400-251 Actual Exam

By Author: thomas lamar
Total Articles: 61
Comment this article

Question: 1

Which three statements about the Cisco IPS sensor are true? (Choose three.)

A. You cannot pair a VLAN with itself.
B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.
C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can
be a member of an inline VLAN pair on more than one sensing interface.
D. The order in which you specify the VLANs in a inline pair is significant.
E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

Answer: A, C, E

Explanation:
Inline VLAN Interface Pairs
You cannot pair a VLAN with itself.
For a given sensing interface, a VLAN can be a member of only one inline VLAN pair. However, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
The order in which you specify the VLANs in an inline VLAN pair is not significant.
A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

Question: ...
... 2

According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)

A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets

Answer: A, B, C, D

Question: 3

Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.

Answer: C, D

Question: 4

Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in the
Cisco ISE solution? (Choose three.)

A. VLAN
B. voice VLAN
C. dACL name
D. voice domain permission
E. SGT

Answer: A, C, D

Question: 5

Which three statements about Cisco Flexible NetFlow are true? (Choose three.)

A. The packet information used to create flows is not configurable by the user.
B. It supports IPv4 and IPv6 packet fields.
C. It tracks all fields of an IPv4 header as well as sections of the data payload.
D. It uses two types of flow cache, normal and permanent.
E. It can be a useful tool in monitoring the network for attacks.

Answer: B, C, E

Question: 6

Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: A, C, D

Question: 7

Which three statements are true regarding Security Group Tags? (Choose three.)

A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.
B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.
C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.
D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and
WebAuth methods of authentication.
E. A Security Group Tag is a variable length string that is returned as an authorization result.

Answer: A, C, D

Question: 8

Which two certificate enrollment methods can be completed without an RA and require no direct connection to a CA by the end entity? (Choose two.)

A. SCEP
B. TFTP
C. manual cut and paste
D. enrollment profile with direct HTTP
E. PKCS#12 import/export

Answer: C, E

Question: 9

Which two statements about the AES algorithm are true? (Choose two)

A. The AES algorithm is an asymmetric block cipher.
B. The AES algorithm operates on a 128-bits block.
C. The AES algorithm uses a fixed length-key of 128 bits.
D. The AES algorithm does not give any advantage over 3DES due to the same key length.
E. The AES algorithm consist of four functions. Three functions provide confusion-diffusion and one provides encryption.

Answer: B, E

Question: 10

Which two statements about the RC4 algorithm are true? (Choose two.)

A. The RC4 algorithm is an asymmetric key algorithm.
B. The RC4 algorithm is a symmetric key algorithm.
C. The RC4 algorithm is slower in computation than DES.
D. The RC4 algorithm is used with wireless encryption protocols.
E. The RC4 algorithm uses fixed-length keys.

Answer: B, D

Question: 11

Which three statements about the RSA algorithm are true? (Choose three.)

A. The RSA algorithm provides encryption but not authentication.
B. The RSA algorithm provides authentication but not encryption.
C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.
D. The private key is never sent across after it is generated.
E. The public key is used to decrypt the message that was encrypted by the private key.
F. The private key is used to decrypt the message that was encrypted by the public key.

Answer: C, D, F

Question: 12

Which two statements about the MD5 Hash are true? (Choose two.)

A. Length of the hash value varies with the length of the message that is being hashed.
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.

Answer: B, E

Question: 13

Which two statements about the SHA-1 algorithm are true? (Choose two)

A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.
B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.
C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.
D. The purpose of the SHA-1 algorithm is to provide data confidentiality.
E. The purpose of the SHA-1 algorithm is to provide data authenticity.

Answer: B, E

Question: 14

Which two statements about the DES algorithm are true? (Choose two)

A. The DES algorithm is based on asymmetric cryptography.
B. The DES algorithm is a stream cipher.
C. The DES algorithm is based on symmetric cryptography.
D. The DES algorithm encrypts a block of 128 bits.
E. The DES algorithm uses a 56-bit key.

Answer: C, E

Question: 15

Which statement about the 3DES algorithm is true?

A. The 3DES algorithm uses the same key for encryption and decryption,
B. The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption.
C. The 3DES algorithm is a block cipher.
D. The 3DES algorithm uses a key length of 112 bits.
E. The 3DES algorithm is faster than DES due to the shorter key length.

Answer: C

yes, I am a Student and I am article author as well for CertsChief Network.