[Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 111-120

Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html

Question No.111

Which two options are open-source SDN controllers? (choose two)

  1. Opendaylight

  2. Big Cloud Fabric

  3. Application Policy Infrastructure Controller

  4. OpenContrail

  5. Virtual Application Networks SDN Controller

Correct Answer: AD

Question No.112

A customer is developing a strategy to deal with Wanna Cry variants that defect sandboxing attempts and mask their present analyzed. Which four mechanisms can be used in this strategy?

  1. Employ a DNS forwarder that responds to unknown domain names with a reachable IP (honey pot) that can mimic sandboxing containment responses and alert when a possible threat is detected.

  2. Apply route maps at the access layer that prevent all RPC and SMB communication throughout the network.

  3. Ensure that the standard desktop image used in the organization is an actively supported operating system and that security patches are applied.

  4. Run antimalware software on user endpoints and servers as well as ensure regular signature updates.

  5. Ensure that vulnerable services used for propagation of malware such as SMB are blocked on public facing segments.

  6. Employ URL/DNS inspection mechanisms that blackhole the request. This action prevents malware from communicating with unknown domains and thus prevents the WannaCry malware from becoming active.

  7. Apply ACLs at the access layer that prevents all RPC and SMP communication throughout the network.

Correct Answer: DEFG

Question No.113

Which policy action allows to a pass without any further inspection by the intrusion when implementing Cisco Firepower access control policy?

  1. Pass

  2. Interactive block

  3. Allow

  4. Monitor

  5. Block

  6. Trust

Correct Answer: F

Question No.114

Refer to the exhibit. Which two effects of this configuration are true? (Choose two)

image

  1. When a user logs in to privileged EXEC mode, the router will track all user activity

  2. It configures the router#39;s local database as the backup authentication method for all TTY, console, and aux logins

  3. If a user attempts to log in as a level 15 user, the local database will be used for authentication and TACACS will be used for authorization

  4. Configuration commands on the router are authorized without checking the TACACS server

  5. When a user attempts to authenticate on the device, the TACACS server will prompt the user to enter the username stored in the router#39;s database

  6. Requests to establish a reverse AUX connection to the router will be authorized against the TACACS server

Correct Answer: BF

Question No.115

Which action must happen before you enroll a device to a mobile device management service fro a different vendor?

  1. wipe the entire device and start from scratch

  2. Allow both vendor profiles remain on the device.

  3. Remove the profiles form the previous vendor from the device

  4. Alter the administrator so that they can remove this device form the network

Correct Answer: C

Question No.116

Which two combinations of node are allowed in a Cisco ISE distributed deployment? (Choose two)

  1. ISE cluster with eight nodes

  2. Pair of passive ISE nodes for automatic failover

  3. One or more policy service ISE nodes for session failover standalone

  4. Primary and secondary administration ISE nodes for high availability

  5. Active and standby ISE notes for high availibilty

Correct Answer: BD

Question No.117

Which statement about Health Monitoring on the Firepower System is true?

  1. When you delete a health policy that is applied to a device, the device reverts to the default health policy.

  2. If you apply a policy without active modules to a device, the previous health policy remains in effect unless you delete it.

  3. Health events are generated even when the health monitoring status is disabled.

  4. Descendant domains in a multi-domain deployment can view, edit, and apply policies from ancestor domains.

  5. The administrator of a descendant domain is unable to edit or delete blacklists applied by the administrator of an ancestor domain.

  6. The default health policy is automatically applied to all managed devices.

Correct Answer: C

Question No.118

Which statement about Cisco Firepower user agents is true?

  1. User agents with the correct password can connect to the Firepower Management Center without additional configuration of the server

  2. They can be installed on Windows computers only

  3. The User agent connection to the Firepower Management Center can be secured with IPsec.

  4. A single user agent can send data to up to 10 Firepower Management Centers simultaneously.

  5. It supports multiple user-management options, including Active Directory and LDAP.

Correct Answer: E

Question No.119

Which effect of the crypto key encrypt write rsa command on a router is true?

  1. The device locks the encrypted key the saves it to the NVRAM

  2. The device saves the unlocked encrypted key to the NVRAM

  3. The device locks the encrypted key but the key is lost when the routers is reloaded

  4. The device encrypts and locks key before authenticating it with an external CA server

Correct Answer: B

Question No.120

Which IPS deployment mode is most reliant on the Automatic Application Bypass feature?

  1. Passive

  2. Strict

  3. transparent

  4. switched

  5. tap

  6. inline

Correct Answer: F

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF