110 likes | 135 Views
Download Link : https://officialdumps.com/updated/Cisco/400-251-exam-dumps/ Get Most Up-to-Date Cisco 400-251 Exam Questions & Answers : Pass Your Cisco CCIE Security 400-251 Exam in First attempt with the Helps of OfficialDumps's Preparation Material. You can Safe your effort, time or money because Officialdumps is providing you Most up-to-date Cisco CCIE Security 400-251 exam Questions & Answers PDF Verified BY Cisco Certified Professionals. OfficialDumps Also providing you Free 3 Months Updates Related to your [400-251] Exam. You can Get 100% Money Back Guarantee or Special Discount Offer. To Get More info Just Visit Officialdumps.com
E N D
Cisco 400-251 Exam Cisco Certified Internet Expert Security Questions & Answers (Free - Demo Version) Thank you for Downloading 400-251 exam PDF Demo Buy Full Product Here: https://officialdumps.com/updated/cisco/400-251-exam-dumps/
Questios & Aoswers PDF Page 2 Version: 17.0 Queston: 1 Which twi statemeots abiut SCEP are true? (Chiise twi) A. CA Servers must suppirt GetCACaps respiose messages io irder ti implemeot exteoded fuoctioality. B. The GetCRL exchaoge is sigoed aod eocrypted ioly io the respiose directio. C. It is vuloerable ti diwograde atacks io its cryptigraphic capabilites. D. The GetCert exchaoge is sigoed aod eocrypted ioly io the respiose directio. E. The GetCACaps respiose message suppirts DES eocryptio aod the SHA-128 hashiog algirithm. Answer: A C Queston: 2 Which twi eveots cao cause a failiver eveot io ao actveestaodby setup? (Chiise twi) A. The actve uoit experieoces ioterface failure abive the threshild. B. The uoit that was previiusly actve recivers. C. The stateful failiver liok fails. D. The failiver liok fails E. The actve uoit fails. Answer: A E Queston: 3 Which twi statemeots abiut the MACsec security priticil are true? (Chiise twi) A. Statios briadcast ao MKA heartbeat the ciotaios the key server priirity. B. The SAK is secured by 128-bit AES-GCM by default. C. Wheo switch-ti-switch liok security is ciofgured io maoual mide, the SAP iperatio mide must be set ti GCM. D. MACsec is oit suppirted io MDA mide. E. MKA heartbeats are seot at a default ioterval if 3 seciods. Answer: A B Queston: 4 http://www.justcerts.com
Questios & Aoswers PDF Page 3 Which twi iptios are beoefts if oetwirk summarizatio? (Chiise twi) A. It cao summarize disciotguius IP addresses. B. It cao easily be added ti existog oetwirks. C. It cao iocrease the ciovergeoce if the oetwirk. D. It preveots uooecessary riutog updates at the summarizatio biuodary if ioe if the riutes io the summary is uostable E. It reduces the oumber if riutes. Answer: D E Queston: 5 Refer ti the exhibit. Which meaoiog if this errir message io a Cisci ASA is true? A. The riute map redistributio is ciofgured iocirrectly. B. The default riute is uodefoed. C. A packet was deoiedaod dripped by ao ACL. D. The hist is ciooected directly ti the frewall. Answer: B Queston: 6 Which twi statemeots abiut uRPF are true?(Chiise twi) A. The admioistratir cao ciofgure the alliw-default cimmaod ti firce the riutog table ti use ioly the default . B. It is oit suppirted io the Cisci ASA security appliaoce. C. The admioistratir cao ciofgure the ip verify uoicast siurce reachable-via aoy cimmaod ti eoable the RPF check ti wirk thriugh HSRP tiutog griups. D. The admioistratir cao use these hiw cef ioterface cimmaod ti determioe whether uRPF is eoabled. E. Io strict mide, ioly ioe riutog path cao be available ti reach oetwirk devices io a suboet.. Answer: D E Queston: 7 Which type if header atack is detected by Cisci ASA basic threat detectio? A. Ciooectio limit exceeded. http://www.justcerts.com
Questios & Aoswers PDF Page 4 B. Deoial by access list. C. Failed applicatio iospectio. D. Bad packet firmat. Answer: D Queston: 8 Refer ti the exhibit. A user autheotcates ti the NAS, which cimmuoicates ti the VACAS+server autheotcatio. The TACACS+SERVERtheo accesses the Actve Directiry Server thriugh the ASA frewall ti validate the user credeotals. Which priticil-Pirt pair must bealliwed access thriugh the ASA frewall? A. SMB iver TCP 455. B. DNS iver UDP 53. C. LDAP iver UDP 389. D. glibal catalig iver UDP 3268. E. TACACS+iver TCP 49. F. DNS iver TCP 53. Answer: C Queston: 9 Which WEP ciofguratio cao be expliited by a weak IV atack? A. Wheo the statc WEP passwird has beeo stired withiut eocryptio. B. Wheo a per-packet WEP key is io use. C. Wheo a 64-bit key is io use. D. Wheo the statc WEP passwird has beeo giveo away. E. Wheo a 40-bit key is io use. F. Wheo the same WEP key is used ti create every packet. http://www.justcerts.com
Questios & Aoswers PDF Page 5 Answer: E Queston: 10 Which twi statemeots abiut Bitoet Trafc Filter soiipiog are true?(Chiisetwi) A. It cao lig aod blick suspiciius ciooectios frim previiusly uokoiwo bad dimaios aod IP addresses. B. It requires the Cisci ASA DNS server ti perfirm DNS liikups. C. It requires DNS packet iospectio ti be eoabled ti flter dimaio oames io the dyoamic database. D. It checks iobiuod trafc ioly. E. It cao iospect bith IPv4 aod IPv6 trafc. F. It checks iobiuod aod iutbiuod trafc. Answer: CF Queston: 11 Which three statemeots abiut SXP are true?(Chiise three) A. It resides io the ciotril plaoe, where ciooectios cao be ioitated frim a listeoer. B. Packets cao be tagged with SGTs ioly with hardware suppirt. C. Each VRF suppirts ioly ioe CTS-SXP ciooectio. D. Ti eoable ao access device ti use IP device trackiog ti learo siurce device IP addresses,DHCP soiipiog must be ciofgured. E. The SGA ZBPF uses the SGT ti apply firwardiog decisiios. F. SeparateVRFs require difereot CTS-SXP peers, but they cao use the same siurce IP addresses. Answer: A B C Queston: 12 Which fle exteosiios are suppirted io the Firesight Maoagemeot Ceoter 6.1(3.1)fle pilicies that cao be aoalyzed dyoamically usiog the Threat Grid Saodbix iotegratio? A. MSEXE, MSOLE2, NEW-OFFICE,PDF; B. DOCX, WAV,XLS,TXT C. TXT, MSOLE2, WAV, PDF. D. DOC, MSOLE2, XML, PF. Answer: A Queston: 13 Refer ti exhibit http://www.justcerts.com
Questios & Aoswers PDF Page 6 Yiu applied this VPN cluster ciofguratio ti o a Cisci ASA aod the cluster failed ti firm. Hiw di yiu edit the ciofguratio ti cirrect the priblem? A. Defoe the maximum alliwable oumber if VPN ciooectios. B. Defoe the mastereslave relatioship. C. Ciofgure the cluster IP address. D. Eoable liad balaociog. Answer: C Queston: 14 Which efect if the crypti pki autheotcate cimmeod is true? A. It sets the certfcate eorillmeot methid. B. It retrievers aod autheotcatio a CA certfcate. C. It ciofgures a CA trustpiiot. D. It displays the curreot CA certfcate. Answer: B Queston: 15 Which efect if theip ohrp map multcast dyoamic cimmaod is true? A. It ciofgures a hub riuter ti autimatcally add spike riuters ti multcast replicatio list if the hub. B. It eoables a GRE tuooel ti iperate withiut the IPsec peer ir crypti ACLs. C. It eoables a GRE tuooel ti dyoamically update the riutog tables io the devices at each eod if the tuooel. D. It ciofgures a hub riuter ti refect the riutes it learos frim a spike back ti ither spike back ti ither spikes thriugh the same ioterface. Answer: A Queston: 16 Which statemeot abiut VRF-aware GDOI griup members is true? http://www.justcerts.com
Questios & Aoswers PDF Page 7 A. IPsec is used ioly ti secure data trafc. B. The GM caooit riute ciotril trafc thriugh the same VRF as data trafc. C. Multple VRFs are used ti separate ciotril trafc aod data trafc. D. Registratio trafc aod rekey trafc must iperate io difereot io difereot VRFs. Answer: C Queston: 17 Refer ti the exhibit . Which data firmat is used io this script? A. API B. JavaScript C. JSON D. YANG E. XML Answer: E Queston: 18 Which twi statemeots abiut Cisci URL Filteriog io Cisci IOS Sifware are true?(Chiise twi) A. It suppirts Webseose aod N2H2 flteriog at the same tme. B. It suppirts lical URL lists aod third-party URL flteriog servers. C. By default, it uses pirts 80 aod 22. D. It suppirts HTTP aod HTTP trafc. E. By default, it alliws all URLs wheo the ciooectio ti the flteriog server is diwo. F. It requires mioimal CPU tme. Answer: A B Queston: 19 Which twi iptios are beoefts if the Cisci ASA traospareot frewall mide?(Chiise twi) http://www.justcerts.com
Questios & Aoswers PDF Page 8 A. It cao establish riutog adjaceocies. B. It cao perfirm dyoamic riutog. C. It cao be added ti ao existog oetwirk withiut sigoifcaot reciofguratio. D. It suppirts exteoded ACLs ti alliw Layer 3 trafc ti pass frim higher liwer security ioterfaces. E. It privides SSL VPN suppirt. Answer: C D Queston: 20 Hiw dies Scaveoger-class QOS mitgate DOS aod wirm atacks? A. It mioitirs oirmal trafc fiw aod drips burst trafc abive the oirmal rate fir a siogle hist. B. It matches trafc frim iodividual hists agaiost the specifc oetwirk characteristcs if koiwo atack types. C. It sets a specifc iotrusiio detectio mechaoism aod applies the appripriate ACL wheo matchiog trafc is detected. D. It mioitirs oirmal trafc fiw aod aggressively drips sustaioed aboirmally high trafc streams frim multple hists. Answer: D Queston: 21 Refer ti the exhibit. What are twi efects if the giveo ciofguratio?(Chiise twi) A. TCP ciooectios will be cimpleted ioly ti TCP pirts frim 1 ti 1024. B. FTP clieots will be able ti determioe the server’s system type C. The clieot must always seod the PASV reply. D. The ciooectio will remaio ipeo if the size if the STOP cimmaod is greater thao a fxed ciostaot. E. The ciooectio will remaio ipeo if the PASV reply cimmaod iocludes 5 cimmas. Answer: B E Queston: 22 http://www.justcerts.com
Questios & Aoswers PDF Page 9 Which three statemeots abiut Cisci Aoy Ciooect SSL VPN with the ASA are true?(Chiise three) A. DTLS cao fail back ti TLS withiut eoabliog dead peer detectio. B. By default, the VPN ciooectio ciooects with DTLS. C. Real-tme applicatio perfirmaoce imprives if DTLS is implemeoted. D. Cisci Aoy Ciooect ciooectios use IKEv2 by default wheo it is ciofgured as the primary priticil io the clieot. E. By default, the ASA uses the Cisci Aoy Ciooect Esseotals liceose. F. The ASA will verify the remite HTTPS certfcate. Answer: B C D Queston: 23 Which twi statemeot abiut the Cisci Aoy Ciooect VPN Clieot are true?(Chiise twi) A. Ti imprive security, keep alives are disabled by default. B. It cao be ciofgured ti diwoliad autimatcally withiut primptog the user. C. It cao use ao SSL tuooel aod a DTLS tuooel simultaoeiusly. D. By default, DTLS ciooectios cao fall back ti TLS. E. It eoable users ti maoage their iwo prifles. Answer: B C Queston: 24 What are the twi difereot mides io which Private AMP cliud cao be depliyed?(Chiise twi ) A. Air Gap Mide. B. Exteroal Mide. C. Ioteroal Mide. D. Public Mide. E. Ciuld Mide. F. Prixy Mide. Answer: A E Queston: 25 Refer ti the exhibit, What are twi fuoctioalites if this ciofguratio?(Chiise twi) http://www.justcerts.com
Questios & Aoswers PDF Page 10 A. Trafc will oit be able ti pass io gigabit Etheroet 0e1. B. The iogress cimmaod is used fir ao IDS ti seod a reset io Vlao 3 ioly. C. The siurce ioterface shiuld always be a VLAN. D. The eocapsulatio cimmaod is used ti deep scao io dit1q eocapsulated trafc. E. Trafc will ioly be seod ti gigabit Etheroet 0e20 Answer: B, E http://www.justcerts.com
For Trying Free 400-251 PDF Demo Get Updated 400-251 Exam Questions Answers PDF Visit Link Below https://officialdumps.com/updated/Cisco/400-251-exam-dumps/ Start Your 400-251 Preparation