Download CCIE Security Written Exam v5-1.testking.400-251.2019-05-31.1e.163q.vcex

Download Exam

File Info

Exam CCIE Security Written Exam v5.1
Number 400-251
File Name CCIE Security Written Exam v5-1.testking.400-251.2019-05-31.1e.163q.vcex
Size 3.22 Mb
Posted May 31, 2019
Downloads 102
Download CCIE Security Written Exam v5-1.testking.400-251.2019-05-31.1e.163q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

What are the two different modes in which Private AMP cloud can be deployed? (Choose two.)

  • A: Cloud-Proxy Mode
  • B: Internal Mode
  • C: Air Gap Mode
  • D: Hybrid Mode
  • E: Public Mode
  • F: External Mode

Correct Answer: AC

Reference: http://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-733180.html




Question 2

Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?

  • A: SNMP Query
  • B: DCHP SPAN
  • C: DCHP
  • D: HTTP
  • E: RADIUS
  • F: NetFlow

Correct Answer: F




Question 3


Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up. 
Which reason for the problem is the most likely?

  • A: The channel-group modes are mismatched.
  • B: The lacp system-priority and lacp port-priority values are the same.
  • C: The EtherChannel requires three ports, and only two are configured.
  • D: The EtherChannel is disabled.

Correct Answer: C




Question 4

Which WEP configuration can be exploited by a weak IV attack?

  • A: When the static WEP password has been given away
  • B: When the static WEP password has been stored without encryption
  • C: When a per-packet WEP key is in use
  • D: When a 40-bit key is in use
  • E: When the same WEP key is used to create every packet
  • F: When a 64-bit key is in use

Correct Answer: D

http://www.opus1.com/www/whitepapers/whatswrongwithwep.pdf




Question 5

Which OpenStack project has orchestration capabilities?

  • A: Heat
  • B: Cinder
  • C: Horizon
  • D: Sahara

Correct Answer: A

Heat is the main project in the OpenStack Orchestration program. It implements an orchestration engine to launch multiple composite cloud applications based on templates in the form of text files that can be treated like code. A native Heat template format is evolving, but Heat also endeavours to provide compatibility with the AWS CloudFormation template format, so that many existing CloudFormation templates can be launched on OpenStack. Heat provides both an OpenStack-native ReST API and a CloudFormation-compatible Query API. 
Reference: https://wiki.openstack.org/wiki/Heat




Question 6

Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three.)

  • A: Real-time application performance improves if DTLS is implemented.
  • B: DTLS can fall back to TLS without enabling dead peer detection.
  • C: The ASA will verify the remote HTTPS certificate.
  • D: By default, the ASA uses the Cisco AnyConnect Essentials license.
  • E: By default, the VPN connection connects with DTLS.
  • F: Cisco AnyConnect connection use IKEv2 by default when it is configured as the primary protocol on the client.

Correct Answer: ABE




Question 7

Which three statements about 802.1x multiauthentication mode are true? (Choose three.)

  • A: It can be deployed in conjunction with MDA functionality on voice VLANs.
  • B: It requires each connected client to authenticate individually.
  • C: Each multiauthentication port can support only one voice VLAN.
  • D: It is recommended for auth-fail VLANs.
  • E: On non-802.1x devices, it can support only one authentication method on a single port.
  • F: It is recommended for guest VLANs.

Correct Answer: ABC

Available in Cisco IOS Release 12.2(50)SG, multiauthentication mode allows one client on the voice VLAN and multiple authenticated clients on the data VLAN. When a hub or access point is connected to an 802.1X port, multiauthentication mode provides enhanced security over multiple-hosts mode by requiring authentication of each connected client. For non-802.1X devices, you can use MAB or web-based authentication as the fallback method for individual host authentications, allowing you to authenticate different hosts through different methods on a single port.  
Multiauthentication also supports MDA functionality on the voice VLAN by assigning authenticated devices to either a data or voice VLAN depending on the VSAs received from the authentication server. 
Reference:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/dot1x.html#wp1309093




Question 8

  

Refer to the exhibit Which effect of this configuration is true?

  • A: If the RADIUS server is unreachable, SSH users cannot authenticate.
  • B: All commands are validated by the RADIUS server before the device executes them.
  • C: Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS server.
  • D: Users must be in the RADIUS server to access the serial console.
  • E: Only SSH users are authenticated against the RADIUS server.

Correct Answer: D




Question 9

Which command is used to enable 802.1x authorization on an interface?

  • A: authentication port-control auto
  • B: aaa authorization auth-proxy default
  • C: aaa authorization network default group tacacs+
  • D: authentication control-direction both
  • E: authentication open

Correct Answer: A

Reference:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dot1x.html




Question 10

Which two design options are best to reduce security concerns when adopting IoT into an organization? (Choose two.)

  • A: Encrypt data at rest on all devices in the IoT network.
  • B: Implement video analytics on IP cameras.
  • C: Encrypt sensor data in transit.
  • D: Segment the Field Area Network from the Data Center network.
  • E: Ensure that applications can gather and analyze data at the edge.

Correct Answer: AD

Reference: http://www.cisco.com/c/en/us/about/security-center/secure-iot-proposed-framework.html#9










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files