Proper study guides for Down to date Cisco CCIE Security Written Exam certified begins with Cisco 400-251 preparation products which designed to deliver the Breathing 400-251 questions by making you pass the 400-251 test at your first time. Try the free 400-251 demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q21. Which two statements about role-based access control are true?(Choose two)
A. Server profile administrators have read and write access to all system logs by default.
B. If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.
C. A view is created on the Cisco IOS device to leverage role-based access controls.
D. Network administrators have read and write access to all system logs by default.
E. The user profile on an AAA server is configured with the roles that grant user privileges.
Answer: D,E
Q22. Which two statement about DTLS are true ? (choose two)
A. Unlike TLS,DTLS support VPN connection with ASA.
B. It is more secure that TLS.
C. When DPD is enabled DTLS connection can automatically fall back to TLS.
D. It overcomes the latency and bandwidth problem that can with SSL.
E. IT come reduce packet delays and improve application performance.
F. It support SSL VPNs without requiring an SSL tunnel.
Answer: C,D
Q23. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?
A. Authentication
B. Passthrough
C. Conditional Web Redirect
D. Splash Page Web Redirect
E. On MAC Filter Failure
Answer: E
Q24. Refer to the exhibit.
Which effect of this Cisco ASA policy map is true?
A. The Cisco ASA is unable to examine the TLS session.
B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.
C. it prevents a STARTTLS session from being established.
D. The Cisco ASA logs SMTP sessions in clear text.
Answer: B
Q25. Which three options are methods of load-balancing data in an ASA cluster environment?(Choose three)
A. HSRP
B. spanned EtherChannel
C. distance-vector routing
D. PBR
E. floating static routes
F. ECMP
Answer: B,D,F
Q26. Which three IP resources is the IANA responsible? (Choose three.)
A. IP address allocation
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q27. Refer to the exhibit. What is the effect of the given configuration?
A. It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.
B. It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to
3600 milliseconds.
C. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.
D. It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.
E. It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.
Answer: E
Q28. DRAG DROP
Drag and drop each RADIUS packet field on the left onto the matching decription on the right.
Answer:
Explanation: A-5,B-2,C-1,D-3,E-4
Q29. Which two statements about NAT-PT with IPv6 are true?(choose twp)
A. It can be configured as dynamic, static, or PAT.
B. It provides end-to-end security.
C. It supports IPv6 BVI configurations.
D. It provides support for Cisco Express Forwarding.
E. It provides ALG support for ICMP and DNS.
F. The router can be a single point of failure on the network.
Answer: A,E
Q30. Which two statements about SGT Exchange Protocol are true? (Choose two)
A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform
SGT tagging at Layer 2 to devices that support it
B. SXP runs on UDP port 64999
C. A connection is established between a “listener” and a “speaker”
D. SXP is only supported across two hops
E. SXPv2 introduces connection security via TLS
Answer: A,C
