Jump to content

Search the Community

Showing results for tags '400-251'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


    • LINUX
    • ORACLE
    • GNS3

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 10 results

  1. Hi All, Please find below the latest CCIE Security 400-251 written dumps file. I have passed the exam today so these dumps are stable. Not a single question came out of it for me. [Hidden Content] Best of Luck. Kind Regards, JS
  2. Hi All, I am facing issue in which my switch is unable to download CTS file from ISE. I am using L2 linux image in place of SW2_P. I was wondering if anyone else had to face the same issue.
  3. Hi! Can anyone share a good document or a book on FMC?
  4. Hi! I am searching for books related to CCIE security and haven't had much luck lately. I will be very really thankful if you share books from any topic that belong to Security domain. Thanks in advance.
  5. Hi All, Can anyone please share official certguide book for 400-251?
  6. 400-251 PassWritten CCIE Security written Valid & tested by me. Download quickly as the link is ONLY VALID till 7 DAYS from TODAY. [Hidden Content] 6-7 new questions. You have to know your stuff else you'll fail, so try with preparation & your own risk/luck. 1- Why BGP TTL Security is used. 2- What type of cipher is RC4 (answer: Stream cipher) 3- A question on AD groups for policy assignment by ISE (Not able to recall it) 4- Something on re-keying in MACsec 5- A question on CoA (Not able to recall it) If you pass, don't forget to update here.
  7. Dear All, Can anyone be kind enough to share with me a book on either WSA or FMC? Thanks in advance.
  8. Hi All! I did not want to post on this forum as it is meant for written exam discussion only but my query demanded prompt response. Can anyone of you let me know when does Cisco update the exam schedule? Is it at a particular time of the day or is it random? Best of luck to you all preparing for future exams.
  9. Hello guys, i noticed that there is no active Skype group at least i couldnt find. and i create a skype group. come and join the group to talk about written and lab questions. PM me.
  10. Hi All, I am planning to exam next week and have referred multiple dumps floating around since July. I have noticed different dumps have different answers selected. Hence all who have recently passed the exam to answer what to be selected/correct answers :- Q1] What are the 3 pieces of data you should review in response to a supported SSL MITM attack ? a the mac address of the SSL server b the mac address of the attacker c the ip address of the ssl server d the x.509 certificate of the attacker e the x.509 certificate of the SSL server f the dns name of the SSL server Q2] Which best practice can limit inbound TTL expiry attacks a setting the ttl value to zero b setting the ttl value to more than longest path in the network c setting the ttl value equal to the longest path in the network d setting the ttl value to less than the longest path in network Q3] Which 2 statements about a wirelss access point configured with the guest-mode commands are true ? a it support more than one guest mode SSID b it supports association by client that perform passive scans c it allows associated clients to transmit packets using its SSID d it allows clients configured without SSID to associate e if one device on a network is configure in guest-mode , clients can use the guest-mode SSID to connect to any device in the same network Q4] Which statement regarding routing function of Cisco ASA is true ? a) The asa supports policy-based routing with route-maps b in failover pair of ASAs, the standby firewall establishes a peer relationship with ospf neighbor c) routes to the null0 interface can be configured to black-hole traffic d) the translation table can override the routing table for new connections Q5] Which two statements about SeND protocol are true ? a it counters neighbor discovery threats b it must be enabled before you can configure ipv6 addresses c it supports numerous custom neighbor discovery messages d it logs ipv6-related threats to an external log server e it supports an autoconfiguration mechanism f it uses IPsec as a baseline mechanism Q6] which 2 options are important considerations when you use netflow to obtain the full picture of network traffic a it monitors only TCP connections b it monitors only routed traffic c it is unable to monitor over time d it monitors all traffic on the interface on which it is deployed e it monitors only ingress traffic on the interface on which it is deployed Q7] Refer to the exhibit which two configurations must you perform to enable the device to use this class map? (choose two) class-map match-any unknown match protocol unknown final a) configure PDLM b configure the ip nbar custom command c) configure the ip nbar protocol discovery command d) configure the transport hierarchy e) configure the dscp value Q8] Which statement regarding routing function of Cisco ASA is true running software version 9.2 ? a) The asa supports policy-based routing with route-maps b in failover pair of ASAs, the standby firewall establishes a peer relationship with ospf neighbor c) routes to the null0 interface can be configured to black-hole traffic d) the translation table can override the routing table for new connections Q9] aaa new-model aaa authentication username-prompt "local username: aaa authentication login default group tacacs local aaa authentication enable default group tacacs+ enable no aaa authorization config-commands aaa authorization exec default group tacacs local if-authenticated aaa authorization commands 15 default group tacacs if-authenticated aaa authorization reverse-access default group tacacs aaa accounting exec default start-stop group tacacs aaa accounting commands 1 default start-stop group tacacs aaa accounting commands 15 default start-stop group tacacs a) when a user logs in to priviledge EXEC mode the router will track all user activity b if configures the routers local database as the backup authentication method for all TTY, console and aux logins c)configuration commands on the router are authorized without checkig the TACACS server d) if a user attempts to log in as a level 15 user, the local database will be used for authentication and tacacs will be used for authorization e) Request to establish a reverse AUX connection to the router will be authorized against TACACs server f)when a user attempts to authenticate on the device the TACAC server will prompt the user to enter the username stored in the router's database Q10] Which two statements about NVGRE are true a) it supports up to 32 million virtual segments per instance b the network switch handles the addition and removal of NVGRE encapsulation. c) NVGRE endpoints can reside within a virtual machine d) it allows a virtual machine to retain its MAC and IP addresses when it is moved to a different hypervisor on a different L3 network e) The virtual machine resides on a single virtual network regardless of their physical location. Q11] which two statements about 6to4 tunneling are true ? a) it provides a/128 address block b)it provides a /48 address block c)it supports static and BGPV4 routing d)the prefix address of the tunnel is determine by the IPV6 configuration of the interface e) it supports multihoming f) it supports managed NAT along the path of tunnel Q12] Which two statements about EVPN are true. a) EVPN route exchange enables PE to discover one another and elect a DF b EVPN routes can advertise backbone MAC reachability c) EVPN allow you to map traffic on one or more VLANs or ports to a bridge domain d) EVPN routes can advertise VLAN membership and verify the reachability of ethernet segments e)it is a next-generation ethernet L2VPN solution that supports load balancing at the individual flow level and provider advanced access redundancy f) it is next-generation ethernet L3VPN solution that simplifies control-plane operations and enhance scalability. Q13] What are three technologies that can be used to trace the source of an attack in a network environment with multiple entry/exit point a) ICMP unreachable messages b Remotely-triggered destination-based black holing c) Traffic scrubbing d) sinkholes e) A honey pot Q14] Which statement about managing Cisco ISE guest services is true? a Only a super admin or system admin can delete the default sponsor portal b Only ISE administrators from an external identify store can be members of a Sponser group c by default , an ISE administrator can manage only the guest accounts he or she created in Sponser portal d ISE adminstrators can view and set a guest's password to a custom value in Sponsor portal e ISE administrators can access the sponser portal only if they have valid sponser accounts f ISE administrators can access the sponsor portal only from the guest access menu Q15] Which 3 authorization technologies does cisco trustsec support? a 802.1X b SGAGL c DACL d MAB e SGT f vlan Q16] In a cisco ASA multiple-context mode of operation configuration, what 3 session types are resource-limited by default when their context is a member of the default class? (choose3) a SSL VPN sessions b Telnet Sessions c TCP session d IPSEC session e ASDM sessions f SSH sessions Q17] Which cisco ISE profiler service probe can collect information about CDP? a DHCP SPAN b RADIUS c SNMP query d netflow e http f DHCP Q18] Which 2 statements about Cisco VSG are true? a because it is deployed at layer 2, it can be inserted significant reengineering of the network. b according to cisco best-practice the VGS should use the same VLAN for VSM-VEM control traffic and management traffic c it uses optional IP-to-virtual machine mappings to simplify management of virtual machine d it uses the cisco VSG user agent to register with the cisco prime network services controller e it can be integrated with VMWare vcenter to provide transparent provisioning of policies & profiles f it has built in intelligence for redirecting traffic and fast-path offload Q19] Which option is a benefit of VRF selection using policy-based routing for routing of packets to the different VPNs ? A it supports more than one VPN per interface b it allows bidirectional traffic flow between the service provider and the CEs c it automatically enables fast switching on all directly connected interfaces d it can use global routing tables to forward packets if the destination address matches the VRF configure on the interface e every PE router in the service provider MPLS cloud can reach every customer network f it increases the router performance when longer subnet masks are in the use. Q20] Which 3 transports have been defined for SNMPv3 a DTLS b SSH c TLS d SSL e IPsec secured tunnel f GET
  • Create New...