400-251 Royal Pack Testengine pdf
100% Actual & Verified — 100% PASS
Unlimited access to the world's largest Dumps library!Download 400-251 Dumps Free
Exam Number/Code: 400-251
Exam name: CCIE Security Written Exam
n questions with full explanations
Certification: Cisco Certification
Master the 400-251 dumps content and be ready for exam day success quickly with this 400-251 dumps. We guarantee it!We make it a reality and give you real 400-251 dumps in our Cisco 400-251 braindumps. Latest 100% VALID 400-251 dumps at below page. You can use our Cisco 400-251 braindumps and pass your exam.
Free 400-251 Demo Online For Microsoft Certifitcation:
NEW QUESTION 1
Which two protocols are used by the management plane in a Cisco IOS device? (Choose two)
- A. DHCP
- B. FTP
- C. NTP
- D. CHAP
- E. IKEv2
- F. NETFLOW
- G. PAP
- H. TLS
- I. 3DES
NEW QUESTION 2
Refer to the exhibit.
crypto ikev2 keyring ccier10 peer r10
pre-shared-key local ccier10 pre-shared-key remote ccier10
rypto ikev2 profile ccier10
match identity remote address 22.214.171.124 255.255.255.255 authentication local pre-share
authentication remote pre-share keyring local ccier10
rypto ipsec profile ccier10 set ikev2-profile ccier10
ip address 192.168.9.9 255.255.255.0
ip address 172.16.2.9 255.255.255.0
tunnel source GigabitEthernet1 tunnel destination 126.96.36.199
tunnel protection ipsec profile ccier10
ip address 188.8.131.52 255.255.255.0 negotiation auto
outer eigrp 34
network 172.16.2.0 0.0.0.255
outer bgp 3
network 184.108.40.206 mask 255.255.255.0
neighbour 220.127.116.11 remote-as 345 netighbor 18.104.22.168 password cisco
R9 is running FLEXVPN with peer R10 at 22.214.171.124 using a pre-shared key "ccier10".
The IPSec tunnel is sourced from 172.16.2.0/24 network and is included in EIGRP routing process.
BGP nexthop is AS345 with address 126.96.36.199. It has been reported that FLEXVPN is down. What could be the issue?
- A. Incorrect IPSec profile configuration
- B. Incorrect tunnel network address in EIGRP routing process
- C. Incorrect tunnel source for the tunnel interface
- D. Incorrect keyring configuration
- E. Incorrect IKEv2 profile configuration
- F. Incorrect local network address in BGP routing process
NEW QUESTION 3
A hosted service provider is planning to use firewall contexts in its manage these firewalls on behalf of its customers and allow them access management purposes the lead architect of the service provider has decide interface to a single shared management zone VLAN (901) and allocate assigned range of this VLAN. Which three statements about this design.
- A. Though this design is valid, a physical interface cannot be allocated to traffic classifier restrictions, this s only possible with sub interfaces
- B. This design concept is valid and requires some modification
- C. However only allow customer management access from the data VLANs in the adequate Layer 2/ Layer 3 separation between tenants
- D. The ASA multi context traffic classifier works differently for shared into VLAN and have the same MAC address when NAT is in use, other rule use
- E. The ASA classifier works only for data interfaces and not for manager Management-only) command must be applied for this concept to work
- F. This design concept is not valid because it is not possible to allocate a due to ASA traffic classifier restrictions, this is only possible with sub
- G. Sub interfaces of the interface can be allocated only to contexts and physical interface
- H. The design for the management zone does not work unless unique
NEW QUESTION 4
Which two statements about the Cognitive Threat Analytics feature of Cisco AMP for Web Security are true? (Choose two.)
- A. It can locate and identify indicators of prior malicious activity on the network and preserve information for forensic analysis.
- B. It can identify potential data exfiltration.
- C. It uses a custom virtual appliance to perform reputation-based evaluation and blocking of incoming files.
- D. It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats.
- E. It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity.
- F. It can identify anomalous traffic within the network by comparing it to an established baseline of expected activity.
NEW QUESTION 5
Which three statements about the SHA-2 algorithm are true? (Choose three.)
- A. It provides a fixed-length output using a collision-resistant cryptographic hash.
- B. It provides a variable-length output using a collision-resistant cryptographic hash.
- C. It generates a 512-bit message digest.
- D. It generates a 160-bit message digest.
- E. It is used for integrity verification
- F. It is the collective term for the SHA-224, SHA-256, SHA-384, and SHA-512 algorithms.
NEW QUESTION 6
What are two types of attacks against wireless networks that be prevented by a WLC? (Choose two)
- A. DHCP rouge server attacks
- B. Layer 3 flooding attacks
- C. Inverse ARP attacks on specific ports
- D. IP spoofing attacks
- E. ARP sniffing attacks on specific ports
NEW QUESTION 7
You have an ISE deployment with two nodes that re configured as PAN and MnT (Primary and Secondary), and four Policy Service Nodes. How many additional PSNs can you add to this deployment?
- A. 1
- B. 3
- C. 5
- D. 4
- E. 2
NEW QUESTION 8
Which two statements about NVGRE are true? (Choose two.)
- A. It supports up to 32 million virtual segments per instance.
- B. The network switch handles the addition and removal of NVGRE encapsulation.
- C. NVGRE endpoints can reside within a virtual machine.
- D. It allows a virtual machine to retain its MAC and IP addresses when it is moved to a different hypervisor on a different L3 network.
- E. The virtual machines reside on a single virtual network regardless of their physical location.
NEW QUESTION 9
What does NX-API use as its transport?
- A. SCP
- B. FTP
- C. SSH
- D. SFTP
- E. HTTP/HTTPS
NEW QUESTION 10
Refer to the exhibit.
Which effect of this configuration is true?
- A. The minimum size of TCP SYN+AK packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes.
- B. The minimum size of TCP SYN+AK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes.
- C. The MSS of TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes.
- D. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes.
- E. SYN packets carry 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes.
NEW QUESTION 11
What are two characteristics of RPL, used in IoT environments?(Choose two)
- A. It is an Exterior Gateway Protocol
- B. It is a Interior Gateway Protocol
- C. It is a hybrid protocol
- D. It is link-state protocol
- E. It is a distance-vector protocol
NEW QUESTION 12
Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three)
- A. sysopt connection tcomss.
- B. nve-only
- C. default-mcast-group
- D. inspect vxlan
- E. set ip next-hop verity-availability
- F. segment-id
NEW QUESTION 13
Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
- A. The translation table cannot override the routing table for new connections.
- B. Routes to the NuLL0 interface cannot be configured to black-hole traffic.
- C. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors.
- D. The ASA supports policy-based routing with route maps.
NEW QUESTION 14
Refer the exhibit.
ASA at 188.8.131.52 is configured to receive IP address to SGT mapping from ISE at 184.108.40.206. Which of the following is true regarding packet capture from wireshark?
- A. SXP keepalive message using TCP originated from ISE
- B. ISE keepalive message for NDAC connection using TCP originated from ASA
- C. TACACS connection keepalive using UDP originated from ASA
- D. RADIUS connection keepalive using TCP originated from ISE
- E. NTP keepalive message using UDP originated from ISE
- F. SXP keepalive message for SXP connection using UDP originated from ASA
NEW QUESTION 15
Which two characteristics of DTLS are true? (Choose two)
- A. It is used mostly by applications that use application layer object-protocols
- B. It includes a congestion control mechanism
- C. It completes key negotiation and bulk data transfer over a single channel.
- D. It supports long data transfers and connectionless data transfers.
- E. It cannot be used if NAT exists along the path.
- F. It concludes a retransmission method because it uses an unreliable datagram transport.
NEW QUESTION 16
Which command is required for bonnet filter on Cisco ASA to function properly?
- A. dynamic-filter inspect tcp /80
- B. dynamic-filter whitelist
- C. inspect botnet
- D. inspect dns dynamic-filter-snoop
P.S. Certleader now are offering 100% pass ensure 400-251 dumps! All 400-251 exam questions have been updated with correct answers: https://www.certleader.com/400-251-dumps.html (414 New Questions)
[TRY FREE] BUY 400-251 Full version( pdf+software ):