Download CCIE Security Written Exam v5-1.braindumps.400-251.2019-10-03.1e.185q.vcex

Download Exam

File Info

Exam CCIE Security Written Exam v5.1
Number 400-251
File Name CCIE Security Written Exam v5-1.braindumps.400-251.2019-10-03.1e.185q.vcex
Size 3.71 Mb
Posted October 03, 2019
Downloads 16
Download CCIE Security Written Exam v5-1.braindumps.400-251.2019-10-03.1e.185q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

What are the two different modes in which Private AMP cloud can be deployed? (Choose two.)

  • A: Cloud-Proxy Mode
  • B: Internal Mode
  • C: Air Gap Mode
  • D: Hybrid Mode
  • E: Public Mode
  • F: External Mode

Correct Answer: AC

Reference: http://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-733180.html




Question 2

Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three.)

  • A: default-mcast-group
  • B: set ip next-hop verify-availability
  • C: sysopt connection tcpmss
  • D: segment-id
  • E: inspect vxlan
  • F: nve-only

Correct Answer: ADF




Question 3

Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?

  • A: SNMP Query
  • B: DCHP SPAN
  • C: DCHP
  • D: HTTP
  • E: RADIUS
  • F: NetFlow

Correct Answer: F




Question 4

Which two statements about NetFlow Secure Event Logging on a Cisco ASA are true? (Choose two.)

  • A: It is supported only in single-context mode.
  • B: It can log different event types on the same device to different collectors.
  • C: It tracks configured collectors over TCP.
  • D: It can be used without collectors.
  • E: It supports one event type per collector.
  • F: It can export templates through NetFlow.

Correct Answer: BF

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-nsel.pdf




Question 5

View the Exhibit. 

  

Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up. 
Which reason for the problem is the most likely?

  • A: The channel-group modes are mismatched.
  • B: The lacp system-priority and lacp port-priority values are the same.
  • C: The EtherChannel requires three ports, and only two are configured.
  • D: The EtherChannel is disabled.

Correct Answer: C




Question 6

Which option best describes RPL?

  • A: RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
  • B: RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route leaves and the root border router.
  • C: RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
  • D: RPL stands for Routing overlow priority links that use distance vector DOGAG to determine the best route between two root border routers.

Correct Answer: B

RPL is a distance vector protocol and supports a wide set of routing link and node metrics. RPL supports mono metric optimization—the best path is considered as the shortest (constrained) path according to a single metric (multimetric optimization is not supported). The objective is to not trade path optimality for network stability. A small path cost increase is usually smoothed out for the benefit of limiting the control plane traffic. 
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/rpl/configuration/15-mt/rpl-15-mt-book.html#concept_56393E63C4D74ABAB7A25049C2345053




Question 7

Which two options are benefits of global ACLs? (Choose two.)

  • A: The only operate on logical interfaces.
  • B: They are more efficient because they are processed before interface access rules.
  • C: They can be applied to multiple interfaces.
  • D: They are flexible because they match source and destination IP addresses for packets that arrive on any interface.
  • E: They save memory because they work without being replicated on each interface.

Correct Answer: DE

Global access rules allow you to apply a global rule to ingress traffic without the need to specify an interface to which the rule must be applied. Using global access rules provides the following benefits:
When migrating to the adaptive security appliance from a competitor appliance, you can maintain a global access rule policy instead of needing to apply an interface-specific policy on each interface. 
Global access control policies are not replicated on each interface, so they save memory space. 
Global access rules provides flexibility in defining a security policy. You do not need to specify which interface a packet comes in on, as long as it matches the source and destination IP addresses. 
Global access rules use the same mtrie and stride tree as interface-specific access rules, so scalability and performance for global rules are the same as for interface-specific rules. 
Reference:http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/access_rules.html




Question 8

Which three statements about 802.1x multiauthentication mode are true? (Choose three.)

  • A: It can be deployed in conjunction with MDA functionality on voice VLANs.
  • B: It requires each connected client to authenticate individually.
  • C: Each multiauthentication port can support only one voice VLAN.
  • D: It is recommended for auth-fail VLANs.
  • E: On non-802.1x devices, it can support only one authentication method on a single port.
  • F: It is recommended for guest VLANs.

Correct Answer: ABC

Available in Cisco IOS Release 12.2(50)SG, multiauthentication mode allows one client on the voice VLAN and multiple authenticated clients on the data VLAN. When a hub or access point is connected to an 802.1X port, multiauthentication mode provides enhanced security over multiple-hosts mode by requiring authentication of each connected client. For non-802.1X devices, you can use MAB or web-based authentication as the fallback method for individual host authentications, allowing you to authenticate different hosts through different methods on a single port.  
Multiauthentication also supports MDA functionality on the voice VLAN by assigning authenticated devices to either a data or voice VLAN depending on the VSAs received from the authentication server. 
Reference:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/dot1x.html#wp1309093




Question 9

View the Exhibit. 

  

Refer to the exhibit. Which three additional configuration elements must you apply to complete a functional FlexVPN deployment? (Choose three.)

  • A:
      
  • B:
      
  • C:
      
  • D:
      
  • E:
      
  • F:
      

Correct Answer: BDE

Reference: http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115782-flexvpn-site-to-site-00.html




Question 10

View the Exhibit. 
class-map match-any unknown 
match protocol unknown final 
Refer to the exhibit. Which two configurations must you perform to enable the device to use this class map? (Choose two.)

  • A: Configure PDLM.
  • B: Configure the ip nbar custom command.
  • C: Configure the ip nbar protocol discovery command.
  • D: Configure the transport hierarchy.
  • E: Configure the DSCP value.

Correct Answer: AC

Reference:http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/15-mt/qos-nbar-15-mt-book/nbar-mqc.html










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files