Exam Code: 400-251
Exam Name: CCIE Security Written
Real Questions Answers of Cisco 400-251
Pass Your Cisco 400-251 Certification
Exam With 3 Easy Steps
Prepare Exam
Practice Exam
Pass Exam
http://www.testmayor.com/400-251-test.html
http://www.testmayor.com/400-251-test.html
QUESTION 1
What is the effect of the following command on Cisco IOS router?
ip dns spoofing 1.1.1.1
A. The router will respond to the DNS query with its highest loopback address
configured
B. The router will respond to the DNS query with 1.1.1.1 if the query id for its
own hostname
C. The router will respond to the DNS query with the IP address of its incoming
interface for any hostname query
D. The router will respond to the DNS query with the IP address of its incoming
interface for its own hostname
Answer: D
http://www.testmayor.com/400-251-test.html
QUESTION 2
Which two options are unicast address types for IPv6 addressing?
(Choose two)
A. Established
B. Static
C. Global
D. Dynamic
E. Link-local
Answer: CE
http://www.testmayor.com/400-251-test.html
QUESTION 3
From the list below, which one is the major benefit of AMP Threat GRID?
A. AMP Threat Grid collects file information from customer servers and run
tests on them to see if they are infected with viruses
B. AMP Threat Grid learns ONLY from data you pass on your network and not
from anything else to monitor for suspicious behavior. This makes the system
much faster and efficient
C. AMP Threat Grid combines Static, and Dynamic Malware analysis with
threat intelligence into one combined solution
D. AMP Threat Grid analyzes suspicious behavior in your network against
exactly 400 behavioral indicators
Answer: C
http://www.testmayor.com/400-251-test.html
QUESTION 4
Which two characteristics of DTLS are true? (Choose two)
A. It includes a congestion control mechanism
B. It supports long data transfers and connections data transfers
C. It completes key negotiation and bulk data transfer over a single channel
D. It is used mostly by applications that use application layer object-security
protocols
E. It includes a retransmission method because it uses an unreliable datagram
transport
F. It cannot be used if NAT exists along the path
Answer: AE
http://www.testmayor.com/400-251-test.html
QUESTION 5
Which two of the following ICMP types and code should be allowed in a
firewall to enable traceroute? (Choose two)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host E. Time Exceeded-Fragment
Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: BC
http://www.testmayor.com/400-251-test.html
QUESTION 6
From the list below, which one is the major benefit of AMP Threat GRID?
A. AMP Threat Grid collects file information from customer servers and run
tests on them to see if they are infected with viruses
B. AMP Threat Grid learns ONLY from data you pass on your network and not
from anything else to monitor for suspicious behavior. This makes the system
much faster and efficient
C. AMP Threat Grid combines Static, and Dynamic Malware analysis with
threat intelligence into one combined solution
D. AMP Threat Grid analyzes suspicious behavior in your network against
exactly 400 behavioral indicators
Answer: C
http://www.testmayor.com/400-251-test.html
Question 7
Which three statements about the Cisco IPS sensor are true? (Choose
three.)
A. You cannot pair a VLAN with itself.
B. For a given sensing interface, an interface used in a VLAN pair can be a
member of another inline interface pair.
C. For a given sensing interface, a VLAN can be a member of only one inline
VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on
more than one sensing interface.
D. The order in which you specify the VLANs in a inline pair is significant.
E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline
VLAN pairs.
Answer: A, C, E
http://www.testmayor.com/400-251-test.html
Question 8
According ISO27001 ISMS, which of the following are mandatory
documents? (Choose 4)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Answer: A, B, C, D
http://www.testmayor.com/400-251-test.html
Question 9
Which three attributes may be configured as part of the Common Tasks
panel of an authorization profile in the Cisco ISE solution? (Choose
three.)
A. VLAN
B. voice VLAN
C. dACL name
D. voice domain permission
E. SGT
Answer: A, C, D
http://www.testmayor.com/400-251-test.html
Question 10
Which two certificate enrollment methods can be completed without an
RA and require no direct connection to a CA by the end entity? (Choose
two.)
A. SCEP
B. TFTP
C. manual cut and paste
D. enrollment profile with direct HTTP
E. PKCS#12 import/export
Answer: C, E
Features of Testmayor.com
Real Exam Questions Answers
Exam Passing Guarantee
Money Back Assurance
Practice Mode of Better Exam Preparation
Exam Mode for Real Exam Environment
Experts Verified Valid Answers
90 Days Free Updates
http://www.testmayor.com/400-251-test.html
Top Related