aiotestking uk

400-251 Exam Questions - Online Test


400-251 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. What is the first step in performing a risk assessment?

A. Identifying critical services and network vulnerabilities and determining the potential impact of their compromise

or failure.

B. Investigating reports of data theft or security breaches and assigning responsibility.

C. Terminating any employee believed to be responsible for compromising security.

D. Evaluating the effectiveness and appropriateness of the organization’s current risk- management activities.

E. Establishing a security team to perform forensic examinations of previous known attacks.

Answer: A

Q2. Which object table contains information about the clients know to the server in Cisco NHRP MIB

implementaion?

A. NHRP Server NHC Table

B. NHRP Client Statistics Table

C. NHRP Cache Table

D. NHRP Purge Request Table

Answer: A

Q3. when you configure an ASA with RADIUS authentication and authorization, which attribute is used to differentiate user roles?

A. login-ip-host

B. cisco-priv-level

C. service-type

D. termination-action

E. tunnel-type

Answer: C

Q4. Which two statements about the DES algorithm are true? (Choose two)

A. The DES algorithm is based on asymmetric cryptography.

B. The DES algorithm is a stream cipher.

C. The DES algorithm is based on symmetric cryptography.

D. The DES algorithm encrypts a block of 128 bits.

E. The DES algorithm uses a 56-bit key.

Answer: C,E

Q5. Which three statements about the keying methods used by MAC Sec are true (Choose Three)

A. MKA is implemented as an EAPoL packet exchange

B. SAP is enabled by default for Cisco TrustSec in manual configuration mode.

C. SAP is supported on SPAN destination ports

D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA

E. SAP is not supported on switch SVIs .

F. A valid mode for SAP is NULL

Answer: A,B,F

Q6. You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch’s port mode to trunk?

A. device-traffic-class=switch

B. device-traffic-class=trunk

C. framed-protocol=1

D. EAP-message-switch

E. Authenticate=Administrative

F. Acct-Authentic=radius

Answer: A

Q7. Refer to the exhibit. 

If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true?(Choose two)

A. The device will close each connection after 90 seconds even if a connection is actively processing a request.

B. Connections will close after 60 seconds without activity or 90 seconds with activity.

C. Connections will close after 60 seconds or as soon as the first request is processed.

D. When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds.

E. Connections will close after 60 seconds without activity or as soon as the first request is processed.

Answer: C,E

Q8. Which two statement about router Advertisement message are true? (Choose two)

A. Local link prefixes are shared automatically.

B. Each prefix included in the advertisement carries lifetime information f Or that prefix.

C. Massage are sent to the miscast address FF02::1

D. It support a configurable number of retransmission attempts for neighbor solicitation massage.

E. Flag setting are shared in the massage and retransmitted on the link.

F. Router solicitation massage are sent in response to router advertisement massage

Answer: A,F

Q9. Which two statement about PVLAN port types are true? (Choose two)

A. A community port can send traffic to community port in other communities on its broadcast domain.

B. An isolated port can send and receive traffic only to and from promiscuous ports.

C. An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.

D. A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.

E. A community port can send traffic to promiscuous port in other communities on its broadcast domain.

F. A Promiscuous port can send traffic to all ports within a broadcast domain.

Answer: B,F

Q10. Which command sets the Key-length for the IPv6 send protocol?

A. IPv6 nd ns-interval

B. Ipv6 ndra-interval

C. IPv6 nd prefix

D. IPv6 nd inspection

E. IPv6 nd secured

Answer: E