Updated Cisco 400-251 exam questions and 400-251 braindumps from Dumpslabs.com. Pass the CCIE Security 400-251 exam with our 400-251 VCE dumps. Start 400-251 Exam Now.
2024 Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
https://www.certleader.com/400-251-dumps.html
Q1. DRAG DROPDrag and drop the desktop-security terms from the left onto their right definitions on the right?View AnswerAnswer: Explanation:governance = directing and controlling information and communications technology penetration testing = using hacking techniques to attempt to bypass existing security phishing = attempting to elict information from users by sending targeted emailsSSO = allow
Q1. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)A. Destination Unreachable-protocol UnreachableB. Destination Unreachable-port UnreachableC. Time Exceeded-Time to Live exceeded in TransitD. Redirect-Redirect Datagram for the HostE. Time Exceeded-Fragment Reassembly Time ExceededF. Redirect-Redirect Datagram for the Type of servi
Q1. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?A. The finger serviceB. A BOOTp serverC. A TCP small serverD. The PAD serviceView AnswerAnswer: CQ2. Which of the following statement is true about the ARP attack?A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.B. Attackers
Q1. Which two statements about the SHA-1 algorithm are true? (Choose two)A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.D. The purpose of the SHA-1 alg
Q1. Which two statements about LEAP are true? (Choose two)A. It is compatible with the PAP and MS-CHAP protocolsB. It is an ideal protocol for campus networksC. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keysD. It is an open standard based on IETF and IEEE standardsE. It is compatible with the RADI
Q1. DRAG DROPDrag and drop each syslog facility code on the left onto its description on the right.View AnswerAnswer: Explanation:A:1,B2,C:3,D:4,E:5,F:6Q2. Which two statements about CoPP are true? (Choose two)A. When a deny rule in an access list is used for MQC is matched, classification continues on the next classB. It allows all traffic to be rate limited and discardedC. Access lists that ar
Q1. What protocol is responsible for issuing certificates?A. SCEPB. DTLSC. ESPD. AHE. GETView AnswerAnswer: AQ2. Which two options are open-source SDN controllers? (Choose two)A. OpenContrailB. OpenDaylightC. Big Cloud FabricD. Virtual Application Networks SDN ControllerE. Application Policy Infrastructure ControllerView AnswerAnswer: A,BQ3. How does a wireless association flood attack create
Q1. IANA is responsible for which three IP resources? (Choose three.)A. IP address allocationB. Detection of spoofed addressC. Criminal prosecution of hackersD. Autonomous system number allocationE. Root zone management in DNSF. BGP protocol vulnerabilitiesView AnswerAnswer: A,D,EQ2. DRAG DROPDrag and drop the description on the left on to the associated item on the right.View AnswerAnswer: Exp
Q1. Refer to the exhibit Which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?A. _65509.?$ B. _65503$ C. ^65503.* D. ^65503$E. _65503_F. 65503View AnswerAnswer: CQ2. When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(C
Q1. A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?A. LDPB. VXLANC. VRFD. Extended VLAN rangesView AnswerAnswer: BQ2. In a Cisco ASA multiple
Q1. Which three statements about the Cisco IPS sensor are true? (Choose three.)A. You cannot pair a VLAN with itself.B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN canbe a member of an inline VLAN pair on more than one se
Q1. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)A. It is an inbound policy.B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.E. It will allow 202.165.200.225 to co
Q1. Which command can you enter on the Cisco ASA to disable SSH?A. Crypto key generate ecdsa labelB. Crypto key generate rsa usage-keys noconfirmC. Crypto keys generate rsa general-keys modulus 768D. Crypto keys generate ecdsa noconfirmE. Crypto keys zeroize rsa noconfirmView AnswerAnswer: EQ2. What command specifies the peer from which MSDP SA message are accepted?A. IP msdpsa-filter in <pe