CCIE security written exam dumps of the
400-251 exam contain verified knowledge which helps you to understand the network security requirements.
Try it Latest DumpsSchool 400-251 Exam dumps. Buy Full File here: https://www.dumpsschool.com/400-251-exam-dumps.html (514 As Dumps)
Download the DumpsSchool 400-251 braindumps from Google Drive: https://drive.google.com/file/d/11FxbQgMHhmv_ZErOwWAvO2afPaSZOyQN/view (FREE VERSION!!!)
Question No. 1
Which statement about deploying policies with the Firepower Management Center is true?
A. Deploy tasks can be scheduled to deploy policies automatically.
B. All policies are deployed on-demand when the administration triggers them.
C. Policies are deployed automatically when the administration saves them.
D. The leaf domain can deploy change store all sub domains simultaneously.
E. The global domain can deploy changes to individual subdomains.
Question No. 2
Which statement correctly describes TAP mode deployment in IPS?
A. Access rules configured in TAP mode generates events when triggered as well as perform defined
B. TAP mode is available when ports are configured as passive iterfaces
C. Access rules configured in TAP mode do not generate events
D. TAP mode implementation requires SPAN configuration on a switch
E. TAP mode is available when IPS is deployed inline
F. In TAP mode traffic flow gets disturbed for analysis
Question No. 3
Which three statements about WCCP are true? (Choose three.)
A. The minimum WCCP-Fast Timers messages interval is 500 ms
B. Is a specific capability is missing from the Capabilities Info component, the router is assumed to support
C. If the packet return method is missing from a packet return method advertisement, the web cache uses
D. The router must receive a valid receive ID before it negotiates capabilities
E. The assignment method supports GRE encapsulation for sending traffic
F. The web cache transmits its capabilities as soon as it receives a receive ID from router
A, C, E Answer:
Question No. 4
Which two options are benefits of network summarization? (Choose two.)
A. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.
B. It can increase the convergence of the network.
C. It can summarize discontiguous IP addresses.
D. It can easily be added to existing networks.
E. It reduces the number of routes.
A, E Answer:
Question No. 5
Policy Sets in ISE are used to:
A. To keep RADIUS and TACACS+ policies separate from each other
B. Create different Authentication and Authorization policies for distinct use cases
C. To create exception rules
D. Create different Authorization Policies for a single authentication policy
E. Create different authentication policies for different use cases while using a single authorization policy
Question No. 6
What are the four possible options for authorization condition Network Access EAPChainingResult? (Choose four.)
A. User succeeded and machine failed
B. User and NAD both failed
C. User and machine both succeeded
D. User failed and machine succeeded
E. User succeeded and NAD failed
F. User and machine both failed
G. User failed NAD succeeded
H. User and NAD both succeeded
A, C, D, F Answer:
Question No. 7
Which two statements about the TTL value in an IPv4 header are true? (Choose two)
A. It is a 4-bit value.
B. It can be used for traceroute operations.
C. When it reaches 0, the router sends an ICMP Type 11 message to the originator.
D. Its maximum value is 128.
E. It is a 16-bit value.
B, C Answer:
Question No. 8
While troubleshooting access to site WWW.Cisco.com, you notice the following_logs line in Cisco Web Security Appliance (WSA).
Which of the following statements is true regarding this request?
A. WSA used upstream proxy defined
B. WSA allowed traffic from client 10.42.42.42 to https://www caedomain.com
C. The HTTP response size was 80037B
D. The Request is matching custom URL category
Question No. 9
ISE is configured to use MsCHAPv2 inner method for PEAP authentication of users. What set of credentials needs to be exchanged between ISE and the client for successful establishment of the PEAP tunnel and subsequence authentication?
A. Identity certificate from ISE and Username and Password of the user from the client
B. Identity certificate from ISE, Machine identity certificate from the client and username and Password of the user
C. Username and Password from ISE and the client
D. Identity Certificate from ISE and user identity certificate from the client
Question No. 10
Which statement describes a pure SDN framework environment?
A. The control plane and data plane is pulled from the networking element and put in a SDN controller and SDN agent
B. The control plane function is split between a SDN controller and the networking element
C. The data plane is pulled from the networking element and put in a SDN controller
D. The data plane is controlled by a centralized SDN element
E. The control plane is pulled from the networking element and put in a SDN controller
Question No. 11
Which two statements about MAB are true? (Choose two)
A. It requires the administrator to create and maintain an accurate database of MAC addresses.
B. It server at the primary authentication mechanism when deployed in conjunction with 802.1x.
C. It operates at Layer 2 and Layer 3 of the OSI protocol stack.
D. It can be used to authenticate network devices and users.
E. MAC addresses stored in the MAB database can be spoofed.
F. It is a strong authentication method.
A, E Answer:
Question No. 12
What are the major components of a Firepower health monitor alert?
A. The severity level, one or more alert responses, and a remediation policy.
B. A health monitor, one or more alert responses, and a remediation policy.
C. One of more health modules, the severity level, and an alert response.
D. One of more health modules, one or more alert responses, and one or more alert actions.
E. One health modules and one or more alert responses.
Question No. 13
Which two options are benefits of the Cisco ASA Identity Firewall? (Choose two.)
A. It can identify threats quickly based on their URLs.
B. It can operate completely independently of their services.
C. It can apply security policies on an individual user or user-group basis.
D. It decouples security policies from the network topology.
E. It supports an AD server module to verify identity data.
C, D Answer:
Question No. 14
Which statement about securing TLS connections on the ESA is true?
A. The preconfigured demonstration certificate installed on the ESA can establish a secure, verify able the connection.
B. it you apply a certificate to an ESA in cluster mode, it is a automatically propagated to the other ESAs cluster.
C. Self-signed certificates and CA certificates can provide a verifiable connection The ESA supports certificates in PKCS#7 and PKCS#12 format
D. Certificates that are imported to secure TLS connections can also be used by other services on the including LDAPS and HTTPS
E. The ESA encrypts all message with a certificate before sending them over TL5 connnection.
F. After a certification is applied to an ESA Cluster using centralized management, new devices added to automatically adopt the existing certificate.
Question No. 15
From the list below, which one is the major benefit of AMP Threat GRID?
A. AMP Threat Gird learns ONLY form data you pass on your network and not form anything else to
B. AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one
C. AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral
D. AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with viruses.
400-251 Dumps Google Drive: (Limited Version!!!)
Related Certification: CCIE Security dumps