Exam Code: 400-251 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Security Written Exam
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 400-251 Exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q51. DRAG DROP
Drag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right.
Answer:
Explanation:
A-4,B-3,C-1,D-2,E-5,F-7,G-6
Q52. Which command can you enter on the Cisco ASA to disable SSH?
A. Crypto key generate ecdsa label
B. Crypto key generate rsa usage-keys noconfirm
C. Crypto keys generate rsa general-keys modulus 768
D. Crypto keys generate ecdsa noconfirm
E. Crypto keys zeroize rsa noconfirm
Answer: E
Q53. Refer to the exhibit.
A. Modify the tunnel keys to match on the hub and spoke
B. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
C. Modify the NHRP hold times to match on the hub and spoke
D. Modify the NHRP network IDs to match on the hub and spoke
Answer: A
Q54. NWhich two statements about the ISO are true? (Choose two.
A. The ISO is a government-based organization.
B. The ISO has three membership categories: Member, Correspondent, and Subscribers.
C. Subscriber members are individual organizations.
D. Only member bodies have voting rights.
E. Correspondent bodies are small countries with their own standards organization.
Answer: B,D
Explanation: Member bodies are national bodies considered the most representative standards body in each country. These are the only members of ISO that have voting rights.
Q55. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)
A. FPM
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Answer: D,E
Q56. Refer to the exhibit.
While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?
A. The NTP continuously received the previous 8 packets.
B. The NTP process is waiting to receive its first acknowledgement.
C. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.
D. The NTP process received only the most recent packet.
Answer: C
Q57. What is the default communication port used by RSA SDI and ASA ?
A. UDP 500
B. UDP 848
C. UDP 4500
D. UDP 5500
Answer: D
Q58. Refer to the Exhibit, What is a possible reason for the given error?
A. One or more require application failed to respond.
B. The IPS engine is busy building cache files.
C. The IPS engine I waiting for a CLI session to terminate.
D. The virtual sensor is still initializing.
Answer: D
Q59. What port has IANA assigned to the GDOI protocol ?
A. UDP 4500
B. UDP 1812
C. UDP 500
D. UDP 848
Answer: D
Q60. When you are configuring QoS on the Cisco ASA appliance Which four are valid traffic selection criteria? (Choose four)
A. default-inspection-traffic
B. qos-group
C. DSCP
D. VPN group
E. tunnel group
F. IP precedence
Answer: A,C,E,F
