Isnare Free Articles
Authors Contents [Add OpenSearch]
Distribute your articles to more than 6,000+ sites and 40,000+ email group publisher subscribers for as low as $2 / article...
Index  Article Directory  Business
Embed this Article  
Peter Baumann

Peter Baumann x 28 articles

Liked the article? Consider buying me a beer!

Question: 1

Which two statements about SCEP are true? (Choose two)

A. CA Servers must support GetCACaps response messages in order to implement extended functionality.

B. The GetCRL exchange is signed and encrypted only in the response direction.

C. It is vulnerable to downgrade attacks on its cryptographic capabilities.

D. The GetCert exchange is signed and encrypted only in the response direction.

E. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.

Answer: A C

Question: 2

Which two events can cause a failover event on an active/standby setup? (Choose two)

A. The active unit experiences interface failure above the threshold.

B. The unit that was previously active recovers.

C. The stateful failover link fails.

D. The failover link fails

E. The active unit fails.

Answer: A E

Question: 3

Which two statements about the MACsec security protocol are true? (Choose two)

A. Stations broadcast an MKA heartbeat the contains the key server priority.

B. The SAK is secured by 128-bit AES-GCM by default.

C. When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM.

D. MACsec is not supported in MDA mode.

E. MKA heartbeats are sent at a default interval of 3 seconds.

Answer: A B

Question: 4

Which two options are benefits of network summarization? (Choose two)

A. It can summarize discontiguous IP addresses.

B. It can easily be added to existing networks.

C. It can increase the convergence of the network.

D. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable

E. It reduces the number of routes.

Answer: D E

Question: 5

Refer to the exhibit.

Which meaning of this error message on a Cisco ASA is true?

A. The route map redistribution is configured incorrectly.

B. The default route is undefined.

C. A packet was deniedand dropped by an ACL.

D. The host is connected directly to the firewall.

Answer: B

Question: 6

Which two statements about uRPF are true?(Choose two)

A. The administrator can configure the allow-default command to force the routing table to use only the default .

B. It is not supported on the Cisco ASA security appliance.

C. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work through HSRP touting groups.

D. The administrator can use these how cef interface command to determine whether uRPF is enabled.

E. In strict mode, only one routing path can be available to reach network devices on a subnet..

Answer: D E

Question: 7

Which type of header attack is detected by Cisco ASA basic threat detection?

A. Connection limit exceeded.

B. Denial by access list.

C. Failed application inspection.

D. Bad packet format.

Answer: D

Question: 8

Refer to the exhibit.

A user authenticates to the NAS, which communicates to the VACAS+server authentication. The TACACS+SERVERthen accesses the Active Directory Server through the ASA firewall to validate the user credentials. Which protocol-Port pair must beallowed access through the ASA firewall?

A. SMB over TCP 455.

B. DNS over UDP 53.

C. LDAP over UDP 389.

D. global catalog over UDP 3268.

E. TACACS+over TCP 49.

F. DNS over TCP 53.

Answer: C

Question: 9

Which WEP configuration can be exploited by a weak IV attack?

A. When the static WEP password has been stored without encryption.

B. When a per-packet WEP key is in use.

C. When a 64-bit key is in use.

D. When the static WEP password has been given away.

E. When a 40-bit key is in use.

F. When the same WEP key is used to create every packet.

Answer: E

Question: 10

Which two statements about Botnet Traffic Filter snooping are true?(Choosetwo)

A. It can log and block suspicious connections from previously unknown bad domains and IP addresses.

B. It requires the Cisco ASA DNS server to perform DNS lookups.

C. It requires DNS packet inspection to be enabled to filter domain names in the dynamic database.

D. It checks inbound traffic only.

E. It can inspect both IPv4 and IPv6 traffic.

F. It checks inbound and outbound traffic.

Answer: CF

Question: 11

Which three statements about SXP are true?(Choose three)

A. It resides in the control plane, where connections can be initiated from a listener.

B. Packets can be tagged with SGTs only with hardware support.

C. Each VRF supports only one CTS-SXP connection.

D. To enable an access device to use IP device tracking to learn source device IP addresses,DHCP snooping must be configured.

E. The SGA ZBPF uses the SGT to apply forwarding decisions.

F. SeparateVRFs require different CTS-SXP peers, but they can use the same source IP addresses.

Answer: A B C

Question: 12

Which file extensions are supported on the Firesight Management Center 6.1(3.1)file policies that can be analyzed dynamically using the Threat Grid Sandbox integration?





Answer: A

Question: 13

Refer to exhibit

You applied this VPN cluster configuration to n a Cisco ASA and the cluster failed to form. How do you edit the configuration to correct the problem?

A. Define the maximum allowable number of VPN connections.

B. Define the master/slave relationship.

C. Configure the cluster IP address.

D. Enable load balancing.

Answer: C

Question: 14

Which effect of the crypto pki authenticate commend is true?

A. It sets the certificate enrollment method.

B. It retrievers and authentication a CA certificate.

C. It configures a CA trustpoint.

D. It displays the current CA certificate.

Answer: B

Question: 15

Which effect of theip nhrp map multicast dynamic command is true?

A. It configures a hub router to automatically add spoke routers to multicast replication list of the hub.

B. It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs.

C. It enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel.

D. It configures a hub router to reflect the routes it learns from a spoke back to other spoke back to other spokes through the same interface.

Answer: A

Question: 16

Which statement about VRF-aware GDOI group members is true?

A. IPsec is used only to secure data traffic.

B. The GM cannot route control traffic through the same VRF as data traffic.

C. Multiple VRFs are used to separate control traffic and data traffic.

D. Registration traffic and rekey traffic must operate on different on different VRFs.

Answer: C

Question: 17

Refer to the exhibit .

Which data format is used in this script?


B. JavaScript




Answer: E

Question: 18

Which two statements about Cisco URL Filtering on Cisco IOS Software are true?(Choose two)

A. It supports Websense and N2H2 filtering at the same time.

B. It supports local URL lists and third-party URL filtering servers.

C. By default, it uses ports 80 and 22.

D. It supports HTTP and HTTP traffic.

E. By default, it allows all URLs when the connection to the filtering server is down.

F. It requires minimal CPU time.

Answer: A B

Question: 19

Which two options are benefits of the Cisco ASA transparent firewall mode?(Choose two)

A. It can establish routing adjacencies.

B. It can perform dynamic routing.

C. It can be added to an existing network without significant reconfiguration.

D. It supports extended ACLs to allow Layer 3 traffic to pass from higher lower security interfaces.

E. It provides SSL VPN support.

Answer: C D

Question: 20

How does Scavenger-class QOS mitigate DOS and worm attacks?

A. It monitors normal traffic flow and drops burst traffic above the normal rate for a single host.

B. It matches traffic from individual hosts against the specific network characteristics of known attack types.

C. It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is detected.

D. It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from multiple hosts.

Answer: D

Question: 21

Refer to the exhibit.

What are two effects of the given configuration?(Choose two)

A. TCP connections will be completed only to TCP ports from 1 to 1024.

B. FTP clients will be able to determine the server’s system type

C. The client must always send the PASV reply.

D. The connection will remain open if the size of the STOP command is greater than a fixed constant.

E. The connection will remain open if the PASV reply command includes 5 commas.

Answer: B E

Question: 22

Which three statements about Cisco Any Connect SSL VPN with the ASA are true?(Choose three)

A. DTLS can fail back to TLS without enabling dead peer detection.

B. By default, the VPN connection connects with DTLS.

C. Real-time application performance improves if DTLS is implemented.

D. Cisco Any Connect connections use IKEv2 by default when it is configured as the primary protocol on the client.

E. By default, the ASA uses the Cisco Any Connect Essentials license.

F. The ASA will verify the remote HTTPS certificate.

Answer: B C D

Question: 23

Which two statement about the Cisco Any Connect VPN Client are true?(Choose two)

A. To improve security, keep alives are disabled by default.

B. It can be configured to download automatically without prompting the user.

C. It can use an SSL tunnel and a DTLS tunnel simultaneously.

D. By default, DTLS connections can fall back to TLS.

E. It enable users to manage their own profiles.

Answer: B C

Question: 24

What are the two different modes in which Private AMP cloud can be deployed?(Choose two )

A. Air Gap Mode.

B. External Mode.

C. Internal Mode.

D. Public Mode.

E. Could Mode.

F. Proxy Mode.

Answer: A E

Question: 25

Refer to the exhibit,

What are two functionalities of this configuration?(Choose two)

A. Traffic will not be able to pass on gigabit Ethernet 0/1.

B. The ingress command is used for an IDS to send a reset on Vlan 3 only.

C. The source interface should always be a VLAN.

D. The encapsulation command is used to deep scan on dot1q encapsulated traffic.

E. Traffic will only be send to gigabit Ethernet 0/20

Answer: B, E

Rate this article:
Test Information: Total Questions: 458 Test Number: 400-251 Vendor Name: Cisco Cert Name: CCIE Security Test Name: CCIE Security Written Official Site: For More Details:
Important NoticeDISCLAIMER: All information, content, and data in this article are sole opinions and/or findings of the individual user or organization that registered and submitted this article at without any fee. The article is strictly for educational or entertainment purposes only and should not be used in any way, implemented or applied without consultation from a professional. We at do not, in anyway, contribute or include our own findings, facts and opinions in any articles presented in this site. Publishing this article does not constitute's support or sponsorship for this article. is an article publishing service. Please read our Terms of Service for more information.

Most Recent Articles

Renovate Your Lawn Beautifully With Lawn Care and Maintenance Services

An Article by LAZICH LEO in Gardening

11 months ago

An unkempt and ugly lawn is not only an eyesore, it also creates a negative impact on your property. If you have let go of lawn care so much so that it is over run with weeds or shows bare patches, a lawn renovation is in order. Repairing your lawn may be a good idea if the about 25% of your lawn is in bad shape...

Custom Hanging Signs Sydney - Affordable Way of Promoting Your Business

An Article by Mike Layman in Marketing

11 months ago

Hanging Signs are not just an amazing and highly cost effective way of advertising your products and services; they are easier to setup in comparison to other advertisement signs – just hang them from a pair of hooks or whatever and you're done. Needless to add, this also makes them more economical than other outdoor or indoor advertisement material...

Armor Your Laptop in Style With Printable Laptop Sleeves

An Article by Rohit B in Finances

11 months ago

To help you with both of your purposes, let us discuss about such a service which will help you out here to create your own laptop sleeve. So as I told you in the above paragraph, which I would have started my personal service or something to help you out of this situation. But let me inform you what you must be thinking is just something hypothetical, but that’s not true...

Start School in Time by Using Automatic School Bell

An Article by Vivency Global in Education

11 months ago

School is first place where children learn discipline, good manners and punctuality. The automatic school bell solutions are really important and makes away from manual errors. Humans may ring the bell at in appropriate time but the machine cannot. The most of the school are digitalized with interactive boards, automatic bells, CCTV and many...

Applying For No Credit Check Mortgage Loan? – Expert Tips to Follow

An Article by Roy Robbins in Finances

11 months ago

Interestingly, the option of no credit check mortgage loan has been made available by some lenders. So, one does not need to undergo tedious process of credit assessment. However getting quick approval for an affordable mortgage no credit check loan is not easy. Some stringent approval criteria may apply...

70-345 Microsoft Exchange Server 2016 Study Books

An Article by Chung Crissler in Internet

11 months ago

Examunion offers you a comprehensive look at the best prospects available in 70-345 exam questions throughout the Industry. Not only will you be given theoretical, but also given 70-345 Microsoft Exchange Server 2016 study books which will give you even more practice than before. Try our Designing and Deploying Microsoft Exchange Server 2016 70-345 exam test today and succeed in your Designing and Deploying Microsoft Exchange Server 2016 70-345 exam...

Microsoft MCSE 70-339 Practice Exam SharePoint Server 2016 70-339 Questions Material

An Article by Chung Crissler in Education

11 months ago

Maybe on other web sites or books, you can also see the related training materials. But as long as you compare Examunion product with theirs, you will find that our product has a broader coverage of the certification exam's outline. You can free download part of Microsoft MCSE 70-339 exam books from Examunion website as a try to detect the quality of our products...

Gain Weight and Build Muscle

An Article by Arati Shah in Wellness, Fitness and Diet

11 months ago

Several individuals do not succeed in their passion to maintain a healthy diet due to the lack of knowledge of eating healthy at work. When at work, many find it difficult to stay committed to a diet plan due to several unavoidable reasons such as colleagues might request to eat with them, availability of lots of delicious food at workplace, etc...

XenApp and XenDesktop 7.6 LTSR 1Y0-202 Questions

An Article by Kruis Barry in Education

11 months ago

1Y0-202 is a challenging exam, with our XenApp and XenDesktop 7. 6 LTSR 1Y0-202 questions; you can feel safe with our question and answers that will help you in obtaining your successful completion of your 1Y0-202 exam. All of our practice exams including the 1Y0-202 exam will prepare you for success...

VSphere 6.5 Foundations Exam 2V0-602 Dumps

An Article by Kruis Barry in Education

11 months ago

Passcert vSphere 6. 5 Foundations 2V0-602 dumps 2V0-602 help you to save a lot of time and effort. You 2V0-602 also use the extra time and effort to earn more money. Passcert provide you the product with high quality and reliability. You 2V0-602 free download online part of Passcert providing vSphere 6...

Citrix Certification 1Y0-202 Exam Answers Passtcert

An Article by Nigel Reyez in Computers and Technology

11 months ago

Passtcert is a website which can help you save time and energy to rapidly and efficiently master the Citrix certification 1Y0-202 exam related knowledge. If you are interested in Passtcert, you can first free download part of Passtcert Citrix Certification 1Y0-202 exam answers on the Internet as a try...

Benefits to Your Wedding Provided by Limo Service in Pittsburgh, PA

An Article by Iris K. Allen in Marriage

11 months ago

Using professional transportation on your wedding day may seem like a given and a basic booking to make, but considering the effect that it can have, you’d serve your wedding day well to be selective with your booking. Find a worthwhile company and secure every wedding transportation need with a suitable Pittsburgh Limousine...

Mark the Family Wedding With a Denver Bus Rental

An Article by Lucille W. Hill in Travel

11 months ago

The obligatory family wedding comes with challenges, but it also offers opportunities. A Coach Bus Denver will make it possible for your extended family to reconnect, save some cash, and all attend the family wedding as part of a group. Take Note of Transportation NecessitiesComprehensive research into all elements of transportation should come before you make reservation from any of the Charter Bus Companies Denver...

Killtest 2017 Microsoft MCSA 70-764 Test Questions Microsoft 70-764 Practice Test

An Article by Delia Green in Education

11 months ago

70-764 Administering a SQL Database Infrastructure is among the many most respected exams so you can get good work opportunities. We can complete devoid of much frantic use the particular help regarding Microsoft MCSA 70-764 Test Questions Microsoft 70-764 Practice Test that are exclusively made for people who will need advice...

2V0-602 VSphere 6.5 Foundations VMware VCP6.5-DCV 2V0-602 Exam Test Prep

An Article by Morris Porreca in Education

11 months ago

About VMware 2V0-602 exam, you can find these questions from different web sites or books, but the key is logical and connected. Our questions and answers will not only allow you effortlessly through the exam first time, but also can save your valuable time. Examgood can provide professional and high quality products...

MLA Style Citation:
Baumann, Peter "400-251 PDF Training Guides." 400-251 PDF Training Guides. 11 Aug. 2017 19 Jul. 2018 <>.
APA Style Citation:
Baumann, Peter (2017, August 11). 400-251 PDF Training Guides. Retrieved July 19, 2018, from
Chicago Style Citation:
Baumann, Peter "400-251 PDF Training Guides." 400-251 PDF Training Guides
Copy and paste the code below to embed this article:
<a class="embedly-card" href="">400-251 PDF Training Guides</a> <script>!function(a){var b="embedly-platform",c="script";if(!a.getElementById(b)){ var d=a.createElement(c);,d.src=("https:"===document.location.protocol?"https":"http")+"://"; var e=document.getElementsByTagName(c)[0];e.parentNode.insertBefore(d,e)}}(document);</script>