Download CCIE Security Written Exam v5-1.braindumps.400-251.2019-10-03.1e.185q.vcex

Download Exam

File Info

Exam CCIE Security Written Exam v5.1
Number 400-251
File Name CCIE Security Written Exam v5-1.braindumps.400-251.2019-10-03.1e.185q.vcex
Size 3.71 Mb
Posted October 03, 2019
Downloads 16
Download CCIE Security Written Exam v5-1.braindumps.400-251.2019-10-03.1e.185q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

What are the two different modes in which Private AMP cloud can be deployed? (Choose two.)

  • A: Cloud-Proxy Mode
  • B: Internal Mode
  • C: Air Gap Mode
  • D: Hybrid Mode
  • E: Public Mode
  • F: External Mode

Correct Answer: AC


Question 2

Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three.)

  • A: default-mcast-group
  • B: set ip next-hop verify-availability
  • C: sysopt connection tcpmss
  • D: segment-id
  • E: inspect vxlan
  • F: nve-only

Correct Answer: ADF

Question 3

Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?

  • A: SNMP Query
  • C: DCHP
  • D: HTTP
  • F: NetFlow

Correct Answer: F

Question 4

Which two statements about NetFlow Secure Event Logging on a Cisco ASA are true? (Choose two.)

  • A: It is supported only in single-context mode.
  • B: It can log different event types on the same device to different collectors.
  • C: It tracks configured collectors over TCP.
  • D: It can be used without collectors.
  • E: It supports one event type per collector.
  • F: It can export templates through NetFlow.

Correct Answer: BF

Question 5

View the Exhibit. 


Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up. 
Which reason for the problem is the most likely?

  • A: The channel-group modes are mismatched.
  • B: The lacp system-priority and lacp port-priority values are the same.
  • C: The EtherChannel requires three ports, and only two are configured.
  • D: The EtherChannel is disabled.

Correct Answer: C

Question 6

Which option best describes RPL?

  • A: RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
  • B: RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route leaves and the root border router.
  • C: RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
  • D: RPL stands for Routing overlow priority links that use distance vector DOGAG to determine the best route between two root border routers.

Correct Answer: B

RPL is a distance vector protocol and supports a wide set of routing link and node metrics. RPL supports mono metric optimization—the best path is considered as the shortest (constrained) path according to a single metric (multimetric optimization is not supported). The objective is to not trade path optimality for network stability. A small path cost increase is usually smoothed out for the benefit of limiting the control plane traffic.

Question 7

Which two options are benefits of global ACLs? (Choose two.)

  • A: The only operate on logical interfaces.
  • B: They are more efficient because they are processed before interface access rules.
  • C: They can be applied to multiple interfaces.
  • D: They are flexible because they match source and destination IP addresses for packets that arrive on any interface.
  • E: They save memory because they work without being replicated on each interface.

Correct Answer: DE

Global access rules allow you to apply a global rule to ingress traffic without the need to specify an interface to which the rule must be applied. Using global access rules provides the following benefits:
When migrating to the adaptive security appliance from a competitor appliance, you can maintain a global access rule policy instead of needing to apply an interface-specific policy on each interface. 
Global access control policies are not replicated on each interface, so they save memory space. 
Global access rules provides flexibility in defining a security policy. You do not need to specify which interface a packet comes in on, as long as it matches the source and destination IP addresses. 
Global access rules use the same mtrie and stride tree as interface-specific access rules, so scalability and performance for global rules are the same as for interface-specific rules. 

Question 8

Which three statements about 802.1x multiauthentication mode are true? (Choose three.)

  • A: It can be deployed in conjunction with MDA functionality on voice VLANs.
  • B: It requires each connected client to authenticate individually.
  • C: Each multiauthentication port can support only one voice VLAN.
  • D: It is recommended for auth-fail VLANs.
  • E: On non-802.1x devices, it can support only one authentication method on a single port.
  • F: It is recommended for guest VLANs.

Correct Answer: ABC

Available in Cisco IOS Release 12.2(50)SG, multiauthentication mode allows one client on the voice VLAN and multiple authenticated clients on the data VLAN. When a hub or access point is connected to an 802.1X port, multiauthentication mode provides enhanced security over multiple-hosts mode by requiring authentication of each connected client. For non-802.1X devices, you can use MAB or web-based authentication as the fallback method for individual host authentications, allowing you to authenticate different hosts through different methods on a single port.  
Multiauthentication also supports MDA functionality on the voice VLAN by assigning authenticated devices to either a data or voice VLAN depending on the VSAs received from the authentication server. 

Question 9

View the Exhibit. 


Refer to the exhibit. Which three additional configuration elements must you apply to complete a functional FlexVPN deployment? (Choose three.)

  • A:
  • B:
  • C:
  • D:
  • E:
  • F:

Correct Answer: BDE


Question 10

View the Exhibit. 
class-map match-any unknown 
match protocol unknown final 
Refer to the exhibit. Which two configurations must you perform to enable the device to use this class map? (Choose two.)

  • A: Configure PDLM.
  • B: Configure the ip nbar custom command.
  • C: Configure the ip nbar protocol discovery command.
  • D: Configure the transport hierarchy.
  • E: Configure the DSCP value.

Correct Answer: AC






You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files