Cisco 400-251
Get real exam questions for 400-251 CCIE Security Written Exam. 100% Free.
400-251 Premium VCE File
Learn More
100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours
Q1. What are two protocols that HTTP can use to secure sessions? (Choose two)A. HTTPSB. AESC. TLSD. AHE. SSLView AnswerAnswer: A,EQ2. Which command sequence can you enter to enable IP multicast for WCCPv2?A. Router(config)#ip wccp web-cache service-list Router(config)#interface FastEthernet0/0Router(config)#ip wccp web-cache group-listenB. Router(config)#ip wccp web-cache group-list Router(conf
Q1. Which three fields are part of the AH header? (Choose three)A. Destination addressB. Protocol IDC. Packet ICVD. SPI identifying SAE. Next headerF. Application portG. Source addressView AnswerAnswer: C,D,EQ2. CCMP (CCM mode Protocol) is based on which algorithm?A. 3DESB. BlowfishC. RC5D. AESE. IDEAView AnswerAnswer: DQ3. What are feature that can stop man-in-the-middle attacks? (Choose two
Q1. Event Store is a component of which IPS application?A. SensorAppB. InterfaceAppC. MainAppD. NotificationAppE. AuthenticationAppView AnswerAnswer: CQ2. Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)A. confidentiality and integrity of customer records and credit card informationB. accountability in the event of corporate fraudC. fina
Q1. You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?A. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel i
Q1. Which Statement about remote procedure calls is true?A. They support synchronous and asynchronous requests.B. They can emulate different hardware specifications on a single platform.C. They support optimized data replication among multiple machines.D. They use a special assembly instruction set to process remote code without conflicting with other remote processes.E. They can be invoked by th
Q1. What is the first step in performing a risk assessment?A. Identifying critical services and network vulnerabilities and determining the potential impact of their compromiseor failure.B. Investigating reports of data theft or security breaches and assigning responsibility.C. Terminating any employee believed to be responsible for compromising security.D. Evaluating the effectiveness and approp
Q1. What protocol is responsible for issuing certificates?A. SCEPB. DTLSC. ESPD. AHE. GETView AnswerAnswer: AQ2. Which two statements about LEAP are true? (Choose two)A. It is compatible with the PAP and MS-CHAP protocolsB. It is an ideal protocol for campus networksC. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted
Q1. Which two network protocols can operate on the Application Layer?(Choose two)A. DNSB. UDPC. TCPD. NetBIOSE. DCCPF. SMBView AnswerAnswer: A,FQ2. What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?A. merge rule toolB
Q1. What are two characteristics of RPL, used in loT environments? (Choose two)A. It is an Exterior Gateway ProtocolB. It is a Interior Gateway ProtocolC. It is a hybrid protocolD. It is link-state protocolE. It is a distance-vector protocolView AnswerAnswer: B,EQ2. What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)A. IMAPB. RDPC. MM
Q1. In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?A. On MAC Filter FailureB. Pass throughC. Splash Page Web RedirectD. Conditional Web RedirectE. AuthenticationView AnswerAnswer: AQ2. All of these Cisco security products provide event correlation capabilities excepts which one?A.
Q1. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.D. It disables PMTUD
Q1. According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)A. Router Renumbering(Type 138)B. Node Information Query(Type 139)C. Router Solicitation(Type 133)D. Node information Response(TypeE. Router Advertisement(Type 134)F. Neighbor Solicitaion(Type 135)View AnswerAnswer: A,B,DQ2. What is the name of the unique tool/feature in cisco security m
Q1. Which option describes the purpose of the RADIUS VAP-ID attribute?A. It specifies the ACL ID to be matched against the clientB. It specifies the WLAN ID of the wireless LAN to which the client belongsC. It sets the minimum bandwidth for the connectionD. It sets the maximum bandwidth for the connectionE. It specifies the priority of the clientF. It identifies the VLAN interface to which the cl
Q1. Which two statements about the MD5 Hash are true? (Choose two.)A. Length of the hash value varies with the length of the message that is being hashed.B. Every unique message has a unique hash value.C. Its mathematically possible to find a pair of message that yield the same hash value.D. MD5 always yields a different value for the same message if repeatedly hashed.E. The hash value cannot be
Q1. Which two statements about global ACLs are true? (Choose two)A. They support an implicit denyB. They are applied globally instead of being replicated on each interfaceC. They override individual interface access rulesD. They require an explicit denyE. They can filer different packet types than extended ACLsF. They require class-map configurationView AnswerAnswer: A,BQ2. Which two options ar
Q1. What are two protocols that HTTP can use to secure sessions? (Choose two)A. HTTPSB. AESC. TLSD. AHE. SSLView AnswerAnswer: A,EQ2. Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?A. eBGP peering will fail because ASA is transit lacks BGP support.B. eBGP peering will be successful.C. eBG
Q1. Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)A. It provides backward compability with legacy IPv6 inspectionB. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.E. It passes TCP, UDP,ICMP and FTP
Q1. Refer the exhibit. Which of the following is the correct output of the above executed command? A)B)C)D)A. Option AB. Option BC. Option CD. Option DView AnswerAnswer: CQ2. You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the h
Q1. DRAG DROPDrag each step in the configuration of flexiblenetflow IPv6 traffic Unicast flows on the left into the Correct order of operation on the right?View AnswerAnswer: Explanation:Step 1: Configure the flow exporterStep 2: configure flow record Step 3: configure flow monitor Step 4: Apply flow monitor Step 5: Configure data export.Q2. Which two statement about MSDP ate true? (Choose three
Q1. Which two statements describe the Cisco TrustSec system correctly? (Choose two.)A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.C. The Cisco TrustSec system is an Advanced Network Access