Free CCIE Security 400-251 dumps

Q1. When you are configuring QoS on the Cisco ASA appliance Which four are valid traffic selection criteria? (Choose four)

A. default-inspection-traffic

B. qos-group

C. DSCP

D. VPN group

E. tunnel group

F. IP precedence

View Answer

Q2. DRAG DROP

Drag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the Right?

View Answer

Q3. Refer to the exhibit 

Flexible NetFlow is failing to export flow records from RouterA to your flow collector. What action can you take to allow the IPv6 flow records to be sent to the colle

A. Set the NetFlow export protocol to v5

B. Configure the output-features command for the IPV4-EXPORTER

C. Add the ipv6 cef command to the configuration

D. Remove the ip cef command from the configuration

E. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor

View Answer

Q4. Which statement about the cisco anyconnect web security module is true ?

A. It is VPN client software that works over the SSl protocol.

B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.

C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.

D. It is deployed on endpoints to route HTTP traffic to SCANsafe

View Answer

Q5. CCMP (CCM mode Protocol) is based on which algorithm?

A. 3DES

B. Blowfish

C. RC5

D. AES

E. IDEA

View Answer

Q6. Which two statements about the 3DES encryption protocol are true?(Choose two)

A. It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.

B. Its effective key length is 168 bits.

C. It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.

D. The algorithm is most efficient when it is implemented in software instead of hardware.

E. It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.

F. Its effective key length is 112 bits.

View Answer

Q7. Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?

A. eBGP peering will fail because ASA is transit lacks BGP support.

B. eBGP peering will be successful.

C. eBGP peering will fail because the two routers must be directly connected to allow peering.

D. eBGP peering will fail because of the TCP random sequence number feature.

View Answer

Q8. Refer to the exhibit.

While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?

A. The NTP continuously received the previous 8 packets.

B. The NTP process is waiting to receive its first acknowledgement.

C. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.

D. The NTP process received only the most recent packet.

View Answer

Q9. DRAG DROP

Drag and drop the DNS record types from the left to the matching descriptions to the right

View Answer

Q10. What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?

A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater

B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets

C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes

D. It configures the interface to fragment packets on connections with MTUs of 1024 or less

E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes

View Answer