400-251 | High quality 400-251 Study Guides 2021

NEW QUESTION 1
Which three of these make use of a certificate as part of the protocol? (Choose three)

• A. LEAP
• B. EAP-MDS
• C. EAP-TTLS
• D. EAP-PEAP
• E. EAP-FAST
• F. EAP-TLS

Answer: CEF

NEW QUESTION 2
Which two characteristic of an loT network are true?(Choose two)

• A. loT network must be designed for low-powered devices
• B. The transmission rate in an loT network is consistent
• C. loT networks are 100% reliable
• D. loT networks use IS-IS for routing
• E. toT networks are bandwith constrained

Answer: AE

NEW QUESTION 3
An university has hired you as a consultant to advise them on the best method to prevent DHCP starvation attacks in the campus. They have already implemented DHCP snooping and port security to control the situation, but those do not fully contain the issue. Which two actions do you suggest to fix this issue? (Choose two.)

• A. Use the ip dhcp snooping limit rate command on trusted and untrusted interfaces and set the rate to suitable values that are relevant to each interface reqpectively.
• B. Use the ip dhcp snooping verify mac-address command to ensure that the source MAC address in the DHCP rquest matches the client hardware address (CHADDR) sent to the DHCP server.
• C. Use the ip dhcp snooping verify mac-address command to ensure that the source MAC address in the DHCP request matches the client identifier (CLID) field sent to the DHCP server.
• D. Use the ip dhcp snooping limit rate command only to ensure that the source MAC address in the DHCP request matches the client identifier (CLID) field sent to the DHCP server.
• E. User the ip dhcp snooping limit rate command on trusted and untrusted interfaces set to the same rate value.
• F. Use the ip dhcp snooping limit rate command only on untrusted interfaces and set the rate to suitable values that are relevant to the interface.

Answer: BF

NEW QUESTION 4
What are the two different modes in which Private AMP cloud can be deployed? (Choose two.)

• A. Hybrid Mode
• B. Internal Mode
• C. Air Gap Mode
• D. External Mode
• E. Cloud-Proxy Mode
• F. Public Mode

Answer: CE

NEW QUESTION 5
Which statement is an advantage of network segmentation?

• A. It enables efficient network monitoring due to a flat network
• B. It takes less time to design a complex network with segmentation as one of the critical requirements
• C. It allows flat network design for better security implementation
• D. It allows efficient containment of a security incident as the effect will be limited to local subnet
• E. It improves network performance by having broadcast traffic not limited to local subnets
• F. It allows users to access the resource even though they won't need to for better visibility

Answer: D

NEW QUESTION 6
Drag the components of WIPS architecture on the left to their respective functionalities on the right.

Answer:

Explanation: 1-5, 2-1, 3-4, 4-2, 5-3

NEW QUESTION 7
Which statement about Local Web Authentication is true?

• A. It supports Change of Authorization and VLAN enforcement
• B. It can use VLANs and ACLs to enforce authorization
• C. The network device handles guest authentication
• D. The ISE servers web pages
• E. It supports posture and profiling services
• F. The web portal can be customized locally or managed by the ISE

Answer: C

NEW QUESTION 8
Within Platform as a Service, which two components are managed by the customer? (Choose two.)

• A. Data
• B. networking
• C. middleware
• D. applications
• E. operating system

Answer: AD

NEW QUESTION 9
Refer to the exhibit.

Which two effects of this configuration are true? (Choose two)

• A. When a user logs in to privileged EXEC mode, the router will track all user activity
• B. It configures the router’s local database as the backup authentication method for all TTY, console, and aux logins
• C. If a user attempts to log in as a level 15 user, the local database will be used for authentication and TACACS+ will be used for authorization
• D. Configuration commands on the router are authorized without checking the TACACS+ server
• E. When a user attempts to authenticate on the device, the TACACS+ server will prompt the user to enterthe username stored in the router’s database
• F. Requests to establish a reverse AUX connection to the router will be authorized against the TACACS+ server

Answer: BF

NEW QUESTION 10
Which of the following is used by WSA to extract session information from ISE and use that in access policies?

• A. RPC
• B. pxGrid
• C. SXP
• D. Proprietary protocol over TCP/8302
• E. EAP
• F. RADIUS

Answer: B

NEW QUESTION 11
An organization is deploying FTD in the data center. Products applications have been connected; however, ping tests to resources firewall has two interfaces, INSIDE and OUTSIDE. The problem might testing scenario is from the OUTSIDE. Which two commands can be the situation and determine where the issue might be? (Choose two)

• A. Packet-tracer input Outside <Protocol> < Destination IP> <Source
• B. Packet-tracer input Outside <Protocol> <Source IP> <Source Port
• C. Packet-tracer input Inside <Protocol> < Destination IP> <Source
• D. Packet-tracer input Inside <Protocol>< Destination IP> < Destination
• E. Packet-tracer input Outside <Protocol>< Destination IP> < Destination
• F. Packet-tracer input lnside<Protocol> < Source IP> < Source Port:

Answer: BF

NEW QUESTION 12
Which three EAP protocols are supported in WPA and WPA2? (Choose three)

• A. EAP-PSK
• B. EAP-EKE
• C. EAP-FAST
• D. EAP-AKA
• E. EAP-SIM
• F. EAP-EEE

Answer: CDE

NEW QUESTION 13
Which of the following is the correct statement regarding enabling SMTP encryption on ESA?

• A. Enabling TLS is an optional step
• B. TLS can be enabled only for receiving
• C. Enabling TLS for delivery goes under the "Destination Controls" menu of mail policies
• D. It only allows to use the self-signed certificates
• E. TLS can be enabled only for delivery
• F. It allows to import certificate from CA

Answer: C

NEW QUESTION 14
Which three VSA attributes are present in a RADIUS WLAN Access-Accept packet? (Choose three)

• A. Tunnel-Private-Group-ID
• B. Tunnel-Type
• C. SSID
• D. EAP-Message
• E. LEAP Session-Key
• F. Authorization-Algorithm-Type

Answer: CEF

NEW QUESTION 15
A client computer at 10.10.7.4 is trying to access a Linux server(11.0.1.9) that is running a Tomcat Server
application.
What TCP dump filter would be best to verify that traffic is reaching the Linux Server eth0 interface?

• A. tcpdump -I eth0 host 10.10.7.4 and host 11.0.1.9 and port 8080.
• B. tcpdump -l eth0 host 10.10.7.4 and 11.0.1.9.
• C. tcpdump -I eth0 dst 11.0.1.9 and dst port 8080.
• D. tcpdump -I eth0 scr 10.10.7.4 and dst 11.0.1.9 and dst port 8080

Answer: D

NEW QUESTION 16
Which of the following could be an evasion technique used by the attacker?

• A. Port access using Dot1x
• B. ACL implementation to drop unwanted traffic
• C. TELNET to launch device administration session
• D. Traffic encryption to bypass IPS detection
• E. URL filtering to block malicious sites
• F. NAT translations on routers and switches

Answer: D

NEW QUESTION 17
What are three pieces of data you should review in response to a supported SSL MITM attack? (Choose three.)

• A. the MAC address of the SSL server
• B. the MAC address of the attacker
• C. the IP address of the SSL server
• D. the X.509 certificate of the attacker
• E. the X.509 certificate of the SSL server
• F. the DNS name of the SSL server

Answer: CEF

NEW QUESTION 18
Which are two of the valid IPv6 extension headers? (Choose two.)

• A. Options
• B. Authentication Header
• C. Mobility
• D. Protocol
• E. Next Header
• F. Hop Limit

Answer: BC