Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 400-251

Cisco® 400-251 Exam Practice Questions (P. 5)

  • Full Access (952 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant are able to authenticate, but clients without the supplicant are not able to use web authentication. Which configuration option will correct this issue?
  1. A
    switch(config)# aaa accounting auth-proxy default start-stop group radius
  2. B
    switch(config-if)# authentication host-mode multi-auth
  3. C
    switch(config-if)# webauth
  4. D
    switch(config)# ip http server
  5. E
    switch(config-if)# authentication priority webauth dot1x

Correct Answer:
D

Question #42
Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic filtering?
  1. A
    HTTP inspection
  2. B
    static entries in the botnet blacklist and whitelist
  3. C
    global ACL
  4. D
    NetFlow
  5. E
    DNS inspection and DNS snooping

Correct Answer:
E

Question #43
Refer to the exhibit.

Which statement about this Cisco Catalyst switch 802.1X configuration is true?
  1. A
    If an IP phone behind the switch port has an 802.1X supplicant, MAC address bypass will still be used to authenticate the IP Phone.
  2. B
    If an IP phone behind the switch port has an 802.1X supplicant, 802.1X authentication will be used to authenticate the IP phone.
  3. C
    The authentication host-mode multi-domain command enables the PC connected behind the IP phone to bypass 802.1X authentication.
  4. D
    Using the authentication host-mode multi-domain command will allow up to eight PCs connected behind the IP phone via a hub to be individually authentication

Correct Answer:
B

Question #44
Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable web application identified by the "/ runscript.php" URI is run?
  1. A
    AIC HTTP
  2. B
    Service HTTP
  3. C
    String TCP
  4. D
    Atomic IP
  5. E
    META
  6. F
    Multi-String

Correct Answer:
B

Question #45
The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF. Choose the correct configuration.
  1. A
    policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0 drop log
  2. B
    policy-map type inspect icmpv6 ICMPv6_PMAP match header routing-type eq 0 drop log
  3. C
    policy-map type inspect ipv6-header HEADER_PMAP match header routing-type eq 0 drop log
  4. D
    policy-map type inspect http HEADER_PMAP match routing-header 0 drop log
  5. E
    policy-map type inspect ipv6 IPv6_PMAP match header type 0 drop log
  6. F
    policy-map type inspect ipv6-header HEADER_PMAP match header type 0

Correct Answer:
A

Question #46

With the client protected by the firewall, an HTTP connection from the client to the server on TCP port 80 will be subject to which action?
  1. A
    inspection action by the HTTP_CMAP
  2. B
    inspection action by the TCP_CMAP
  3. C
    drop action by the default class
  4. D
    inspection action by both the HTTP_CMAP and TCP_CMAP
  5. E
    pass action by the HTTP_CMAP
  6. F
    drop action due to class-map misclassification

Correct Answer:
B

Question #47

Which route will be advertised by the Cisco ASA to its OSPF neighbors?
  1. A
    10.39.23.0/24
  2. B
    10.40.29.0/24
  3. C
    10.66.42.215/32
  4. D
    10.40.29.0/24

Correct Answer:
A

Question #48
Which three options can be configured within the definition of a network object, as introduced in Cisco ASA version 8.3(1)? (Choose three.)
  1. A
    range of IP addresses
  2. B
    subnet of IP addresses
  3. C
    destination IP NAT translation
  4. D
    source IP NAT translation
  5. E
    source and destination FQDNs
  6. F
    port and protocol ranges

Correct Answer:
ABD

Question #49
Regarding VSAs, which statement is true?
  1. A
    VSAs may be implemented on any RADIUS server.
  2. B
    VSAs are proprietary, and therefore may only be used on the RADIUS server of that vendor. For example, a Cisco VSA may only be used on a Cisco RADIUS server, such as ACS or ISE.
  3. C
    VSAs do not apply to RADIUS; they are a TACACS attribute.
  4. D
    Each VSA is defined in an RFC and is considered to be a standard.

Correct Answer:
A

Question #50
Which four items may be checked via a Cisco NAC Agent posture assessment? (Choose four.)
  1. A
    Microsoft Windows registry keys
  2. B
    the existence of specific processes in memory
  3. C
    the UUID of an Apple iPad or iPhone
  4. D
    if a service is started on a Windows host
  5. E
    the HTTP User-Agent string of a device
  6. F
    if an Apple iPad or iPhone has been "jail-broken"
  7. G
    if an antivirus application is installed on an Apple MacBook

Correct Answer:
ABDG

Previous Questions Next Questions

All Pages