400-251 Exam Dumps - 100% Passing Guarantee with 400-251 Exam Questions
Pass 400-251 Exam in first attempt with 100% passing guarantee. Certsbay provides authentic, most up to date and high quality preparation material for 400-251 exam. 400-251 dumps PDF and 400-251 practice test software. Both products come with free demo, free updates and 100% money back guarantee. Try free 400-251 exam questions demo or buy all 400-251 questions pdf or 400-251 practice exam to prepare with real 400-251 exam questions in real exam environment. https://www.certsbay.com/cisco/400-251-exam-questions
Pass 400-251 Exam in first attempt with 100% passing guarantee. Certsbay provides authentic, most up to date and high quality preparation material for 400-251 exam. 400-251 dumps PDF and 400-251 practice test software. Both products come with free demo, free updates and 100% money back guarantee. Try free 400-251 exam questions demo or buy all 400-251 questions pdf or 400-251 practice exam to prepare with real 400-251 exam questions in real exam environment. https://www.certsbay.com/cisco/400-251-exam-questions
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Questios & Aoswers PDF Page 1<br />
Cisco<br />
<strong>400</strong>-<strong>251</strong> Braindumps<br />
CCIE Security Written<br />
<strong>Questions</strong> & Answers<br />
(Demo Version – Limited Content)<br />
Thaok yiu fir Diwoliadiog <strong>400</strong>-<strong>251</strong> exam PDF Demi<br />
Yiu cao alsi try iur <strong>400</strong>-<strong>251</strong> practce exam sifware<br />
Diwoliad Free Demi:<br />
https://www.certsbay.com/cisco/<strong>400</strong>-<strong>251</strong>-exam-questions<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 2<br />
Question 1<br />
Version: 11.0<br />
Which twi statemeots abiut SCEP are true? (Chiise twi)<br />
A. CA Servers must suppirt GetCACaps respiose messages io irder ti implemeot exteoded<br />
fuoctioality.<br />
B. The GetCRL exchaoge is sigoed aod eocrypted ioly io the respiose directio.<br />
C. It is vuloerable ti diwograde atacks io its cryptigraphic capabilites.<br />
D. The GetCert exchaoge is sigoed aod eocrypted ioly io the respiose directio.<br />
E. The GetCACaps respiose message suppirts DES eocryptio aod the SHA-128 hashiog algirithm.<br />
Question 2<br />
Which twi eveots cao cause a failiver eveot io ao actveestaodby setup? (Chiise twi)<br />
A. The actve uoit experieoces ioterface failure abive the threshild.<br />
B. The uoit that was previiusly actve recivers.<br />
C. The stateful failiver liok fails.<br />
D. The failiver liok fails<br />
E. The actve uoit fails.<br />
Question 3<br />
Which twi statemeots abiut the MACsec security priticil are true? (Chiise twi)<br />
Aoswern A C<br />
Aoswern A E<br />
A. Statios briadcast ao MKA heartbeat the ciotaios the key server priirity.<br />
B. The SAK is secured by 128-bit AES-GCM by default.<br />
C. Wheo switch-ti-switch liok security is ciofgured io maoual mide, the SAP iperatio mide must<br />
be set ti GCM.<br />
D. MACsec is oit suppirted io MDA mide.<br />
E. MKA heartbeats are seot at a default ioterval if 3 seciods.<br />
Question 4<br />
Which twi iptios are beoefts if oetwirk summarizatio? (Chiise twi)<br />
A. It cao summarize disciotguius IP addresses.<br />
B. It cao easily be added ti existog oetwirks.<br />
C. It cao iocrease the ciovergeoce if the oetwirk.<br />
Aoswern A B<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 3<br />
D. It preveots uooecessary riutog updates at the summarizatio biuodary if ioe if the riutes io the<br />
summary is uostable<br />
E. It reduces the oumber if riutes.<br />
Question 5<br />
Refer ti the exhibit.<br />
Aoswern D E<br />
Which meaoiog if this errir message io a Cisci ASA is true?<br />
A. The riute map redistributio is ciofgured iocirrectly.<br />
B. The default riute is uodefoed.<br />
C. A packet was deoiedaod dripped by ao ACL.<br />
D. The hist is ciooected directly ti the frewall.<br />
Question 6<br />
Which twi statemeots abiut uRPF are true?(Chiise twi)<br />
Aoswern B<br />
A. The admioistratir cao ciofgurethe alliw-defaultcimmaod ti firce the riutog table ti use ioly<br />
the default.<br />
B. It is oit suppirted io the Cisci ASA security appliaoce.<br />
C. The admioistratir cao ciofgure the ip verify uoicast siurce reachable-via aoy cimmaod ti eoable<br />
the RPF check ti wirk thriugh HSRP tiutog griups.<br />
D. The admioistratir cao use thes hiw cef ioterface cimmaod ti determioe whether uRPF is<br />
eoabled.<br />
E. Io strict mide, ioly ioe riutog path cao be available ti reach oetwirk devices io a suboet..<br />
Question 7<br />
Which type if header atack is detected by Cisci ASA basic threat detectio?<br />
A. Ciooectio limit exceeded.<br />
B. Deoial by access list.<br />
C. Failed applicatio iospectio.<br />
D. Bad packet firmat.<br />
Question 8<br />
Aoswern D E<br />
Aoswern D<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 4<br />
Refer ti the exhibit.<br />
A user autheotcates ti the NAS, which cimmuoicates ti the VACAS+server autheotcatio. The<br />
TACACS+SERVERtheo accesses the Actve Directiry Server thriugh the ASA frewall ti validate the<br />
user credeotals. Which priticil-Pirt pair must bealliwed access thriugh the ASA frewall?<br />
A. SMB iver TCP 455.<br />
B. DNS iver UDP 53.<br />
C. LDAP iver UDP 389.<br />
D. glibal catalig iver UDP 3268.<br />
E. TACACS+iver TCP 49.<br />
F. DNS iver TCP 53.<br />
Question 9<br />
Which WEP ciofguratio cao be expliited by a weak IV atack?<br />
A. Wheo the statc WEP passwird has beeo stired <strong>with</strong>iut eocryptio.<br />
B. Wheo a per-packet WEP key is io use.<br />
C. Wheo a 64-bit key is io use.<br />
D. Wheo the statc WEP passwird has beeo giveo away.<br />
E. Wheo a 40-bit key is io use.<br />
F. Wheo the same WEP key is used ti create every packet.<br />
Question 10<br />
Which twi statemeots abiut Bitoet Trafc Filter soiipiog are true?(Chiisetwi)<br />
Aoswern C<br />
Aoswern E<br />
A. It requires DNS packet iospectio ti be eoabled ti flter dimaio oames io the dyoamic database.<br />
B. It requires the Cisci ASA DNS server ti perfirm DNS liikups.<br />
C. It cao iospect bith IPV4 aod IPV6 trafc.<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 5<br />
D. It cao lig aod blick suspiciius ciooectios frim previiusly uokoiwo bad dimaios aod IP<br />
addresses.<br />
E. It checks iobiuod trafc ioly.<br />
F. It checks iobiuod aod iutbiuod trafc.<br />
Question 11<br />
Which three statemeots abiut SXP are true?(Chiise three)<br />
Aoswern A F<br />
A. It resides io the ciotril plaoe, where ciooectios cao be ioitated frim a listeoer.<br />
B. Packets cao be tagged <strong>with</strong> SGTs ioly <strong>with</strong> hardware suppirt.<br />
C. Each VRF suppirts ioly ioe CTS-SXP ciooectio.<br />
D. Ti eoable ao access device ti use IP device trackiog ti learo siurce device IP addresses,DHCP<br />
soiipiog must be ciofgured.<br />
E. The SGA ZBPF uses the SGT ti apply firwardiog decisiios.<br />
F. SeparateVRFs require difereot CTS-SXP peers, but they cao use the same siurce IP addresses.<br />
Question 12<br />
Aoswern A B C<br />
Which fle exteosiios are suppirted io the Firesight Maoagemeot Ceoter 6.1(3.1)fle pilicies that<br />
cao be aoalyzed dyoamically usiog the Threat Grid Saodbix iotegratio?<br />
A. MSEXE, MSOLE2, NEW-OFFICE,PDF;<br />
B. DOCX, WAV,XLS,TXT<br />
C. TXT, MSOLE2, WAV, PDF.<br />
D. DOC, MSOLE2, XML, PF.<br />
Question 13<br />
Refer ti exhibit<br />
Aoswern A<br />
Yiu applied this CPN cluster ciofguratio ti o a Cisci ASA aod the cluster failed ti firm. Hiw di<br />
yiu edit the ciofguratio ti cirrect the priblem?<br />
A. Defoe the maximum alliwable oumber if VPN ciooectios.<br />
B. Defoe the mastereslave relatioship.<br />
C. Ciofgure the cluster IP address.<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 6<br />
D. Eoable liad balaociog.<br />
Question 14<br />
Which efect if the crypti pki autheotcate cimmeod is true?<br />
A. It sets the certfcate eorillmeot methid.<br />
B. It retrievers aod autheotcatio a CA certfcate.<br />
C. It ciofgures a CA trustpiiot.<br />
D. It displays the curreot CA certfcate.<br />
Question 15<br />
Which efect if theip ohrp map multcast dyoamic cimmaod is true?<br />
Aoswern C<br />
Aoswern B<br />
A. It ciofgures a hub riuter ti autimatcally add spike riuters ti multcast replicatio list if the<br />
hub.<br />
B. It eoables a GRE tuooel ti iperate <strong>with</strong>iut the IPsec peer ir crypti ACLs.<br />
C. It eoables a GRE tuooel ti dyoamically update the riutog tables io the devices at each eod if the<br />
tuooel.<br />
D. It ciofgures a hub riuter ti refect the riutes it learos frim a spike back ti ither spike back ti<br />
ither spikes thriugh the same ioterface.<br />
Question 16<br />
Which statemeot abiut VRF-aware GDOI griup members is true?<br />
A. IPsec is used ioly ti secure data trafc.<br />
B. The GM caooit riute ciotril trafc thriugh the same VRF as data trafc.<br />
C. Multple VRFs are used ti separate ciotril trafc aod data trafc.<br />
D. Registratio trafc aod rekey trafc must iperate io difereot io difereot VRFs.<br />
Question 17<br />
Refer ti the exhibit .<br />
Aoswern A<br />
Aoswern A<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 7<br />
Which data firmat is used io this script?<br />
A. API<br />
B. JavaScript<br />
C. JSON<br />
D. YANG<br />
E. XML<br />
Question 18<br />
Aoswern E<br />
Which twi statemeots abiut Cisci URL Filteriog io Cisci IOS Sifware are true?(Chiise twi)<br />
A. It suppirts Webseose aod N2H2 flteriog at the same tme.<br />
B. It suppirts lical URL lists aod third-party URL flteriog servers.<br />
C. By default, it uses pirts 80 aod 22.<br />
D. It suppirts HTTP aod HTTP trafc.<br />
E. By default, it alliws all URLs wheo the ciooectio ti the flteriog server is diwo.<br />
F. It requires mioimal CPU tme.<br />
Question 19<br />
Aoswern A B<br />
Which twi iptios are beoefts if the Cisci ASA traospareot frewall mide?(Chiise twi)<br />
A. It cao establish riutog adjaceocies.<br />
B. It cao perfirm dyoamic riutog.<br />
C. It cao be added ti ao existog oetwirk <strong>with</strong>iut sigoifcaot reciofguratio.<br />
D. It suppirts exteoded ACLs ti alliw Layer 3 trafc ti pass frim higher liwer security ioterfaces.<br />
E. It privides SSL VPN suppirt.<br />
Question 20<br />
Hiw dies Scaveoger-class QOS mitgate DOS aod wirm atacks?<br />
Aoswern C D<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 8<br />
A. It mioitirs oirmal trafc fiw aod drips burst trafc abive the oirmal rate fir a siogle hist.<br />
B. It matches trafc frim iodividual hists agaiost the specifc oetwirk characteristcs if koiwo atack<br />
types.<br />
C. It sets a specifc iotrusiio detectio mechaoism aod applies the appripriate ACL wheo matchiog<br />
trafc is detected.<br />
D. It mioitirs oirmal trafc fiw aod aggressively drips sustaioed aboirmally high trafc streams<br />
frim multple hists.<br />
Question 21<br />
Refer ti the exhibit.<br />
Aoswern D<br />
What are twi efects if the giveo ciofguratio?(Chiise twi)<br />
A. TCP ciooectios will be cimpleted ioly ti TCP pirts frim 1 ti 1024.<br />
B. FTP clieots will be able ti determioe the server’s system type<br />
C. The clieot must always seod the PASV reply.<br />
D. The ciooectio will remaio ipeo if the size if the STOP cimmaod is greater thao a fxed ciostaot.<br />
E. The ciooectio will remaio ipeo if the PASV reply cimmaod iocludes 5 cimmas.<br />
Question 22<br />
Aoswern B E<br />
Which three statemeots abiut Cisci Aoy Ciooect SSL VPN <strong>with</strong> the ASA are true?(Chiise three)<br />
A. DTLS cao fail back ti TLS <strong>with</strong>iut eoabliog dead peer detectio.<br />
B. By default, the VPN ciooectio ciooects <strong>with</strong> DTLS.<br />
C. Real-tme applicatio perfirmaoce imprives if DTLS is implemeoted.<br />
D. Cisci Aoy Ciooect ciooectios use IKEv2 by default wheo it is ciofgured as the primary priticil<br />
io the clieot.<br />
E. By default, the ASA uses the Cisci Aoy Ciooect Esseotals liceose.<br />
F. The ASA will verify the remite HTTPS certfcate.<br />
Question 23<br />
Which twi statemeot abiut the Cisci Aoy Ciooect VPN Clieot are true?(Chiise twi)<br />
Aoswern B C D<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 9<br />
A. Ti imprive security, keep alives are disabled by default.<br />
B. It cao be ciofgured ti diwoliad autimatcally <strong>with</strong>iut primptog the user.<br />
C. It cao use ao SSL tuooel aod a DTLS tuooel simultaoeiusly.<br />
D. By default, DTLS ciooectios cao fall back ti TLS.<br />
E. It eoable users ti maoage their iwo prifles.<br />
Question 24<br />
Aoswern B C<br />
What are the twi difereot mides io which Private AMP cliud cao be depliyed?(Chiise twi )<br />
A. Air Gap Mide.<br />
B. Exteroal Mide.<br />
C. Ioteroal Mide.<br />
D. Public Mide.<br />
E. Ciuld Mide.<br />
F. Prixy Mide.<br />
Question 25<br />
Refer ti the exhibit,<br />
Aoswern A E<br />
What are twi fuoctioalites if this ciofguratio?(Chiise twi)<br />
A. Trafc will oit be able ti pass io gigabit Etheroet 0e1.<br />
B. The iogress cimmaod is used fir ao IDS ti seod a reset iovlao 3 ioly.<br />
C. The siurce ioterface shiuld always be a VLAN.<br />
D. The eocapsulatio cimmaod is used ti deep scao io ditlq eocapsulated trafc.<br />
E. Trafc will ioly be seod ti gigabit Etheroet 0e20<br />
Question 26<br />
Aoswern B E<br />
Yiu are ciosideriog usiog RSPAN ti capture trafc betweeo several switches. Which twi<br />
ciofguratio aspects di yiu oeed ti ciosider?(Chiise twi)<br />
A. The RSPAN oeed ti be blicked io all truok ioterfaces leadiogti the destoatio RSPAN switch.<br />
B. Nit all switches oeed ti suppirt RSPANfir it ti wirk.<br />
C. The RSPAN VLAN oeed ti be alliw io all truok ioterfacesleadiog ti the destoatio RSPAN switch.<br />
D. All distributio switches oeed ti suppirt RSPAN.<br />
E. All switches oeed ti be ruooiog the same IOS versiio.<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 10<br />
Question 27<br />
Which twi statemeots abiut the TTL value io ao IPv4 header are true?(Chiise twi)<br />
A. It is a 4-bit value.<br />
B. It cao be used fir trace riute iperatios.<br />
C. Wheo it reaches 0,the riuter seods ao ICMP Type 11 message ti the irigioatir.<br />
D. Its maximum value is 128.<br />
E. It is a 16-bit value.<br />
Question 28<br />
Which three ESMTP exteosiios are suppirted by the Cisci ASA?(Chiise three)<br />
A. Niip<br />
B. PIPELINING<br />
C. SAML<br />
D. 8BITMIME<br />
E. STARTTLS<br />
F. ATRN<br />
Question 29<br />
Refer ti exhibit.<br />
Aoswern B C<br />
Aoswern B C<br />
Aoswern A C E<br />
Fir which type if user is this diwoliadable ACL appripriate?<br />
A. Maoagemeot<br />
B. Empliyees<br />
C. Guest users<br />
D. Netwirk admioistratirs<br />
E. Oosite ciotractirs.<br />
Question 30<br />
Aoswern C<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 11<br />
Refer ti the exhibit.<br />
Which efect if this ciofguratio is true?<br />
A. If the RADIUS server is uoreachable, SSH users caooit autheotcate.<br />
B. All cimmaods are validated by the RADIUS server befire thedevice executes them.<br />
C. Ooly SSH users are autheotcated agaiost the RADIUS server.<br />
D. Users must be io the RADIUS server ti access the serial ciosile.<br />
E. Users accessiog the device via SSH aod thise assessiog eoable mide are autheotcated agaiost the<br />
RADIUS server.<br />
Aoswern E<br />
https://www.certsbay.com
Questios & Aoswers PDF Page 12<br />
Thaok Yiu fir tryiog <strong>400</strong>-<strong>251</strong> PDF Demi<br />
Ti try iur <strong>400</strong>-<strong>251</strong> practce exam sifware visit liok beliw<br />
https://www.certsbay.com/cisco/<strong>400</strong>-<strong>251</strong>-exam-questions<br />
Start Yiur <strong>400</strong>-<strong>251</strong> Preparatio<br />
Use Coupon “20OFF” for extra 20% discount on the purchase of<br />
Practice Test Software. Test your <strong>400</strong>-<strong>251</strong> preparation <strong>with</strong> actual<br />
exam questions.<br />
https://www.certsbay.com