All About 400-251 test preparation Nov 2021

Proper study guides for Down to date Cisco CCIE Security Written Exam certified begins with Cisco 400-251 preparation products which designed to deliver the Virtual 400-251 questions by making you pass the 400-251 test at your first time. Try the free 400-251 demo right now.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/400-251-exam-dumps.html

Q41. You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

(A) You need two customer contexts, named contextA and contextB

(B) Allocate interfaces G0/0 and G0/1 to contextA

(C) Allocate interfaces G0/0 and G0/2 to contextB

(D) The physical interface name for G0/1 within contextA should be "inside".

(E) All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

A. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

B. context contexta

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextb

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

C. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisible

D. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2

E. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible

Answer: A


Q42. Which three statement about VRF-Aware Cisco Firewall are true? (Choose three)

A. It can run as more than one instance.

B. It supports both global and per-VRF commands and DoS parameters.

C. It can support VPN networks with overlapping address ranges without NAT.

D. It enables service providers to implement firewalls on PE devices.

E. It can generate syslog massages that are visible only to individual VPNs.

F. It enables service providers to deploy firewalls on customer devices.

Answer: A,D,E


Q43. Which three statements about RLDP are true? (Choose three)

A. It can detect rogue Aps that use WPA encryption

B. It detects rogue access points that are connected to the wired network

C. The AP is unable to serve clients while the RLDP process is active

D. It can detect rogue APs operating only on 5 GHz

E. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network

F. It can detect rogue APs that use WEP encryption

Answer: A,B,D


Q44. Which two options are unicast address types for IPv6 addressing? (Choose two)

A. Established

B. Static

C. Global

D. Dynamic

E. Link-local

Answer: C,E


Q45. IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)

A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.

B. Ikev2 perform TCP intercept on all secure connections

C. IKEv2 only allows symmetric keys for peer authentication

D. IKEv2 interoperates with IKEv1 to increase security in IKEv1

E. IKEv2 only allows certificates for peer authentication

F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie

Answer: A,F


Q46. What feature enables extended secure access from non-secure physical location?

A. Port security

B. Strom control

C. NEAT

D. CBAC

E. 802 1x pot-based authentication

Answer: C


Q47. Which two statements about SOX are true? (Choose two.)

A. SOX is an IEFT compliance procedure for computer systems security.

B. SOX is a US law.

C. SOX is an IEEE compliance procedure for IT management to produce audit reports.

D. SOX is a private organization that provides best practices for financial institution computer systems.

E. Section 404 of SOX is related to IT compliance.

Answer: B,E


Q48. In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?

A. On MAC Filter Failure

B. Pass through

C. Splash Page Web Redirect

D. Conditional Web Redirect

E. Authentication

Answer: A


Q49. Refer to the exhibit. 

Which two effect of this configuration are true ? (Choose two)

A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.

B. The Cisco ASA use the cisco directory as the starting point for the user search.

C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.

D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.

E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.

F. The admin user is authenticated against the members of the security.cisco.com group.

Answer: C,F


Q50. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

A. Network translation mode

B. Single-context routed mode

C. Multiple-context mode

D. Transparent mode

Answer: B