Professional Documents
Culture Documents
PassWritten Workbook
400-251
CCIE SECURITY WRITTEN
www.passwritten.com | www.passwrittendumps.com
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
1) What are the two different modes in which Private AMP cloud can be deployed? (Choose two)
A. Cloud Mode
B. Internal Mode
C. Public Mode
D. External Mode
E. Proxy Mode
F. Air Gap Mode
Answer: A,F
2)
Refer to the exhibit. Which two effects of this configuration are true? (Choose Two)
A. user five can view usernames and password
B. user superuser can view the configuration
C. User superuser can change usernames and passwords
D. User superuser can view usernames and passwords
E. User five can execute the show run command
F. User cisco can view usernames and passwords
Answer: B,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
3) Which three commands can you use to configure VXLAN on a Cisco ASA firewall?(Choose three)
A. default-mcast-group
B. set ip next-hop verify-availiability
C. sysopt connection tcpmss
D. segment-id
E. inspect vxlan
F. nve-only
Answer: A,D,F
4) Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?
A. SNMP Query
B. DHCP SPAN
C. DHCP
D. HTTP
E. RADIUS
F. NetFlow
Answer: A
5) Which type of attack uses a large number of spoofed MAC addresses to emulate wireless clients?
A. DoS against an access point
B. DoS against a client station
C. chopchop attack
D. Airsnaf attack
E. device-probing attack
F. authentication-failure attack
Answer: A
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
6) Which two statements about NetFlow Secure Event logging on a Cisco ASA are true? (Choose two)
A. It is supported only in single context mode
B. It can log different event types on the same device to different collectors
C. It tracks configured collections over TCP
D. It can be used without collectors
E. It supports one event type per collector
F. It can export templates through NetFlow
Answer:B,E
7)
Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel
failed to come up. Which reason for the problem is the most likely?
A. The channel-group modes are mismatched
B. The lacp system-priority and lacp port-priority values are same
C. The EtherChannel requires three ports, and only two are configured
D. The EtherChannel is disabled
Answer:A
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
Answer: A
Answer: E
Answer: A
11) Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three)
A. Real-time application performance improves if DTLS is implemented
B. DTLS can fall back to TLS without enabling dead peer detection
C. The ASA will verify the remote HTTPS certificate
D. By default, the ASA uses the Cisco AnyConnect Essentials license
E. By default, the VPN connection connects with DTLS
F. Cisco AnyConnect connections use IKEv2 by default when it is configured as the primary protocol on
the client
Answer: A,E,F
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
12) Which two options are benefits of global ACLs? (Choose two)
A. They only operate on logical interfaces
B. They are more efficient because they are processed before interface access rules
C. They can be applied to multiple interfaces
D. They are flexible because they match source and destination IP addresses for packets that arrive on
any interface
E. They save memory because they work without being replicated on each interface
Answer: D,E
13) Which three statements about 802.1x multiauthentication mode are true? (Choose three)
A. It can be deployed in conjunction with MDA functionality on voice VLANs
B. It requires each connected client to authenticate individually
C. Each multiauthentication port can support only one voice VLAN
D. It is recommended for auth-fail VLANs
E. On non-802.1x devices, It can support only one authentication method on a single port
F. It is recommended for guest VLANs
Answer: A,B,C
14)
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
Refer to the exhibit. Which three additional configuration elements must you apply to complete a functional
FlexVPN deployment? (Choose three)
Answer: D,E,F
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
15) You are considering using RSPAN to capture traffic between several switches. Which two configuration
aspects do you need to consider? (Choose two)
A. Not all switches need to support RSPAN for it to work
B. The RSPAN VLAN need to be blocked on all trunk interfaces leading to the destination RSPAN switch
C. All switches need to be running the same IOS version
D. All distribution switches need to support RSPAN
E. The RSPAN VLAN need to be allow on all trunk interfaces leading to the destination RSPAN switch
Answer: A,E
16)
Refer to the exhibit. You applied this VPN cluster configuration to a Cisco ASA and the cluster failed to form.
How do you edit the configuration to correct the problem?
A. Define the maximum allowable number of VPN connections
B. Define the master/ slave relationship
C. Enable load balancing
D. Configure the cluster IP address
Answer: D
17)
C. Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS
server
D. Users must be in the RADIUS server to access the serial console
E. Only SSH users are authenticated against the RADIUS server
Answer: C
18)
Refer to the exhibit. Which two configurations must you perform to enable the device to use this class map?
(Choose two)
A. Configure PDLM
B. Configure the ip nbar custom command
C. Configure the ip nbar protocol discovery command
D. Configure teh transport hierarchy
E. Configure the DSCP value
Answer: B,C
19) Which three messages are part of the SSL protocol? (Choose Three)
A. Change CipherSpec
B. Alert
C. Record
D. Message Authenication
E. CipherSpec
F. Handshake
Answer: A,C,F
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
Answer: A
21) Which two design options are best to reduce security concerns when adopting IoT into an organization? (Choose
two)
Answer: C,E
22) Which encryption type is used by ESA for implementing the Email Encryption?
A. SSL Encryption
B. TLS
C. Identity Based Encryption (IBE)
D. PKI
E. S/MIME Encryption
Answer: E
23)Which two statement about the MACsec security protocol are true? (Choose two)
Answer: B,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
24) Which type of header attack is detected by Cisco ASA threat detection?
Answer: C
25) Which two statements about SCEP are true? (Choose two)
A. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm
B. CA servers must support GetCACaps response messages in order to implement extended functionality
C. The GetCert exchanges is signed and encrypted only in the response direction
D. It is vulnerable to downgrade attacks on its cryptographic capabilities
E. The GetCRL exchange is signed and encrypted only in the response direction
Answer: B,D
26) Which effect of the ip nhrp map multicast dynamic command is true?
A. It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same
interface
B. It enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel
C. It configures a hub router to automatically add spoke routers to the multicast replication list of the hub
D. It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs
Answer: C
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
27)
Refer to the exhibit. A user authenticates to the NAS, Which communicates to the TACACS+ server for
authentication. The TACACS+ server then accesses the Active Directory Server through the ASA firewall to validate
the user credentials which protocol-port pair must be allowed access through the ASA firewall?
Answer: C
Answer: B
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
29)
Refer to the exhibit. What is the maximum number of site-to-site VPNs allowed by this configuration?
A. 10
B. 15
C. unlimited
D. 5
E. 0
F. 1
Answer: B
30) How does Scavenger-class QoS mitigate DoS and worm attacks?
A. It matches traffic from individual hosts against the specific network characteristics of known attack types
B. It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is
detected
C. It monitors normal traffic flow and drops burst traffic above the normal rate for a single host
D. It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from
multiple hosts
Answer: D
31) Which three statements about SXP are true? (Choose three)
A. To enable an access device to use IP device tracking to learn source device IP addresses, DHCP snooping
must be configured
B. Each VRF supports only one CTS-SXP connection
C. It resides in the control plane, where connections can be initiated from a listener
D. Separate VRFs require different CTS-SXP peers, but they can use the same source IP addresses
E. The SGA ZBPF uses the SGT to apply forwarding decisions
F. Packets can be tagged with SGTs only with hardware support
Answer: B,D,F
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
32)
Refer to the exhibit. Which two effects of this configuration are true? (Choose two)
A. Configuration commands on the router are authorized without checking the TACACS+ server
B. When a user logs in to privileged EXEC mode, the router will track all user activity
C. Requests to establish a reverse AUX connection to the router will be authorized against the TACACS+ server
D. When a user attempts to authenticate on the device, the TACACS+ server will prompt the user to enter the
username stored in the router's database
E. If a user attempts to log in as a level 15 user, the local database will be used for authentication and the
TACACS+ will be used for authorization
F. It configures the router's local database as the backup authentication method for all TTY, console, and aux
logins
Answer: A,F
33) Which two options are benefits of the cisco ASA Identify Firewall? (Choose two)
Answer: C,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
34)
Refer to the exhibit. Which two effects of this configuration are true? (Choose two)
Answer: A,B
35) Which two statements about the TTL value in an IPv4 header are true? (Choose two)
A. It is a 4-bit value
B. Its maximum value is 128
C. It is a 16-bit value
D. It can be used for traceroute operations
E. When it reaches 0, the router sends an ICMP Type 11 messages to the originator
Answer: D,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
36)
A. Any VPN user with a session time out of 24 hours can access the device
B. Users attempting to access the console port are authenticated against the TACACS+ server
C. If the TACACAS+ authentication fails, the ASA uses cisco 123 as its default password
D. The device tries to reach the server every 24 hours and falls back to the LOCAL database if it fails
E. The servers in the TACACS+ group0 are reactivated every 1440 seconds
Answer: D
A. ClamAV
B. ClamAMP
C. TETRA
D. TETRAAMP
Answer: C
Answer: A,D
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
39) A new computer is not getting its IPv6 address assigned by the router. While running WireShark to try to
troubleshoot the problem, you find a lot of data that is not helpful to nail down the problem. What two filters would
you apply to WireShark to filter the data that you are looking for? (Choose Two)
A. Icmpv6.type== 136
B. Icmpv6.type== 135
C. Icmp5.type== 135
D. Icmpv6type== 136
E. Icmp6type== 135
Answer: A,B
40) Which two options are benefits of network summarization? (Choose two)
Answer: C,D
Answer: A
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
42) Which file extensions are supported on the Firesight Management Center 6.1 file policies that can be analyzed
dynamically using the Threat Grid Sandbox integration?
Answer: A
43)
A. API
B. JSON
C. JavaScript
D. YANG
E. XML
Answer: E
44) In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router?
Answer: C
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
45) Which option is a data modeling language used to model configuration and state data of network elements?
A. NETCONF
B. RESTCONF
C. YANG
D. SNMPv4
Answer: C
46) Which three ESMTP extensions are supported by the Cisco ASA? (Choose three)
A. 8BITMIME
B. STARTTLS
C. NOOP
D. PIPELINING
E. SAML
F. ATRN
Answer: B,D,E
47) In OpenStack, which two statements about the NOVA component are true? (Choose two)
Answer: A,D
48) Which three types of addresses can the Botnet Filter feature of the Cisco ASA monitor? (Choose three)
Answer: A,D,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
49) Which three authorization technologies does Cisco TrustSec support? (Choose three)
A. SGT
B. SGACL
C. MAB
D. 802.1x
E. DACL
F. VLAN
Answer: A,E,F
50) Which two statements about 802.1x components are true? (Choose two)
A. The certificates that are used in the client-server authentication process are stored on the access switch
B. The access layer switch is the policy enforcement point
C. The RADIUS server is the policy enforcement point
D. The RADIUS server is the policy information point
E. An LDAP server can serve as the policy enforcement point
Answer: B,D
51) Which statements about the cisco AnyConnect VPN Client are true? (Choose two)
Answer: C,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
52) Which three transports have been defined for SNMPv3? (Choose three)
Answer: C,D,F
53) Which two statements about SPAN sessions are true? (Choose two)
A. A single switch stack can support up to 32 source and RSPAN destination sessions
B. They can monitor sent and received packets in the same session
C. Multiple SPAN sessions can use the same destination port
D. Source ports and source VLANS can be mixed in the same session
E. They can be configured on ports in the disabled state before enabling the port
F. Local SPAN and RSPAN can be mixed in the same session
Answer: D,E
54) Which three ISAKMP SA Message States can be output from the device that initiated an IPsec tunnel? (Choose
three)
A. MM_WAIT_MSG3
B. MM_WAIT_MSG2
C. MM_WAIT_MSG1
D. MM_WAIT_MSG4
E. MM_WAIT_MSG6
F. MM_WAIT_MSG5
Answer: A,C,F
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
55) Which three EAP protocols are supported in WPA and WPA2? (Choose three)
A. EAP-FAST
B. EAP-AKA
C. EAP-EKE
D. EAP-EEE
E. EAP-SIM
F. EAP-PSK
Answer: A,B,E
56) Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
A. Authenticated-User-Idle-Timeout
B. Web-VPN-ACL-Filters
C. L2TP-Encryption
D. IPsec-Default-Domain
E. Authorized-Type
F. IPsec-Client-Firewall-Filter-Name
Answer: A,B,D
Answer: A
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
58) Which two statements about MAB are true? (Choose two)
Answer: A,E
59) Drag and drop the protocols on the left onto their descriptions on the right
60)
Refer to the exhibit. Which meaning of this error message on a Cisco ASA is true?
Answer: D
61) Which three statements about WCCP are true? (Choose three)
Answer: A,B,E
62) Which two options are important considerations when you use wsa for to obtain the full picture of network
traffic? (Choose two)
Answer: B,D
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
63) Which three VSA attributes are present in a RADIUS WLAN Access-accept packet? (Choose three)
A. EAP-Message
B. Tunnel-Type
C. LEAP Session-Key
D. Tunnel-Private-Group-ID
E. Authorization-Algorithm-Type
F. SSID
Answer: C,E,F
64) Which two options are unicast address types for IPv6 addressing? (Choose two)
A. Global
B. Established
C. Link-local
D. Static
E. Dynamic
Answer: A,C
65) A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server
application. What TCP dump filter would be best to verify that traffic is reaching the Linux Server eth0 interface?
A. tcpdump i eth0 host 10.10.7.4 and host 11.0.1.9 and port 8080
B. tcpdump i eth0 host 10.10.7.4 and 11.0.1.9
C. tcpdump i eth0 dst 11.0.1.9 and dst port 8080
D. tcpdump i eth0 src 10.10.7.4 and dst 11.0.1.9 and dst port 8080
Answer: D
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
66) Which two statements about uRPF are true? (Choose two)
A. The administrator can configure the allow-default command to force the routing table to use only the
default route
B. In strict mode, only one routing path can be available to reach network devices on a subnet
C. The administrator can use the show cef interface command to determine whether uRPF is enabled
D. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF
check to work through HSRP routing groups
E. It is not supported on the Cisco ASA security appliance
Answer: B,C
67) Which three options are fields in a CoA Request code packet? (Choose three)
A. Length
B. Calling-station-ID
C. Authenticator
D. Acct-session-ID
E. State
F. Identifier
Answer: B,D,E
68) When TCP Intercept is enabled in its default mode, how does it react to a SYN request?
Answer: B
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
69)
Refer to the exhibit. What are two functionalities of this configuration? (Choose two)
Answer: C,D
70)
Refer to the exhibit. What are two effects of the given configuration? (Choose two)
A. The connection will remain open if the PASV reply command includes 5 commas
B. TCP connections will be completed only to TCP ports from 1 to 1024
C. FTP clients will be able to determine the servers system type
D. The client must always send the PASV reply
E. The connection will remain open if the size of the STOR command is greater than a fixed constant
Answer: A,C
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
71)
Refer to the exhibit. Which two effects of this configuration are true? (Choose two)
A. If the TACACS+ server is unreachable, the switch places hosts on critical ports in VLAN 50
B. The device allows multiple authenticated sessions for a single MAC address in the voice domain
C. If multiple hosts have authenticated to the same port, each can be in their own assigned VLAN
D. If the authentication priority is changed the order in which authentication is preformed also changes
E. The switch periodically sends an EAP-Identity-Request to the endpoint supplicant
F. The port attempts 802.1x authentication first, and then falls back to MAC authentication bypass
Answer: E,F
72) Which two options are normal functionalities for ICMP? (Choose two)
A. Packet filtering
B. Host detection
C. Relaying traffic statistics to applications
D. Path MTU discovery
E. Router discovery
F. Port scanning
Answer: B,D
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
73) Which command sequence do you enter to add the host 10.2.1.0 to the CISCO object group?
Answer: D
74)
Answer: A
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
75) Which two events can cause a failover event on an active/standby setup? (Choose two)
Answer: C,D
76) Within Platform as a Service, Which two components are managed by the customer? (Choose two)
A. Middleware
B. Applications
C. Data
D. Operating system
E. Networking
Answer: B,C
77)
A. 56-bit
B. 168-bit
C. 1024-bit
D. 192-bit
Answer: B
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
78) From the list below, which one is the major benefit of AMP Threat GRID?
A. AMP Threat Grid analyzes suspicious in your network against exactly 400 behavioral indicators
B. AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence info one combined
solution
C. AMP threat Grid learns ONLY form data you pass on your network and not from anything else to monitor for
suspicious behavior. This makes the system much faster and efficient
D. AMP Threat Grid collects file information from customer servers and run tests on the, to see if they are
infected with viruses
Answer: C
79) Which three statements about PKI on Cisco IOS Software are true? (Choose three)
A. The match certificate and allow expired-certificate commands are ignored unless the router clock is set
B. OSCP enables a PKI to use a CRL without time limitations
C. Different OSCP servers can be configured for different groups of client certificates
D. OSCP is well-suited for enterprise PKIs in which CRLs expire frequently
E. Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid
F. If a certificate-based ACL specifies more than one filed, any one successful filed-to-value test is treated as a
match
Answer: C,D,E
80)
Refer to the exhibit. For which type of user is this downloadable ACL appropriate?
A. Onsite contractors
B. Management
C. Network administrators
D. Employees
E. Guest users
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
Answer: E
Answer: A,D
82) Which two statements about Botnet traffic Filter snooping are true? (Choose two)
A. It can log and block suspicious connections from previously unknown bad domains and IP addresses
B. It checks inbound and outbound traffic
C. It can inspect both IPv4 and IPv6 traffic
D. It requires the Cisco ASA DNS server to perform DNS lookups
E. It checks inbound traffic only
F. It requires DNS packet inspection to be enabled to filter domain names in the dynamic database
Answer: B,F
83) Which command on Cisco ASA you can enter to send debug messages to a syslog server?
A. Logging host
B. Logging debug-trace
C. Logging traps
D. Logging syslog
Answer: A
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
84)
Answer: B
85) Which feature does Cisco VSG use to redirect traffic in a Cisco Nexus 1000V Series Switch ?
A. VPC
B. VDC
C. VEM
D. vPath
Answer: D
86) Which two statements about ping flood attacks are true? (Choose two)
A. They attack by sending ping requests to the return address of the network
B. The use ICMP packets
C. They attack by sending ping requests to the broadcast address of the network
D. The attack is intended to overwhelm the CPU of the target victim
E. They use UDP packets
F. They use SYN packets
Answer: B,C
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
87) Which best practice can limit inbound TTL expiry attacks?
A. Setting the TTL value to more than the longest path in the network
B. Setting the TTL value to zero
C. Setting the TTL value to less than the longest path in the network
D. Setting the TTL value equal to the longest path in the network
Answer: A
88) Which two options are benefits of the Cisco ASA transparent firewall mode? (Choose two)
Answer: B,E
Answer: C
90) What are two characteristics of RPL, used in loT environments? (Choose two)
Answer: B,E
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
91) Which command is required for bonnet filter on Cisco aASA to function properly
Answer: D
92) Which two statements about Cisco URL Filtering on Cisco IOS Software are true?(Choose Two)
A.By default, it allows all URLs when the connection to the filtering server is down.
C.It Supports local URL lists and third-party URL filtering servers.
Answer:C,E
93) .Which two options are open-source SDN controllers? (Choose two)
A) OpenContrail
B) OpenDaylight
C) Big Cloud Fabric
D) Virtual Application Networks SDN Controller
E) Application Policy Infrastructure Controller
Answer: A,B
PASSWRITTENDUMPS.COM 400-251 20-Mar-17
OUR CCIE WRITTEN ENGINEERS ARE AVAILABLE ON SKYPE CHAT OR LIVE SUPPORT CHAT FROM
WEBSITE
ACTIVE CLIENTS WILL GET VERY SPECIAL DISCOUNTS ON OTHER CCIE TRACKS
WORLD FIRST REAL LAB RACK RENTAL FOR ALL CCIE TRACKS
CCIE RACK RENTALS ----->WWW.CCIERACK.RENTALS (CRR)