Cisco® 400-251 Exam Practice Questions (P. 2)
- Full Access (952 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?
send
light_mode
delete
Question #12
Which two statements are correct regarding the AES encryption algorithm? (Choose two.)
- AIt is a FIPS-approved symmetric block cipher.
- BIt supports a block size of 128, 192, or 256 bits.
- CIt supports a variable length block size from 16 to 448 bits.
- DIt supports a cipher key size of 128, 192, or 256 bits.
- EThe AES encryption algorithm is based on the presumed difficulty of factoring large integers.
Correct Answer:
AD
AD
send
light_mode
delete
Question #13
What are two benefits of using IKEv2 instead of IKEv1 when deploying remote-access IPsec VPNs? (Choose two.)
- AIKEv2 supports EAP authentication methods as part of the protocol.
- BIKEv2 inherently supports NAT traversal.
- CIKEv2 messages use random message IDs.
- DThe IKEv2 SA plus the IPsec SA can be established in six messages instead of nine messages.
- EAll IKEv2 messages are encryption-protected.
Correct Answer:
AB
AB
send
light_mode
delete
Question #14
DNSSEC was designed to overcome which security limitation of DNS?
- ADNS man-in-the-middle attacks
- BDNS flood attacks
- CDNS fragmentation attacks
- DDNS hash attacks
- EDNS replay attacks
- FDNS violation attacks
Correct Answer:
A
A
send
light_mode
delete
Question #15
Which three statements are true about MACsec? (Choose three.)
- AIt supports GCM modes of AES and 3DES.
- BIt is defined under IEEE 802.1AE.
- CIt provides hop-by-hop encryption at Layer 2.
- DMACsec expects a strict order of frames to prevent anti-replay.
- EMKA is used for session and encryption key management.
- FIt uses EAP PACs to distribute encryption keys.
Correct Answer:
BCE
BCE
send
light_mode
delete
Question #16
Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment?
- ASSL Handshake Protocol
- BSSL Alert Protocol
- CSSL Record Protocol
- DSSL Change CipherSpec Protocol
Correct Answer:
C
C
send
light_mode
delete
Question #17
IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)
- ASend
- BMobile IPv6
- Csite-to-site virtual interfaces
- DOSPFv3
- ECAPWAP
- FLWAPP
Correct Answer:
BCD
BCD
send
light_mode
delete
Question #18
Which four options are valid EAP mechanisms to be used with WPA2? (Choose four.)
send
light_mode
delete
Question #19
Which three statements are true about the SSH protocol? (Choose three.)
- ASSH protocol runs over TCP port 23.
- BSSH protocol provides for secure remote login and other secure network services over an insecure network.
- CTelnet is more secure than SSH for remote terminal access.
- DSSH protocol runs over UDP port 22.
- ESSH transport protocol provides for authentication, key exchange, confidentiality, and integrity.
- FSSH authentication protocol supports public key, password, host based, or none as authentication methods.
Correct Answer:
BEF
BEF
send
light_mode
delete
Question #20
Which two statements are true when comparing ESMTP and SMTP? (Choose two.)
- AOnly SMTP inspection is provided on the Cisco ASA firewall.
- BA mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server.
- CESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.
- DSMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.
- EESMTP servers can identify the maximum email size they can receive by using the SIZE command.
Correct Answer:
CE
CE
send
light_mode
delete
All Pages