renewal

View Answer

Q15. Which two network protocols can operate on the Application Layer?(Choose two)

A. DNS

B. UDP

C. TCP

D. NetBIOS

E. DCCP

F. SMB

View Answer

Q16. DRAG DROP

Drag each EAP variant in the 802.1x framework to the matching statement on the right?

View Answer