400-251 CCIE Security Exam Cost

The CCIE Security certification requires passing a written exam. DumpsSchool offers updated CCIE security written exam dumps of the 400-251 exam.

Try it Latest DumpsSchool 400-251 Exam dumps. Buy Full File here: https://www.dumpsschool.com/400-251-exam-dumps.html (514 As Dumps)

Download the DumpsSchool 400-251 braindumps from Google Drive: https://drive.google.com/file/d/11FxbQgMHhmv_ZErOwWAvO2afPaSZOyQN/view (FREE VERSION!!!)

Question No. 1

What would describe Cisco Virtual Topology System?

Answer: D

Question No. 2

Which two statements about the Cognitive Threat Analytics feature of Cisco AMP for Web Security are

true? (Choose two.)

Answer: B, F

Question No. 3

Which two events can cause a failover event on an active/standby setup? (Choose two.)

Answer: C, D

Question No. 4

Which two limitations of ISE inline posture are true?

Answer: A, C

Question No. 5

Which two options are benefits of network summarization? (Choose two.)

Answer: A, E

Question No. 6

Which are the three conditions in which ISE profiler issues a CoA request to a NAD? (Choose three)

Answer: A, C, D

Question No. 7

Which of the following statements about Cisco TrustSec is incorrect?

Answer: C

Question No. 8

Refer to the exhibit

========================================

ASA1

router ospf 12

network 10.1.11.0 255.255.255.0 area 1

area 1 authentication message-digest

interface G0/1

namif inside

security-level 100

ip address 10.1.11.1 255.255.255.0 standby 10.1.11.2

ospf message-digest-key 12 md5 cisco

R2

router ospf 12

area 0 authentication message-digest

area 1 authentication message-digest

network 10.1.11.0 0.0.0.255 area 1

network 10.1.12.0 0.0.0.255 area 0

network 172.16.100.0 0.0.0.255 area 0

interface GigabitEthernet2

ip address 10.1.11.22 255.255.255.0

ip ospf message-digest-key 21 md5 cisco

========================================

Refer to the exhibit. Firewall ASA1 and router R2 are running OSPF routing process in area 1 connected via 10.11.1.0/24 subnet in the inside zone. It has been reported that ASA1 cannot see any OSPF learned routes. Which two possible issues are true?

Answer: A

Question No. 9

Which best practice can limit inbound TTL expiry attacks?

Answer: B

In practice, filtering packets whereby TTL value is less than or equal to the value that is needed to traverse

the longest path across the network will completely mitigate this attack vector.

https://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.html

Question No. 10

You have an ISE deployment with 2 nodes that are configured as PAN and MnT (Primary and Secondary), and 4 Policy Services Nodes. How many additional

PSNs can you add to this deployment?

Answer: D

Question No. 11

Which statement about Remote Triggered Black Hole Filtering feature is true?

Answer: C

Question No. 12

Which of the following Cisco products gives ability to interact with malware for its behavior analysis?

Answer: E

Question No. 13

An university has hired you as a consultant to advise them on the best method to prevent DHCP starvation attacks in the campus. They have already implemented DHCP snooping and port security to control the situation, but those do not fully contain the issue. Which two actions do you suggest to fix this issue? (Choose two.)

Answer: B, F

Question No. 14

Which two statements about Cisco URL Filtering on Cisco IOS Software are true? (Choose two)

Answer: B, F

Question No. 15

Which statement about zone-based policy firewall implementation is true?

Answer: B

400-251 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/11FxbQgMHhmv_ZErOwWAvO2afPaSZOyQN/view

Related Certification: CCIE Security dumps