Download Cisco.braindumps.400-251.2018-05-23.1e.107q.vcex

Exam CCIE Security Written Exam v5.1
Number 400-251
File Name Cisco.braindumps.400-251.2018-05-23.1e.107q.vcex
Size 1.89 Mb
Posted July 06, 2018


How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%

Demo Questions

Question 1

Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)

  • A: Configuration commands in the router are authorized without checking the TACACS+ server.
  • B: When a user logs in to privilege EXEC mode, the router will track all user activity.
  • C: Requests to establish a reverse AUX connection to the router will be authorized against the TACACS+ server.
  • D: When a user attempts to authenticate on the device, the TACACS+ server will be prompt the user to enter the username stored in the router’s database.
  • E: If a user attempts to log in as a level 15 user, the local database will be used for authentication and TACACS+ server will be used for authorization.
  • F: It configures the router’s local database as the backup authentication method for all TTY, console, and aux logins.
Question 2

Which two options are benefits of the Cisco ASA Identity Firewall? (Choose two.)

  • A: It can identify threats quickly based on their URLs.
  • B: It can operate completely independently of other services.
  • C: It supports an AD server module to verify identity data.
  • D: It decouples security from the network topology.
  • E: It can apply security policies on an individual user or user-group basis.
Question 3

Switch-A (config)# cgmp leave-processing 
Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)

  • A: It allows the switch to detect IGMPv2leave group messages.
  • B: It optimizes the use of network bandwidth on the LAN segment.
  • C: IGMPv2 leave group messages are stored in the switch CAM table for faster processing.
  • D: Hosts send leave group messages to the Solicited-Node Address multicast address FF02::1:FF00:0000/104.
  • E: It improves the processing time of CGMP leave messages.
  • F: Hosts send leave group messages to the all-router multicast address when they want to stop receiving data for that group.
Question 4

Which two statements about the TTL value in an IPv4 header are true? (Choose two.)

  • A: It is a 4-bit value.
  • B: Its maximum value is 128.
  • C: It is a 16-bit value.
  • D: It can be used for traceroute operations.
  • E: When it reaches 0, the router sends an ICMP Type 11 message to the originator.
Question 5

Refer to the exhibit. Which effect of this configuration is true?

  • A: Any VPN user with a session timeout of 24 hours can access the device.
  • B: Users attempting to access the console port are authenticated against the TACACS+ server.
  • C: If TACACS+authentication fails, the ASA uses cisco123 as its default password.
  • D: The device tries to reach the server every 24 hours and falls back to the LOCAL database if it fails.
  • E: The servers in the TACACS+ group are reactivated every 1440 seconds.
Question 6

Which of the following is AMP Endpoints office engine for windows?

  • A: ClamAV
  • B: ClamAMP
  • C: TETRA
Question 7

Which two characteristics of DTLS are true? (Choose two.)

  • A: It includes a retransmission method because it uses an unreliable datagram transport.
  • B: It cannot be used if NAT exists along the path.
  • C: It completes key negotiation and bulk data transfer over a single channel.
  • D: It includes a congestion control mechanism.
  • E: It supports long data transfers and connectionless data transfers.
  • F: It is used mostly by applications that use application layer object-security protocols.
Question 8

A new computer is not getting its IPv6 address assigned by the router. While running WireShark to try to troubleshoot the problem, you find a lot of data that is not helpful to nail down the problem. 
What two filters would you apply to WireShark to filter the data that you are looking for? (Choose two.)

  • A: icmpv6.type = =136
  • B: icmpv6.type = =135
  • C: icmpv5type = =135
  • D: icmpv6type = =136
  • E: icmpv6type = =135
Question 9

Which two options are benefits of network summarization? (Choose two.)

  • A: It can summarize discontiguous IP addresses.
  • B: It can easily be added to existing networks.
  • C: It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.
  • D: It reduces the number of routes.
  • E: It can increase the convergence of the network.
Question 10

Which statement about VRF-aware GDOI group members is true?

  • A: IPsec is used only to secure data traffic.
  • B: Registration traffic and rekey traffic must operate on different VRFs.
  • C: Multiple VRFs are used to separate control traffic and data traffic.
  • D: The GM cannot route control traffic through the same VRF as data traffic.