10 Tips For Most up-to-date 400-251 pdf

Q1. Which two statements about SOX are true? (Choose two.)

A. SOX is an IEFT compliance procedure for computer systems security.

B. SOX is a US law.

C. SOX is an IEEE compliance procedure for IT management to produce audit reports.

D. SOX is a private organization that provides best practices for financial institution computer systems.

E. Section 404 of SOX is related to IT compliance.

View Answer

Q2. Refer to the exhibit. 

Which two effect of this configuration are true ? (Choose two)

A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.

B. The Cisco ASA use the cisco directory as the starting point for the user search.

C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.

D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.

E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.

F. The admin user is authenticated against the members of the security.cisco.com group.

View Answer

Q3. Which two options are differences between automation and orchestration? (Choose two)

A. Automation is to be used to replace human intervention

B. Automation is focused on automating a single or multiple tasks

C. Orchestration is focused on an end-to-end process or workflow

D. Orchestration is focused on multiple technologies to be integrated together

E. Automation is an IT workflow composed of tasks, and Orchestration is a technical task

View Answer

Q4. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol Unreachable

B. Destination Unreachable-port Unreachable

C. Time Exceeded-Time to Live exceeded in Transit

D. Redirect-Redirect Datagram for the Host

E. Time Exceeded-Fragment Reassembly Time Exceeded

F. Redirect-Redirect Datagram for the Type of service and Host

View Answer

Q5. Why is the IPv6 type 0 routing header vulnerable to attack?

A. It allows the receiver of a packet to control its flow.

B. It allows the sender to generate multiple NDP requests for each packet.

C. It allows the sender of a packet to control its flow.

D. It allows the sender to generate multiple ARP requests for each packet.

E. It allows the receiver of a packet to modify the source IP address.

View Answer

Q6. Refer to the exhibit 

which two statement about the given IPV6 ZBF configuration are true? (Choose two)

A. It provides backward compability with legacy IPv6 inspection

B. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.

C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.

D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.

E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.

F. It provide backward compatibility with legacy IPv4 inseption.

View Answer

Q7. Refer to the exhibit . Which Statement about this configuration is true?

A. The ASA stops LSA type 7 packets from flooding into OSPF area 1.

B. The ASA injects a static default route into OSPF area 1.

C. The ASA redistributes routes from one OSPF process to another.

D. The ASA redistributes routes from one routing protocol to another.

E. The ASA injects a static default route into OSPF process 1.

View Answer

Q8. If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?

A. standby

B. active

C. on

D. passive

View Answer

Q9. Which two options are open-source SDN controllers? (Choose two)

A. OpenContrail

B. OpenDaylight

C. Big Cloud Fabric

D. Virtual Application Networks SDN Controller

E. Application Policy Infrastructure Controller

View Answer

Q10. What feature on Cisco IOS router enables user identification and authorization based on per-user policies

A. CBAC

B. IPsec

C. Authentication proxy

D. NetFlow v9

E. Zone-based firewall

F. EEM

View Answer