400-251 Free Questions – CCIE Security Written Exam (v5.0) V19.02

400-251 exam is a written exam for CCIE Security certification. CCIE Security program recognizes security experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements. Cisco 400-251 exam questions with accurate answers were updated on November 30, 2019, which ensure that you can pass 400-251 CCIE Security Written Exam (v5.0) Exam Successfully. Read Cisco 400-251 free questions online now.

400-251 Free Questions – CCIE Security Written Exam (v5.0) V19.02

1. Which description of the AES encryption algorithm is true?

 
 
 
 
 
 

2. Which statement about NVGRE functionality is true?

 
 
 
 
 
 
 

3. Which three protocols are used by the management plane in a Cisco IOS device? (Choose three)

 
 
 
 
 
 
 
 
 

4. Which statement about securing connection using MACsec is true?

 
 
 
 
 
 

5. Which statement correctly describes Botnet attack?

 
 
 
 
 
 

6. ISE can be integrated with an MDM to ensure that only registered devices are allowed on the network, and use the MDM to push policies to the device. Devices can go in and out of compliance either due to policy changes on the MDM server, or another reason. Consider a device that has already authenticated on the network, and stays connected, but fails out of compliance.
Which action can you take to ensure that a noncompliant device is checked periodically and re-assessed before allowing access to the network?

 
 
 
 
 
 

7. Which three messages are part of the SSL protocol? (Choose three)

 
 
 
 
 
 
 
 

8. A sneaky employee using an Android phone on your network has disabled DHCP, enabled its firewall, and modified its Http user-agent header to fool ISE into profiling it as a windows 10 machine connected to the wireless network. this user can now get authorization for unrestricted network access using his Active Directory credentials because your policy states that a windows device using AD credentials should be able to get full network access.
However, an Android device should only get access to the web proxy.
Which two steps can you take to avoid this sort of rogue behavior? Choose two)

 
 
 
 
 
 

9. Which function of MSE in the WIPS architecture is true?

 
 
 
 
 
 
 

10. Which statement about stealth scan is true?

 
 
 
 
 
 

11. Which statement about Sender Base reputation scoring on an ESA device is true?

 
 
 
 
 
 

12. A university has hired you as a consultant to advise them on the best method to prevent DHCP starvation attacks in the campus. They have already implemented DH CP snooping and port security to control the situation but those do not fully contain the issue.
Which two actions do you suggest to fix this issue? (Choose two.)

 
 
 
 
 
 

13. Which statement about SSL policy implementation in a cisco Firepower system is true?

 
 
 
 
 
 

14. In a large organization, with thousands of employees scattered across the globe, it is difficult to provision and onboard new employee devices with the correct profiles and certificates.
With ISE, it is possible to do client provided which four conditions are met. (Choose four)

 
 
 
 
 
 
 
 
 

15. What are the advantages of using LDAP over AD is true?

 
 
 
 
 

16. You have an ISE deployment with two nodes that are configured as PAN and MnT (Primary and Secondary), and 4 Policy Services Nodes.
How many additional PSNs can you add to this deployment?

 
 
 
 
 
 

17. Which statement about the Sender Base functionality is true?

 
 
 
 
 
 
 

18. All your employees are required to authenticate their devices to the network, be it company owned or employee owned assets, with ISE as the authentication server. The primary identity store used is Microsoft Active directory, with username and password authentication. To ensure the security of your enterprise our security policy dictates that only company owned assets should be able to get access to the enterprise network, while personal assets should have restricted access.
Which option would allow you to enforce this policy using only ISE and Active Directory?

 
 
 
 
 

19. In your Corporate environment, you have various Active Directory groups based o the organizational structure and would like to ensure that users are only able to access certain resources depending on which groups(s)they belong to This policy should apply across the network, You have ISE, ASA and WSA deployed, and would like to ensure the propriate policies are present to ensure access is only based on the user s group membership. Addionally, you don’t want the user to authenticate multiple times to get access.
Which two ploicies are used to set this up? (choose two)

 
 
 
 
 
 

20. In your ISE design, there are two TACACS profiles that are created for a device administration:
Help Desk_Profile, and IOS_Admin_Profile. The Help Desk profile should login the user with privilege 1, with ability to change privilege level to 15. The Admin profile should login the user with privilege 15 by default.
Which two commands must the help Desk enter on the IOS device to access privilege level 15? (Choose two)

 
 
 
 
 

300-209 Free Questions - Implementing Cisco Secure Mobility Solutions V19.02
400-101 Free Questions - CCIE Routing and Switching Written Exam V48.02

Leave a Reply

Your email address will not be published. Required fields are marked *