File Info
| Exam | CCIE Security Written Exam v5.1 |
| Number | 400-251 |
| File Name | Cisco.PracticeDumps.400-251.2017-12-13.1e.137q.vcex |
| Size | 1.72 Mb |
| Posted | December 13, 2017 |
| Downloaded | 9 |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
What ate the two different modes in which Private AMP cloud can be deployed? (Choose two.)
- A: Cloud Mode
- B: Internal Mode
- C: Public Mode
- D: External Mode
- E: Proxy Mode
- F: Air Gap Mode
Correct Answer: EF
Reference:http://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-733180.html
Question 2
Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)
View the Exhibit.
Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)
- A: User five can view usernames and passwords
- B: User superuser can view the configuration
- C: User superuser can change usernames and passwords
- D: User superuser can view usernames and passwords
- E: User five can execute the show run command
- F: User cisco can view usernames and passwords
Correct Answer: BD
Question 3
Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three.)
- A: default-mcast-group
- B: set ip next-hop verify-availability
- C: sysopt connection tcpmss
- D: segment-id
- E: inspect vxlan
- F: nve-only
Correct Answer: ADF
Question 4
Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?
- A: SNMP Query
- B: DCHP SPAN
- C: DCHP
- D: HTTP
- E: RADIUS
- F: NetFlow
Correct Answer: F
Question 5
Which type of attack uses a large number of spoofed MAC addresses to emulate wireless clients?
- A: DoS against an access point
- B: DoS against a client station
- C: chopchop attack
- D: Airsnarf attack
- E: device-probing attack
- F: authentication-failure attack
Correct Answer: A
DoS attacks against access points are typically carried out on the basis of the following assumptions:
Access points have limited resources. For example, the per-client association state table.
WLAN management frames and authentication protocols 802.11 and 802.1x have no encryption mechanisms.
Wireless intruders can exhaust access point resources, most importantly the client association table, by emulating large number of wireless clients with spoofed MAC addresses. Each one of these emulated clients attempts association and authentication with the target access point but leaves the protocol transaction mid-way. When the access points resources and the client association table is filled up with these emulated clients and their incomplete authentication states, legitimate clients can no longer be serviced by the attacked access point. This creates a denial of service attack.
Reference:http://www.cisco.com/c/en/us/td/docs/wireless/mse/8-0/MSE_wIPS/MSE_wIPS_8_0/MSE_wIPS_7_5_appendix_0110.html#concept_E6770BF8F43241919859C16AE0077137
Access points have limited resources. For example, the per-client association state table.
WLAN management frames and authentication protocols 802.11 and 802.1x have no encryption mechanisms.
Wireless intruders can exhaust access point resources, most importantly the client association table, by emulating large number of wireless clients with spoofed MAC addresses. Each one of these emulated clients attempts association and authentication with the target access point but leaves the protocol transaction mid-way. When the access points resources and the client association table is filled up with these emulated clients and their incomplete authentication states, legitimate clients can no longer be serviced by the attacked access point. This creates a denial of service attack.
Reference:http://www.cisco.com/c/en/us/td/docs/wireless/mse/8-0/MSE_wIPS/MSE_wIPS_8_0/MSE_wIPS_7_5_appendix_0110.html#concept_E6770BF8F43241919859C16AE0077137
Question 6
Which two statements about NetFlow Secure Event Logging on a Cisco ASA are true? (Choose two.)
- A: It is supported only in single-context mode.
- B: It can log different event types on the same device to different collectors.
- C: It tracks configured collectors over TCP.
- D: It can be used without collectors.
- E: It supports one event type per collector.
- F: It can export templates through NetFlow.
Correct Answer: BF
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-nsel.pdf
Question 7
Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up.
Which reason for the problem is the most likely?
View the Exhibit.
Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up.
Which reason for the problem is the most likely?
- A: The channel-group modes are mismatched.
- B: The lacp system-priority and lacp port-priority values are the same.
- C: The EtherChannel requires three ports, and only two are configured.
- D: The EtherChannel is disabled.
Correct Answer: C
Question 8
Which option best describes RPL?
- A: RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
- B: RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route leaves and the root border router.
- C: RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
- D: RPL stands for Routing overlow priority links that use distance vector DOGAG to determine the best route between two root border routers.
Correct Answer: B
RPL is a distance vector protocol and supports a wide set of routing link and node metrics. RPL supports mono metric optimization—the best path is considered as the shortest (constrained) path according to a single metric (multimetric optimization is not supported). The objective is to not trade path optimality for network stability. A small path cost increase is usually smoothed out for the benefit of limiting the control plane traffic.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/rpl/configuration/15-mt/rpl-15-mt-book.html#concept_56393E63C4D74ABAB7A25049C2345053
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/rpl/configuration/15-mt/rpl-15-mt-book.html#concept_56393E63C4D74ABAB7A25049C2345053
Question 9
Which WEP configuration can be exploited by a weak IV attack?
- A: When the static WEP password has been given away
- B: When the static WEP password has been stored without encryption
- C: When a per-packet WEP key is in use
- D: When a 40-bit key is in use
- E: When the same WEP key is used to create every packet
- F: When a 64-bit key is in use
Correct Answer: D
http://www.opus1.com/www/whitepapers/whatswrongwithwep.pdf
Question 10
Which OpenStack project has orchestration capabilities?
- A: Heat
- B: Cinder
- C: Horizon
- D: Sahara
Correct Answer: A
Heat is the main project in the OpenStack Orchestration program. It implements an orchestration engine to launch multiple composite cloud applications based on templates in the form of text files that can be treated like code. A native Heat template format is evolving, but Heat also endeavours to provide compatibility with the AWS CloudFormation template format, so that many existing CloudFormation templates can be launched on OpenStack. Heat provides both an OpenStack-native ReST API and a CloudFormation-compatible Query API.
Reference: https://wiki.openstack.org/wiki/Heat
Reference: https://wiki.openstack.org/wiki/Heat
