Download CCIE Security Written Exam v5-1.certkey.400-251.2019-04-19.1e.159q.vcex

Download Exam

File Info

Exam CCIE Security Written Exam v5.1
Number 400-251
File Name CCIE Security Written Exam v5-1.certkey.400-251.2019-04-19.1e.159q.vcex
Size 3.66 Mb
Posted April 19, 2019
Downloads 59
Download CCIE Security Written Exam v5-1.certkey.400-251.2019-04-19.1e.159q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three.)

  • A: default-mcast-group
  • B: set ip next-hop verify-availability
  • C: sysopt connection tcpmss
  • D: segment-id
  • E: inspect vxlan
  • F: nve-only

Correct Answer: ADF




Question 2

Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?

  • A: SNMP Query
  • B: DCHP SPAN
  • C: DCHP
  • D: HTTP
  • E: RADIUS
  • F: NetFlow

Correct Answer: F




Question 3

View the Exhibit. 

  

Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up. 
Which reason for the problem is the most likely?

  • A: The channel-group modes are mismatched.
  • B: The lacp system-priority and lacp port-priority values are the same.
  • C: The EtherChannel requires three ports, and only two are configured.
  • D: The EtherChannel is disabled.

Correct Answer: C




Question 4

Which option best describes RPL?

  • A: RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
  • B: RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route leaves and the root border router.
  • C: RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
  • D: RPL stands for Routing overlow priority links that use distance vector DOGAG to determine the best route between two root border routers.

Correct Answer: B

RPL is a distance vector protocol and supports a wide set of routing link and node metrics. RPL supports mono metric optimization—the best path is considered as the shortest (constrained) path according to a single metric (multimetric optimization is not supported). The objective is to not trade path optimality for network stability. A small path cost increase is usually smoothed out for the benefit of limiting the control plane traffic. 
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/rpl/configuration/15-mt/rpl-15-mt-book.html#concept_56393E63C4D74ABAB7A25049C2345053




Question 5

Which WEP configuration can be exploited by a weak IV attack?

  • A: When the static WEP password has been given away
  • B: When the static WEP password has been stored without encryption
  • C: When a per-packet WEP key is in use
  • D: When a 40-bit key is in use
  • E: When the same WEP key is used to create every packet
  • F: When a 64-bit key is in use

Correct Answer: D

http://www.opus1.com/www/whitepapers/whatswrongwithwep.pdf




Question 6

Which two options are benefits of global ACLs? (Choose two.)

  • A: The only operate on logical interfaces.
  • B: They are more efficient because they are processed before interface access rules.
  • C: They can be applied to multiple interfaces.
  • D: They are flexible because they match source and destination IP addresses for packets that arrive on any interface.
  • E: They save memory because they work without being replicated on each interface.

Correct Answer: DE

Global access rules allow you to apply a global rule to ingress traffic without the need to specify an interface to which the rule must be applied. Using global access rules provides the following benefits:
When migrating to the adaptive security appliance from a competitor appliance, you can maintain a global access rule policy instead of needing to apply an interface-specific policy on each interface. 
Global access control policies are not replicated on each interface, so they save memory space. 
Global access rules provides flexibility in defining a security policy. You do not need to specify which interface a packet comes in on, as long as it matches the source and destination IP addresses. 
Global access rules use the same mtrie and stride tree as interface-specific access rules, so scalability and performance for global rules are the same as for interface-specific rules. 
Reference:http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/access_rules.html




Question 7

Which three statements about 802.1x multiauthentication mode are true? (Choose three.)

  • A: It can be deployed in conjunction with MDA functionality on voice VLANs.
  • B: It requires each connected client to authenticate individually.
  • C: Each multiauthentication port can support only one voice VLAN.
  • D: It is recommended for auth-fail VLANs.
  • E: On non-802.1x devices, it can support only one authentication method on a single port.
  • F: It is recommended for guest VLANs.

Correct Answer: ABC

Available in Cisco IOS Release 12.2(50)SG, multiauthentication mode allows one client on the voice VLAN and multiple authenticated clients on the data VLAN. When a hub or access point is connected to an 802.1X port, multiauthentication mode provides enhanced security over multiple-hosts mode by requiring authentication of each connected client. For non-802.1X devices, you can use MAB or web-based authentication as the fallback method for individual host authentications, allowing you to authenticate different hosts through different methods on a single port.  
Multiauthentication also supports MDA functionality on the voice VLAN by assigning authenticated devices to either a data or voice VLAN depending on the VSAs received from the authentication server. 
Reference:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/dot1x.html#wp1309093




Question 8

View the Exhibit. 

  

Refer to the exhibit. Which three additional configuration elements must you apply to complete a functional FlexVPN deployment? (Choose three.)

  • A:
      
  • B:
      
  • C:
      
  • D:
      
  • E:
      
  • F:
      

Correct Answer: ABD

Reference: http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115782-flexvpn-site-to-site-00.html




Question 9

You are considering using RSPAN to capture traffic between several switches. 
Which two configurations aspects do you need to consider? (Choose two.)

  • A: Not all switches need to support RSPAN for it to work
  • B: The RSPAN VLAN need to be blocked on all trunk interfaces leading to the destination RSPAN switch
  • C: All switches need to be running the same IOS version
  • D: All distribution switches need to support RSPAN
  • E: The RSPAN VLAN need to be allow on all trunk interfaces leading to the destination RSPAN switch

Correct Answer: DE

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/network_management/configuration_guide/b_nm_3se_3850_cg/b_nm_3se_3850_cg_chapter_0111.html#ID62




Question 10

View the Exhibit. 

  

Refer to the exhibit Which effect of this configuration is true?

  • A: If the RADIUS server is unreachable, SSH users cannot authenticate.
  • B: All commands are validated by the RADIUS server before the device executes them.
  • C: Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS server.
  • D: Users must be in the RADIUS server to access the serial console.
  • E: Only SSH users are authenticated against the RADIUS server.

Correct Answer: D










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files