400-251 | Cisco 400-251 Pdf 2020

Want to know Actualtests 400-251 Exam practice test features? Want to lear more about Cisco CCIE Security Written Exam certification experience? Study Best Quality Cisco 400-251 answers to Leading 400-251 questions at Actualtests. Gat a success with an absolute guarantee to pass Cisco 400-251 (CCIE Security Written Exam) test on your first attempt.

Check 400-251 free dumps before getting the full version:


Which two statements about internal detectors in the Cisco Firepower System are true? (Choose two)

  • A. They are built in to the Firepower system and delivered automatically with firepower updates
  • B. They can be activated manually or configured to activate automatically under specific conditions
  • C. They can be modified for use as custom detectors
  • D. They can detect client and application traffic
  • E. They can detect only web-based application activity in FTTP traffic.
  • F. They can be deactivated manually or by VDB updates

Answer: AE


A university has hired you as a consultant to advise them on the starvation attacks in the campus. They have already implemented DH control the situation but those do not fully contain the issue. Which the issue? (Choose two.)

  • A. Use the ip dhcp snooping limit rate command on Trusted and Unsuitable values that are relevant to each interface respectively.
  • B. Use the ip dhcp snooping verify mac-address command to ensure the DHCP request matches the clifent hardware address (CHADDR) set
  • C. Use the ip dhcp snooping limit rate command only to ensure that request matches the client identifier (CUD) field sent to the DHCP
  • D. Use the ip dhcp snooping limit rate command on trusted and unit value.

Answer: BC


Which LDAP query is used by ESA to authenticate users logging into an appliance?

  • A. chain queries
  • B. spam quarantine end-user authentication
  • C. group queries
  • D. acceptance query
  • E. spam quarantine alias consolidation
  • F. external authentication
  • G. SMTP authentication
  • H. certificate authentication

Answer: F


Which three statements are correct regarding EAP-Chaining? (Choose three)

  • A. Allows user and machine authentication with one RADIUS/EAP session
  • B. EAP-Chaining is enabled on AnyConnect NAM authomatically when EAP-FAST user and machine authentication is enabled
  • C. EAP-FAST’s PAC provisioning phase is responsible to establish SSH tunnel between supplicant and ISE to perform EAP-Chaining
  • D. EAP-Chaining is enabled on NAM automatically when EAP-TLS user and machine authentication is enabled
  • E. EAP-Chaining can only use EAP-FAST and requires the use of AnyConnect NAM
  • F. EAP-Chaining is supported on the Windows 802.1x supplicant
  • G. EAP-Fast does not allow to bind multiple authentications and this limitation is used for manual authentication in EAP-Chaining

Answer: ABE


In which three configurations can SSL VPN be implemented? (Choose three)

  • A. CHAP
  • B. WebVPN
  • C. thin-client .
  • D. L2TP over IPsec
  • E. PVC tunnel mode
  • F. interactive mode
  • G. Cisco AnyConnect tunnel mode
  • H. clientless

Answer: CGH


Which statement is true regarding the wireless security technologies?

  • A. WPA2 is more secure than WPA because it uses TKIP for encryption
  • B. WPA provides message integrity using AES
  • C. WPA2-PSK mode allows passphrase to store locally on thedevice
  • D. WEP is more secure than WPA2 because it uses AES forencryption
  • E. WPA-ENT mode does not require RADIUS forauthentication
  • F. WPÁ2-PSKmodeprovidesbettersecuritybyhavingsamepassphraseacrossthenetwork

Answer: B


Which description of SaaS is true?

  • A. a service offering on-demand licensed applications for end users
  • B. a service offering that allowing developers to build their own applications
  • C. a service offering on-demand software downloads
  • D. a service offering a software environment in which applications can be build and deployed.

Answer: A


You have an ISE deployment with two nodes that re configured as PAN and MnT (Primary and Secondary), and four Policy Service Nodes. How many additional PSNs can you add to this deployment?

  • A. 1
  • B. 3
  • C. 5
  • D. 4
  • E. 2

Answer: B


Which protocol does ISE use to secure a connection through the Cisco IronPort tunne infrastructure?

  • A. HTTP
  • B. IKEv2
  • C. TLS
  • D. SSH
  • E. SNMP
  • F. IKEv1

Answer: D


Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three)

  • A. DTLS can fall back to TLS without enabling dead peer detection.
  • B. By default, the VPN connection connects with DTLS.
  • C. Rea-time application performance improves if DTLS is implemented
  • D. Cisco AnyConnect connections use IKEv2 by default when it is configure as the primary protocol on the client.
  • E. By default, the ASA uses the Cisco AnyConnect Essentials license.
  • F. The ASA will verify the remote HTTPS certificate.

Answer: CDE


Which statement is true regarding securing connection using MACsec?

  • A. It secures connection between two supplicant clients
  • B. Switch uses session keys to calculate decrypted packet ICV value for the frame integrity check
  • C. Switch configured for MACSec can only accept MACSec frames from the MACSec client
  • D. It is implemented after a successful MAB authentication of supplicant
  • E. It provides network layer encryption on a wireless network
  • F. ISAKMP protocol is used to manage MACSec encryption keys

Answer: B


Refer to the exhibit.
400-251 dumps exhibit
Which meaning of this error message on a Cisco ASA is true?

  • A. The route map redistribution is configured incorrectly.
  • B. The default route is undefined.
  • C. packed was denied and dropped by an ACL.
  • D. The host is connected directly to the firewall.

Answer: B


How would you best describe Jenkins?

  • A. An orchestration tool
  • B. Continuous integration and delivery application
  • C. Operations in a client/server model
  • D. Web-based repository hosting service
  • E. A REST client

Answer: B


Refer to the exhibit.
400-251 dumps exhibit
Which level of encryption is set by this configurations?

  • A. 1024-bit
  • B. 192-bit
  • C. 56-bit
  • D. 168-bit

Answer: D


For which of the four portals is the SAML Single Sign-On on ISE supported? (Choose four)

  • A. Wireless Client portal
  • B. Certificate Provisioning portal
  • C. Guest portal (sponsored and self-registered)
  • D. My Devices portal
  • E. Employee portal
  • F. Sponsor portal
  • G. Contractor portal
  • H. BYOD portal

Answer: BCDF


What does NX-API use as its transport?

  • A. SCP
  • B. FTP
  • C. SSH
  • D. SFTP

Answer: E


Which type of header attack is detected by Cisco ASA basic threat detection?

  • A. denial by access list
  • B. bad packet format
  • C. failed application inspection
  • D. connection limit exceeded

Answer: B


Which two statements about uRPF are true? (Choose two)

  • A. The administrator can configure the allow-default command to force the routing table to use only the default route
  • B. In strict mode, only one routing path can be available to reach network devices on a subnet
  • C. The administrator can use the show cef interface command to determine whether uRPF is enabled
  • D. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work through HSRP routing groups
  • E. It is not supported on the Cisco ASA security appliance

Answer: BC

Reverse Path Forwarding


Which three loT attack areas as defined by Client.?

  • A. Ecosystem access control
  • B. Local device vector injection
  • C. Remote data storage tempering
  • D. Local data storage
  • E. Middleware exploitation
  • F. Device physical interfaces
  • G. Vendor frontend API enumeration

Answer: ADF


Refer to the exhibit.
400-251 dumps exhibit
What are two effects of the given configuration? (Choose two.)

  • A. FTP clients will be able to determine the server's system type.
  • B. The connection will remain open if the size of the STOR command is greater than a fixed constant.
  • C. TCP connections will be completed only to TCP ports from 1 to 1024.
  • D. The client must always send the PASV reply.
  • E. The connection will remain open if the PASV reply command includes 5 commas.

Answer: AE


Whic statement about Dynamic ARP inspection is true?

  • A. It is supported only in DHCP environments to detect invalid ARP requests and response
  • B. It requires that DHCP snooping be enabled to build valid binding databas
  • C. It validates ARP requests and responses on untrusted ports using MAC address table
  • D. It validates ARP requests and responses on trusted ports using IP-to-MAC address binding
  • E. It forwards invalid ARP responses and requests on switch untrusted ports
  • F. It drops invalid ARP responses and requests on the switch trusted ports

Answer: B


Refer to the exhibit
400-251 dumps exhibit
Refer to the exhibit Customer has opened a case with Cisco TAC reporting issue that client connect to the network using guest account. Looking at the configuration of the switch, w possible issue?

  • A. MAB should be disabled on the authentication port
  • B. Dynamic authorization configuration has incorrect RADIUS server
  • C. issue with the DHCP pool configuration
  • D. Dot1x is disabled on the authentication port
  • E. AAA network authorization incorrectly configured
  • F. CTS is incorrectly configured
  • G. Issue with redirect ACL "cwa_edirecrt"

Answer: G


Which three flow protocols can tie SealthWatch System use lo monitor potential security threats? (Choose two)

  • A. OpenFlow
  • B. Ntop
  • C. IPFIX
  • D. NetFlow
  • E. sFlow
  • F. Jflow

Answer: CDE


Which three statements about RLDP are true? (Choose three.)

  • A. It detects rogue access points that are connected to the wired network.
  • B. It can detect rogue APs that use WPA encryption.
  • C. It can detect rogue APs operating only on 5 GHz.
  • D. It can detect rogue APs that use WEP encryption.
  • E. The AP is unable to serve clients while the RLDP process is active.
  • F. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network.

Answer: AEF

Rogue Location Discovery Protocol (RLDP)


What are three pieces of data you should review in response to a supported SSL MITM attack? (Choose three.)

  • A. the MAC address of the SSL server
  • B. the MAC address of the attacker
  • C. the IP address of the SSL server
  • D. the X.509 certificate of the attacker
  • E. the X.509 certificate of the SSL server
  • F. the DNS name of the SSL server

Answer: CEF


Drag each component of an Adaptive Wireless IPS deployment on the left to the matching description on the right
400-251 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

1-F, 2-E, 3-B, 4-G, 5-D, 6-C, 7-A


Which two options are normal functionalities for ICMP? (Choose two)

  • A. host detection
  • B. packet filtering
  • C. relaying traffic statistics to applications
  • D. path MTU discovery
  • E. port scanning
  • F. router discovery

Answer: AD


Which statement about VRF-Lite implementation in a service provider network is true?

  • A. It disables the sharing of one CE device among multiple customers.
  • B. It can have multiple VRF instances associated with a single interface on a CE device.
  • C. It requires multiple links between CE and PE for each VPN connection to enable privacy.
  • D. It supports multiple VPNs at a CE device but their address spaces must not overlap.
  • E. It uses input interfaces to differentiate routes for different VPNs on the CE device.
  • F. It can support only one VRF instance per CE device.

Answer: E


P.S. Certstest now are offering 100% pass ensure 400-251 dumps! All 400-251 exam questions have been updated with correct answers: https://www.certstest.com/dumps/400-251/ (448 New Questions)