Cisco 400-251 CCIE Security Written Exam
2020 Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
Q1. In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?A. On MAC Filter FailureB. Pass throughC. Splash Page Web RedirectD. Conditional Web RedirectE. AuthenticationView AnswerAnswer: AQ2. Which statement regarding the routing functions of the Cisco ASA is true running software versio
Q1. Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)A. confidentiality and integrity of customer records and credit card informationB. accountability in the event of corporate fraudC. financial information handled by entities such as banks, and mortgage and insurance brokersD. assurance of the accuracy of financial recordsE. US Federal gov
Q1. Which two statement about MSDP ate true? (Choose three)A. It can connect to PIM-SM and PIM-DM domainsB. It announces multicast sources from a groupC. The DR sends source data to the rendezvous point only at the time the source becomes activeD. It can connect only to PIM-DM domainsE. It registers multicast sources with the rendezvous point of a domainF. It allows domains to discover multicast
Q1. Which two statements about the SHA-1 algorithm are true? (Choose two)A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.D. The purpose of the SHA-1 alg
Q1. Which protocol does VNC use for remote access to a GUI?A. RTPSB. RARPC. E6D. SSHE. RFBView AnswerAnswer: DQ2. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?A. Allow only POST requests.B. Mark all cookies as HTTP only.C. Use per-session challenge tokens in links within your web application.D. Always use the "secure" attribute for cookies.
Q1. Refer to the exhibit. Which effect of this configuration is true?A. It enables MLD query messages for all link-local groups.B. It configures the node to generate a link-local group report when it joins the solicited- node multicast group.C. It enables hosts to send MLD report messages for groups 22.214.171.124/24.D. it enables local group membership for MLDv1 and MLDv2.E. It enables the host to se
Q1. Which two statements about IPsec in a NAT-enabled environment are true? (Choose two)A. The hashes of each peer’s IP address and port number are compared to determine whether NAT-T is requiredB. NAT-T is not supported when IPsec Phase 1 is set to Aggressive ModeC. The first two messages of IPsec Phase 2 are used to determine whether the remote host supportsNAT-TD. NAT-T is not supported when
Q1. Which three statements about Unicast RPF in strict mode and loose mode are true? (choose three)A. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.B. Strict mode requires a default route to be associated with the uplink network interface.C. Both loose and strict modes are configured globally on the router.D. Loose mode requires the source address to be prese
Q1. Which two options are unicast address types for IPv6 addressing? (Choose two)A. EstablishedB. StaticC. GlobalD. DynamicE. Link-localView AnswerAnswer: C,EQ2. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any anyinterface FastEthernet0/0ipv6 traffic
Q1. What is the maximum pattern length supported by FPM searches within a packet ?A. 256 bytes B. 1500 bytesC. 512 bytesD. 128 bytesView AnswerAnswer: AQ2. Which two OSPF network types support the concept of a designated router? (Choose two.)A. broadcastB. NBMAC. point-to-multipointD. point-to-multipoint nonbroadcastE. loopbackView AnswerAnswer: A,BQ3. DRAG DROPDrag and drop the description
Q1. DRAG DROPDrag and drop each syslog facility code on the left onto its description on the right.View AnswerAnswer: Explanation:A:1,B2,C:3,D:4,E:5,F:6Q2. Which three statement about VRF-Aware Cisco Firewall are true? (Choose three)A. It can run as more than one instance.B. It supports both global and per-VRF commands and DoS parameters.C. It can support VPN networks with overlapping address ra