{"id":1953,"date":"2019-01-14T08:39:34","date_gmt":"2019-01-14T08:39:34","guid":{"rendered":"https:\/\/dumps.dumpsbase.com\/?p=1953"},"modified":"2019-03-05T00:54:19","modified_gmt":"2019-03-05T00:54:19","slug":"updated-ccie-security-400-251-v5-0-written-exam-questions","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/updated-ccie-security-400-251-v5-0-written-exam-questions.html","title":{"rendered":"Updated CCIE Security 400-251 V5.0 Written Exam Questions"},"content":{"rendered":"\n<p>How to pass Cisco 400-251 Written exam for CCIE Security certification? Here recommend you Updated CCIE Security 400-251 V5.0 Written Exam Questions, which provide you real 400-251 exam questions and answers to pass it successfully. Be sure to use real 400-251 practice questions widely during your knowledge process. They will encourage you to nail down the official word on just about any 400-251 exam topic.<\/p>\n\n\n\n<p class=\"has-text-color has-medium-font-size has-luminous-vivid-orange-color\"><strong>Read CCIE Security 400-251 Free Demo First<\/strong><\/p>\n\n\n\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam748\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-748\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-748\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-19887'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>Which of the following is used by WSA to extract session information from ISE and use that in access policies?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='19887' \/><input type='hidden' id='answerType19887' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19887[]' id='answer-id-82428' class='answer   answerof-19887 ' value='82428'   \/><label for='answer-id-82428' id='answer-label-82428' class=' answer'><span>Proprietary protocol over TCP\/8302<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19887[]' id='answer-id-82429' class='answer   answerof-19887 ' value='82429'   \/><label for='answer-id-82429' id='answer-label-82429' class=' answer'><span>SXP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19887[]' id='answer-id-82430' class='answer   answerof-19887 ' value='82430'   \/><label for='answer-id-82430' id='answer-label-82430' class=' answer'><span>RADIUS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19887[]' id='answer-id-82431' class='answer   answerof-19887 ' value='82431'   \/><label for='answer-id-82431' id='answer-label-82431' class=' answer'><span>RPC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19887[]' id='answer-id-82432' class='answer   answerof-19887 ' value='82432'   \/><label for='answer-id-82432' id='answer-label-82432' class=' answer'><span>EAP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19887[]' id='answer-id-82433' class='answer   answerof-19887 ' value='82433'   \/><label for='answer-id-82433' id='answer-label-82433' class=' answer'><span>pxGrid<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-19888'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>For your enterprise ISE deployment, you are looking to use certificate-based authentication for all your Windows machines. You have already gone through the exercise Of pushing the machine and user certificates out to all the machines using GPO \u30fb Since certificate based authentication, by default, doesn't check the artificate against Active Directoryepr requires credentia'S from the user. This essentially means that no groups a re returned as part of the authentication request. <br \/>\r<br>What a re the possible ways to authorize the user based on Active Directory group membership?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='19888' \/><input type='hidden' id='answerType19888' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19888[]' id='answer-id-82434' class='answer   answerof-19888 ' value='82434'   \/><label for='answer-id-82434' id='answer-label-82434' class=' answer'><span>Use ISE as the Certificate Authority, which Will then allow for automatic group retrieval from Active Directory to perform the required authorization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19888[]' id='answer-id-82435' class='answer   answerof-19888 ' value='82435'   \/><label for='answer-id-82435' id='answer-label-82435' class=' answer'><span>Configure Network Access Device (NAD) to bypass certificate-based authentication and push configured user credentials as a proxy to ISE<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19888[]' id='answer-id-82436' class='answer   answerof-19888 ' value='82436'   \/><label for='answer-id-82436' id='answer-label-82436' class=' answer'><span>Configure the Windows supplicant to used saved credentials well certificate based authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19888[]' id='answer-id-82437' class='answer   answerof-19888 ' value='82437'   \/><label for='answer-id-82437' id='answer-label-82437' class=' answer'><span>Enable Change of Authorization on the deployment to perform double authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19888[]' id='answer-id-82438' class='answer   answerof-19888 ' value='82438'   \/><label for='answer-id-82438' id='answer-label-82438' class=' answer'><span>Use EAP authorization to retrieve group information from Active Directory<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19888[]' id='answer-id-82439' class='answer   answerof-19888 ' value='82439'   \/><label for='answer-id-82439' id='answer-label-82439' class=' answer'><span>The certificate should be configured with the appropriate attributes which contain appropriate group information, which can be used in Authorization policies<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-19889'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>Which statement is true about a SMURF attack?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='19889' \/><input type='hidden' id='answerType19889' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19889[]' id='answer-id-82440' class='answer   answerof-19889 ' value='82440'   \/><label for='answer-id-82440' id='answer-label-82440' class=' answer'><span>It sends ICMP Echo Replies to known ip addresses in a subnet.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19889[]' id='answer-id-82441' class='answer   answerof-19889 ' value='82441'   \/><label for='answer-id-82441' id='answer-label-82441' class=' answer'><span>The attacker uses spoofed destination address to launch the attack<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19889[]' id='answer-id-82442' class='answer   answerof-19889 ' value='82442'   \/><label for='answer-id-82442' id='answer-label-82442' class=' answer'><span>It is used by the attackers to check if destination addresses are alive<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19889[]' id='answer-id-82443' class='answer   answerof-19889 ' value='82443'   \/><label for='answer-id-82443' id='answer-label-82443' class=' answer'><span>It sends ICMP Echo Requests to a broadcast address of a subnet.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19889[]' id='answer-id-82444' class='answer   answerof-19889 ' value='82444'   \/><label for='answer-id-82444' id='answer-label-82444' class=' answer'><span>In order to mitigate the attack you need to enable IP directed broadcast on the router interface<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19889[]' id='answer-id-82445' class='answer   answerof-19889 ' value='82445'   \/><label for='answer-id-82445' id='answer-label-82445' class=' answer'><span>It exhausts the victim machine resources with large number of ICMP Echo Requests from a subnet<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-19890'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>Refer to the exhibit. <br \/>\r<br><br><img decoding=\"async\" width=648 height=606 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2018\/exams\/400-251%20V16.files\/image002.jpg\" v:shapes=\"_x0000_i1025\"><br><br \/>\r<br>R2 is getting time synchronized from NTP server R1. It has been reported that the clock on R2 cannot associate with the NTP server R1. <br \/>\r<br>Which possible cause is true?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='19890' \/><input type='hidden' id='answerType19890' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19890[]' id='answer-id-82446' class='answer   answerof-19890 ' value='82446'   \/><label for='answer-id-82446' id='answer-label-82446' class=' answer'><span>R2 has connectivity issue with the NTP server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19890[]' id='answer-id-82447' class='answer   answerof-19890 ' value='82447'   \/><label for='answer-id-82447' id='answer-label-82447' class=' answer'><span>R2 should not have two trusted keys for the NTP authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19890[]' id='answer-id-82448' class='answer   answerof-19890 ' value='82448'   \/><label for='answer-id-82448' id='answer-label-82448' class=' answer'><span>R2 does not support NTP authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19890[]' id='answer-id-82449' class='answer   answerof-19890 ' value='82449'   \/><label for='answer-id-82449' id='answer-label-82449' class=' answer'><span>R1 has an incorrect NTP source interface defined<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19890[]' id='answer-id-82450' class='answer   answerof-19890 ' value='82450'   \/><label for='answer-id-82450' id='answer-label-82450' class=' answer'><span>R2 has an incorrect trusted key binded with the NTP server<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19890[]' id='answer-id-82451' class='answer   answerof-19890 ' value='82451'   \/><label for='answer-id-82451' id='answer-label-82451' class=' answer'><span>R2 has an incorrect NTP server address&#65279;<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-19891'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>In your network, you require all guests to authenticate to the network before getting access, however, you don't want to be stuck creating or approving accounts It is preferred that this is all taken care of by the user, as long as their device is registered. <br \/>\r<br>Which two mechanisms can be used to provide this functionality? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_5' value='19891' \/><input type='hidden' id='answerType19891' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19891[]' id='answer-id-82452' class='answer   answerof-19891 ' value='82452'   \/><label for='answer-id-82452' id='answer-label-82452' class=' answer'><span>802.1x based guest user registration, with device registration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19891[]' id='answer-id-82453' class='answer   answerof-19891 ' value='82453'   \/><label for='answer-id-82453' id='answer-label-82453' class=' answer'><span>Guest's own organization's authentication service, with device registration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19891[]' id='answer-id-82454' class='answer   answerof-19891 ' value='82454'   \/><label for='answer-id-82454' id='answer-label-82454' class=' answer'><span>Self-registration of user, with device registration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19891[]' id='answer-id-82455' class='answer   answerof-19891 ' value='82455'   \/><label for='answer-id-82455' id='answer-label-82455' class=' answer'><span>PAP based authentication, with device registration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19891[]' id='answer-id-82456' class='answer   answerof-19891 ' value='82456'   \/><label for='answer-id-82456' id='answer-label-82456' class=' answer'><span>Social media Login, with device registration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19891[]' id='answer-id-82457' class='answer   answerof-19891 ' value='82457'   \/><label for='answer-id-82457' id='answer-label-82457' class=' answer'><span>Active Directory, with device registration<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-19892'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Which protocol does ISE use to secure connection through the Cisco IronPort Tunnel infrastructure?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='19892' \/><input type='hidden' id='answerType19892' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19892[]' id='answer-id-82458' class='answer   answerof-19892 ' value='82458'   \/><label for='answer-id-82458' id='answer-label-82458' class=' answer'><span>TLS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19892[]' id='answer-id-82459' class='answer   answerof-19892 ' value='82459'   \/><label for='answer-id-82459' id='answer-label-82459' class=' answer'><span>SNMP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19892[]' id='answer-id-82460' class='answer   answerof-19892 ' value='82460'   \/><label for='answer-id-82460' id='answer-label-82460' class=' answer'><span>IKEv1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19892[]' id='answer-id-82461' class='answer   answerof-19892 ' value='82461'   \/><label for='answer-id-82461' id='answer-label-82461' class=' answer'><span>SSH<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19892[]' id='answer-id-82462' class='answer   answerof-19892 ' value='82462'   \/><label for='answer-id-82462' id='answer-label-82462' class=' answer'><span>IKEv2<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-19893'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>Which protocol does ISE use to secure a connection through the Cisco IronPort tunnel infrastructure?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='19893' \/><input type='hidden' id='answerType19893' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19893[]' id='answer-id-82463' class='answer   answerof-19893 ' value='82463'   \/><label for='answer-id-82463' id='answer-label-82463' class=' answer'><span>HTTP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19893[]' id='answer-id-82464' class='answer   answerof-19893 ' value='82464'   \/><label for='answer-id-82464' id='answer-label-82464' class=' answer'><span>IKEv2<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19893[]' id='answer-id-82465' class='answer   answerof-19893 ' value='82465'   \/><label for='answer-id-82465' id='answer-label-82465' class=' answer'><span>TLS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19893[]' id='answer-id-82466' class='answer   answerof-19893 ' value='82466'   \/><label for='answer-id-82466' id='answer-label-82466' class=' answer'><span>SSH<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19893[]' id='answer-id-82467' class='answer   answerof-19893 ' value='82467'   \/><label for='answer-id-82467' id='answer-label-82467' class=' answer'><span>SNMP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19893[]' id='answer-id-82468' class='answer   answerof-19893 ' value='82468'   \/><label for='answer-id-82468' id='answer-label-82468' class=' answer'><span>IKEv1<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-19894'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>An employee using an Android phone on your network has disabled DHCP, enabled it's firewall, modified it's HTTP User-Agent header, to fool ISE into profiling it as a Windows 10 machine connected to the wireless network. This user is now able to get authorization for unrestricted network access using his Active Directory credentials, as your policy states that a Windows device using AD credentials should be able to get full network access. Whereas, an Android device should only get access to the Web Proxy. <br \/>\r<br>Which two steps can you take to avoid this sort of rogue behavior? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_8' value='19894' \/><input type='hidden' id='answerType19894' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82469' class='answer   answerof-19894 ' value='82469'   \/><label for='answer-id-82469' id='answer-label-82469' class=' answer'><span>Add an authorization policy before the Windows authorization policy that redirects a user with a static IP to a web portal for authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82470' class='answer   answerof-19894 ' value='82470'   \/><label for='answer-id-82470' id='answer-label-82470' class=' answer'><span>Perform CoA to push a restricted access when the machine is acquiring address using DHCP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82471' class='answer   answerof-19894 ' value='82471'   \/><label for='answer-id-82471' id='answer-label-82471' class=' answer'><span>Chain an authorization policy to the Windows authorization policy that performs additional NMAP scans to verify the machine type, before allowing access<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82472' class='answer   answerof-19894 ' value='82472'   \/><label for='answer-id-82472' id='answer-label-82472' class=' answer'><span>Create an authentication rule that should only allow session with a specific HTTP User-Agent header<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82473' class='answer   answerof-19894 ' value='82473'   \/><label for='answer-id-82473' id='answer-label-82473' class=' answer'><span>Only allow certificate based authentication from Windows endpoints such as EAP-TLS or PEAP-TL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82474' class='answer   answerof-19894 ' value='82474'   \/><label for='answer-id-82474' id='answer-label-82474' class=' answer'><span>Should the endpoint use MSCHAPVZ (EAP or PEAP), the user should be only given restricted access<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19894[]' id='answer-id-82475' class='answer   answerof-19894 ' value='82475'   \/><label for='answer-id-82475' id='answer-label-82475' class=' answer'><span>Modify the authorization policy to only allow Windows machines that have passed Machine Authentication to get full network access<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-19895'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>Refer to the exhibit. <br \/>\r<br><br><img decoding=\"async\" width=630 height=439 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2018\/exams\/400-251%20V16.files\/image004.jpg\" v:shapes=\"_x0000_i1026\"><br><br \/>\r<br><br><img decoding=\"async\" width=289 height=375 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2018\/exams\/400-251%20V16.files\/image006.jpg\" v:shapes=\"_x0000_i1027\"><br><br \/>\r<br>Looking at the configuration what may cause the MAB authentication to fail for a supplicant?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='19895' \/><input type='hidden' id='answerType19895' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82476' class='answer   answerof-19895 ' value='82476'   \/><label for='answer-id-82476' id='answer-label-82476' class=' answer'><span>There is an Issue with the DHCP pool configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82477' class='answer   answerof-19895 ' value='82477'   \/><label for='answer-id-82477' id='answer-label-82477' class=' answer'><span>The VLAN configuration is missing on the authentication port<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82478' class='answer   answerof-19895 ' value='82478'   \/><label for='answer-id-82478' id='answer-label-82478' class=' answer'><span>AAA authorization is incorrectly configured on the switch<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82479' class='answer   answerof-19895 ' value='82479'   \/><label for='answer-id-82479' id='answer-label-82479' class=' answer'><span>CoA configuration is missing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82480' class='answer   answerof-19895 ' value='82480'   \/><label for='answer-id-82480' id='answer-label-82480' class=' answer'><span>Switch configuration is properly configured and the issue is on the radius server<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82481' class='answer   answerof-19895 ' value='82481'   \/><label for='answer-id-82481' id='answer-label-82481' class=' answer'><span>Dot1x should be globally disabled for MAB to work<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19895[]' id='answer-id-82482' class='answer   answerof-19895 ' value='82482'   \/><label for='answer-id-82482' id='answer-label-82482' class=' answer'><span>incorrect CTS configuration on the switch<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-19896'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>Your environment has a large number of network devices that are configured to use AAA for authentication. Additionally, your security policy requires use of 2 Factor Auth or Multi-factor Auth for all device administrators, which you have integrated with ACS, To simplify device management, your organization has purchased Prime Infrastructure, <br \/>\r<br>What is the best way to get Prime Infrastructure to authentication to all your network devices?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='19896' \/><input type='hidden' id='answerType19896' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19896[]' id='answer-id-82483' class='answer   answerof-19896 ' value='82483'   \/><label for='answer-id-82483' id='answer-label-82483' class=' answer'><span>Enable the AAA API on the network device, generate an API token, and configure Prime Infrastructure to use that token when authenticating to the network devices,<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19896[]' id='answer-id-82484' class='answer   answerof-19896 ' value='82484'   \/><label for='answer-id-82484' id='answer-label-82484' class=' answer'><span>Create a user on ISE with a complex password for Prime Infrastructure, along with an authorization policy that uses the ISE local identity store for that user<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19896[]' id='answer-id-82485' class='answer   answerof-19896 ' value='82485'   \/><label for='answer-id-82485' id='answer-label-82485' class=' answer'><span>Create a user on ISE with a complex password for Prime Infrastructure, along with an authentication policy that uses the ISE local identity store for that user<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19896[]' id='answer-id-82486' class='answer   answerof-19896 ' value='82486'   \/><label for='answer-id-82486' id='answer-label-82486' class=' answer'><span>Configure a local user on each of the network device along with priority to use the local username and password for Prime Infrastructure<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19896[]' id='answer-id-82487' class='answer   answerof-19896 ' value='82487'   \/><label for='answer-id-82487' id='answer-label-82487' class=' answer'><span>Enable Multi-Factor authentication on Prime Infrastructure<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-19897'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>Which statement correctly represents the ACI security principle of Object Model?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='19897' \/><input type='hidden' id='answerType19897' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19897[]' id='answer-id-82488' class='answer   answerof-19897 ' value='82488'   \/><label for='answer-id-82488' id='answer-label-82488' class=' answer'><span>It is logical representation of an application and its interdependencies in the network fabric<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19897[]' id='answer-id-82489' class='answer   answerof-19897 ' value='82489'   \/><label for='answer-id-82489' id='answer-label-82489' class=' answer'><span>It is policy placed at the intersection of a source and destination EPGs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19897[]' id='answer-id-82490' class='answer   answerof-19897 ' value='82490'   \/><label for='answer-id-82490' id='answer-label-82490' class=' answer'><span>It is defined by the policy applied between EPGs for communication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19897[]' id='answer-id-82491' class='answer   answerof-19897 ' value='82491'   \/><label for='answer-id-82491' id='answer-label-82491' class=' answer'><span>It consists of one or more tenants having multiple contexts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19897[]' id='answer-id-82492' class='answer   answerof-19897 ' value='82492'   \/><label for='answer-id-82492' id='answer-label-82492' class=' answer'><span>These are rules and policies used by an EPG to communicate with other EPGs. \r\nIt is collection of endpoints representing an application with in a context<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-19898'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>In your ISE design, there are two TACACS profiles that are created for device administration: IOS_HelpDesk_Profile, and IOS_Admin_Profile. The HelpDesk profile should login the user with privilege 1, with ability to change privilege level to 15. The admin profile should login the user with privilege 15 by default. <br \/>\r<br>Which two commands must the HelpDesk user enter on the IOS device to access privilege level 15? (Choose two)<\/div><input type='hidden' name='question_id[]' id='qID_12' value='19898' \/><input type='hidden' id='answerType19898' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82493' class='answer   answerof-19898 ' value='82493'   \/><label for='answer-id-82493' id='answer-label-82493' class=' answer'><span>enable<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82494' class='answer   answerof-19898 ' value='82494'   \/><label for='answer-id-82494' id='answer-label-82494' class=' answer'><span>enable password<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82495' class='answer   answerof-19898 ' value='82495'   \/><label for='answer-id-82495' id='answer-label-82495' class=' answer'><span>enable privilege 15<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82496' class='answer   answerof-19898 ' value='82496'   \/><label for='answer-id-82496' id='answer-label-82496' class=' answer'><span>enable secret<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82497' class='answer   answerof-19898 ' value='82497'   \/><label for='answer-id-82497' id='answer-label-82497' class=' answer'><span>enable IOS_Admin_Profile<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82498' class='answer   answerof-19898 ' value='82498'   \/><label for='answer-id-82498' id='answer-label-82498' class=' answer'><span>enable 15<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19898[]' id='answer-id-82499' class='answer   answerof-19898 ' value='82499'   \/><label for='answer-id-82499' id='answer-label-82499' class=' answer'><span>privilege level 15<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-19899'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>Which statement about Dynamic ARP inspection true?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='19899' \/><input type='hidden' id='answerType19899' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19899[]' id='answer-id-82500' class='answer   answerof-19899 ' value='82500'   \/><label for='answer-id-82500' id='answer-label-82500' class=' answer'><span>It is supported only in DHCP environments to detest invalid ARP requests and responses,<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19899[]' id='answer-id-82501' class='answer   answerof-19899 ' value='82501'   \/><label for='answer-id-82501' id='answer-label-82501' class=' answer'><span>It requires that DHCP snooping be enabled to build valid binding database.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19899[]' id='answer-id-82502' class='answer   answerof-19899 ' value='82502'   \/><label for='answer-id-82502' id='answer-label-82502' class=' answer'><span>It validates ARP requests and responses on untrusted ports using MAC address table.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19899[]' id='answer-id-82503' class='answer   answerof-19899 ' value='82503'   \/><label for='answer-id-82503' id='answer-label-82503' class=' answer'><span>It validates ARP requests and responses on trusted ports using IP-to-MAC address binding.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19899[]' id='answer-id-82504' class='answer   answerof-19899 ' value='82504'   \/><label for='answer-id-82504' id='answer-label-82504' class=' answer'><span>It forwards invalid ARP responses and requests on switch untrusted ports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19899[]' id='answer-id-82505' class='answer   answerof-19899 ' value='82505'   \/><label for='answer-id-82505' id='answer-label-82505' class=' answer'><span>It drops invalid ARP responses and requests on the switch trusted ports.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-19900'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>Refer to the exhibit. <br \/>\r<br><br><img decoding=\"async\" width=443 height=671 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2018\/exams\/400-251%20V16.files\/image008.jpg\" v:shapes=\"_x0000_i1028\"><br><br \/>\r<br>R9 is running FLEXVPN with peer R10 at 201.4.10 using a pre-shared key &quot;ccier10&quot;. The IPSec tunnel is sourced from 172.16.2.0\/24 network and is included in EIGRP routing process. BGP next hop is in AS 345 with address 20.1.3.12. It has been reported that FLEXVPN is down. <br \/>\r<br>What could be the issue?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='19900' \/><input type='hidden' id='answerType19900' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19900[]' id='answer-id-82506' class='answer   answerof-19900 ' value='82506'   \/><label for='answer-id-82506' id='answer-label-82506' class=' answer'><span>Incorrect IPSec profile configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19900[]' id='answer-id-82507' class='answer   answerof-19900 ' value='82507'   \/><label for='answer-id-82507' id='answer-label-82507' class=' answer'><span>Incorrect tunnel network address in EIGRP routing process<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19900[]' id='answer-id-82508' class='answer   answerof-19900 ' value='82508'   \/><label for='answer-id-82508' id='answer-label-82508' class=' answer'><span>Incorrect keyring configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19900[]' id='answer-id-82509' class='answer   answerof-19900 ' value='82509'   \/><label for='answer-id-82509' id='answer-label-82509' class=' answer'><span>Incorrect tunnel source for the tunnel interface<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19900[]' id='answer-id-82510' class='answer   answerof-19900 ' value='82510'   \/><label for='answer-id-82510' id='answer-label-82510' class=' answer'><span>Incorrect IKEv2 profile configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19900[]' id='answer-id-82511' class='answer   answerof-19900 ' value='82511'   \/><label for='answer-id-82511' id='answer-label-82511' class=' answer'><span>Incorrect local network address in BGP routing process<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-19901'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>In a Cisco ASA multiple-context mode of operation configuration, which three session types are resource-limited by default when their context is a member of the default class? (Choose three)<\/div><input type='hidden' name='question_id[]' id='qID_15' value='19901' \/><input type='hidden' id='answerType19901' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82512' class='answer   answerof-19901 ' value='82512'   \/><label for='answer-id-82512' id='answer-label-82512' class=' answer'><span>IPsec sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82513' class='answer   answerof-19901 ' value='82513'   \/><label for='answer-id-82513' id='answer-label-82513' class=' answer'><span>SSL VPN sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82514' class='answer   answerof-19901 ' value='82514'   \/><label for='answer-id-82514' id='answer-label-82514' class=' answer'><span>SSH sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82515' class='answer   answerof-19901 ' value='82515'   \/><label for='answer-id-82515' id='answer-label-82515' class=' answer'><span>CTS sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82516' class='answer   answerof-19901 ' value='82516'   \/><label for='answer-id-82516' id='answer-label-82516' class=' answer'><span>Telnet sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82517' class='answer   answerof-19901 ' value='82517'   \/><label for='answer-id-82517' id='answer-label-82517' class=' answer'><span>TCP sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82518' class='answer   answerof-19901 ' value='82518'   \/><label for='answer-id-82518' id='answer-label-82518' class=' answer'><span>RADIUS sessions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19901[]' id='answer-id-82519' class='answer   answerof-19901 ' value='82519'   \/><label for='answer-id-82519' id='answer-label-82519' class=' answer'><span>ASDM sessions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-19902'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>Which function of MSE in the WIPS architecture is true?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='19902' \/><input type='hidden' id='answerType19902' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82520' class='answer   answerof-19902 ' value='82520'   \/><label for='answer-id-82520' id='answer-label-82520' class=' answer'><span>detects over-the-air traffic network anomalies and attacks<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82521' class='answer   answerof-19902 ' value='82521'   \/><label for='answer-id-82521' id='answer-label-82521' class=' answer'><span>scans channels without impacting data-serving radios<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82522' class='answer   answerof-19902 ' value='82522'   \/><label for='answer-id-82522' id='answer-label-82522' class=' answer'><span>provides view of security threats<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82523' class='answer   answerof-19902 ' value='82523'   \/><label for='answer-id-82523' id='answer-label-82523' class=' answer'><span>performs the correlation of security events<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82524' class='answer   answerof-19902 ' value='82524'   \/><label for='answer-id-82524' id='answer-label-82524' class=' answer'><span>channel to connect with ISE to implement COA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82525' class='answer   answerof-19902 ' value='82525'   \/><label for='answer-id-82525' id='answer-label-82525' class=' answer'><span>applies rogue policy to mitigate rogue threats<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19902[]' id='answer-id-82526' class='answer   answerof-19902 ' value='82526'   \/><label for='answer-id-82526' id='answer-label-82526' class=' answer'><span>detect rogue APS<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-19903'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>Which statement about SenderBase reputation scoring on an ESA device is true?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='19903' \/><input type='hidden' id='answerType19903' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19903[]' id='answer-id-82527' class='answer   answerof-19903 ' value='82527'   \/><label for='answer-id-82527' id='answer-label-82527' class=' answer'><span>A high score indicates that a message is very likely to be spam<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19903[]' id='answer-id-82528' class='answer   answerof-19903 ' value='82528'   \/><label for='answer-id-82528' id='answer-label-82528' class=' answer'><span>You can configure a custom score threshold for whitelisting messages.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19903[]' id='answer-id-82529' class='answer   answerof-19903 ' value='82529'   \/><label for='answer-id-82529' id='answer-label-82529' class=' answer'><span>Mail with scores in the medium range can be automatically routed for antimalware scanning.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19903[]' id='answer-id-82530' class='answer   answerof-19903 ' value='82530'   \/><label for='answer-id-82530' id='answer-label-82530' class=' answer'><span>Sender reputation scores can be assigned to domains, IP addresses, and MAC addresses.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19903[]' id='answer-id-82531' class='answer   answerof-19903 ' value='82531'   \/><label for='answer-id-82531' id='answer-label-82531' class=' answer'><span>By default, all messages with a score below zero are dropped or throttled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19903[]' id='answer-id-82532' class='answer   answerof-19903 ' value='82532'   \/><label for='answer-id-82532' id='answer-label-82532' class=' answer'><span>Application traffic from known bad sites can be throttled or blocked.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-19904'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Which statement is correct regarding password encryption and integrity on a Cisco IOS device?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='19904' \/><input type='hidden' id='answerType19904' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19904[]' id='answer-id-82533' class='answer   answerof-19904 ' value='82533'   \/><label for='answer-id-82533' id='answer-label-82533' class=' answer'><span>With &quot;enable secret&quot; missing in the configuration the console session cannot get privilege access using console password due to missing encryption<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19904[]' id='answer-id-82534' class='answer   answerof-19904 ' value='82534'   \/><label for='answer-id-82534' id='answer-label-82534' class=' answer'><span>The &quot;enable secret&quot; uses MD5 for the password hashing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19904[]' id='answer-id-82535' class='answer   answerof-19904 ' value='82535'   \/><label for='answer-id-82535' id='answer-label-82535' class=' answer'><span>The &quot;service password-encryption&quot; global command performs both encryption and hashing of all the passwords.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19904[]' id='answer-id-82536' class='answer   answerof-19904 ' value='82536'   \/><label for='answer-id-82536' id='answer-label-82536' class=' answer'><span>The &quot;enable password&quot; is preferred over &quot;enable secret&quot; as it uses a stronger encryption algorithm<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19904[]' id='answer-id-82537' class='answer   answerof-19904 ' value='82537'   \/><label for='answer-id-82537' id='answer-label-82537' class=' answer'><span>The &quot;username &lt;name&gt; secret &lt;passwords&quot; command encrypts the password with SHA-256 having<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19904[]' id='answer-id-82538' class='answer   answerof-19904 ' value='82538'   \/><label for='answer-id-82538' id='answer-label-82538' class=' answer'><span>The \u201cservice password-encryption&quot; global command encrypts all the passwords except the CHAP secret<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-19905'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>For which of the four portals is the SAML Single Sign-On on ISE supported? (Choose four)<\/div><input type='hidden' name='question_id[]' id='qID_19' value='19905' \/><input type='hidden' id='answerType19905' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82539' class='answer   answerof-19905 ' value='82539'   \/><label for='answer-id-82539' id='answer-label-82539' class=' answer'><span>Wireless Client portal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82540' class='answer   answerof-19905 ' value='82540'   \/><label for='answer-id-82540' id='answer-label-82540' class=' answer'><span>Certificate Provisioning portal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82541' class='answer   answerof-19905 ' value='82541'   \/><label for='answer-id-82541' id='answer-label-82541' class=' answer'><span>Guest portal (sponsored and self-registered)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82542' class='answer   answerof-19905 ' value='82542'   \/><label for='answer-id-82542' id='answer-label-82542' class=' answer'><span>My Devices portal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82543' class='answer   answerof-19905 ' value='82543'   \/><label for='answer-id-82543' id='answer-label-82543' class=' answer'><span>Employee portal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82544' class='answer   answerof-19905 ' value='82544'   \/><label for='answer-id-82544' id='answer-label-82544' class=' answer'><span>Sponsor portal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82545' class='answer   answerof-19905 ' value='82545'   \/><label for='answer-id-82545' id='answer-label-82545' class=' answer'><span>Contractor portal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19905[]' id='answer-id-82546' class='answer   answerof-19905 ' value='82546'   \/><label for='answer-id-82546' id='answer-label-82546' class=' answer'><span>BYOD portal<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-19906'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>Refer to the exhibit. <br \/>\r<br>aaa authentication login default group radius <br \/>\r<br>aaa authentication login NO_AUTH none <br \/>\r<br>aaa authantication login vty local <br \/>\r<br>aaa authentication dot1x default group radius <br \/>\r<br>aaa authorization network default group radius <br \/>\r<br>aaa accounting update newinfo <br \/>\r<br>aaa accounting dot1x default start-stop qroup radius <br \/>\r<br>! <br \/>\r<br>aaa server radius dynamic-author <br \/>\r<br>client 161.1.7.14 server-key cisco <br \/>\r<br>! <br \/>\r<br>ip dhcp excluded-address 60.1.1.11 <br \/>\r<br>ip dhcp excluded-address 60.1.1.2 <br \/>\r<br>! <br \/>\r<br>ip dhcp pool mabpc-pool <br \/>\r<br>network 60.1.1.0 255.255.255.0 <br \/>\r<br>default router 60.1.1.2 <br \/>\r<br>! <br \/>\r<br>cts sxp enable <br \/>\r<br>cts sxp default source ip 10.9.31.22 <br \/>\r<br>cts sxp default password ccie <br \/>\r<br>cts sxp connection peer 10.9.31.1 password defalut mode peer listener hold-time 0 <br \/>\r<br>! <br \/>\r<br>dot1x system-auth-control <br \/>\r<br>! <br \/>\r<br>interface GigabitEthernet1\/0\/9 <br \/>\r<br>switchport mode access <br \/>\r<br>ip device tracking maximum 10 <br \/>\r<br>authentication host-mode multi-auth <br \/>\r<br>authentication port-control auto <br \/>\r<br>! <br \/>\r<br>radius-server host 161.1.7.14 key cisco <br \/>\r<br>radius-server timeout 60 <br \/>\r<br>! <br \/>\r<br>line con 0 <br \/>\r<br>login authentication NO_AUTH <br \/>\r<br>stopbits 1 <br \/>\r<br>line aux 0 <br \/>\r<br>stopbits 1 <br \/>\r<br>line vty 0 4 <br \/>\r<br>login authentication vty <br \/>\r<br>line vty 5 15 <br \/>\r<br>A customer has opened a case with Cisco TAC reporting an issue that one of the Windows client supposed to login to the network using MAB is no longer able to access any allowed resources. <br \/>\r<br>Looking at the configuration of the switch, what could be the possible cause of MAB failure?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='19906' \/><input type='hidden' id='answerType19906' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82547' class='answer   answerof-19906 ' value='82547'   \/><label for='answer-id-82547' id='answer-label-82547' class=' answer'><span>The switch is properly configured and the issue is on the radius server<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82548' class='answer   answerof-19906 ' value='82548'   \/><label for='answer-id-82548' id='answer-label-82548' class=' answer'><span>There is an issue with the CoA configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82549' class='answer   answerof-19906 ' value='82549'   \/><label for='answer-id-82549' id='answer-label-82549' class=' answer'><span>AAA authentication is incorrectly configured on the switch<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82550' class='answer   answerof-19906 ' value='82550'   \/><label for='answer-id-82550' id='answer-label-82550' class=' answer'><span>There is an issue with the DHCP pool configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82551' class='answer   answerof-19906 ' value='82551'   \/><label for='answer-id-82551' id='answer-label-82551' class=' answer'><span>Dot1x should be globally disabled for the MAB to work<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82552' class='answer   answerof-19906 ' value='82552'   \/><label for='answer-id-82552' id='answer-label-82552' class=' answer'><span>incorrect CTS configuration on the switch<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19906[]' id='answer-id-82553' class='answer   answerof-19906 ' value='82553'   \/><label for='answer-id-82553' id='answer-label-82553' class=' answer'><span>MAB is disabled on port Gi1\/0\/9<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-19907'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>What are the advantages of using LDAP over AD?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='19907' \/><input type='hidden' id='answerType19907' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19907[]' id='answer-id-82554' class='answer   answerof-19907 ' value='82554'   \/><label for='answer-id-82554' id='answer-label-82554' class=' answer'><span>LDAP does not require ISE to join the AD domain<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19907[]' id='answer-id-82555' class='answer   answerof-19907 ' value='82555'   \/><label for='answer-id-82555' id='answer-label-82555' class=' answer'><span>The closest LDAP servers are used for authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19907[]' id='answer-id-82556' class='answer   answerof-19907 ' value='82556'   \/><label for='answer-id-82556' id='answer-label-82556' class=' answer'><span>LDAP provides for faster authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19907[]' id='answer-id-82557' class='answer   answerof-19907 ' value='82557'   \/><label for='answer-id-82557' id='answer-label-82557' class=' answer'><span>LDAP allows for granular policy control, whereas AD does not.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19907[]' id='answer-id-82558' class='answer   answerof-19907 ' value='82558'   \/><label for='answer-id-82558' id='answer-label-82558' class=' answer'><span>LDAP can be configured to use a primary and secondary server, whereas AD cannot<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-19908'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>Which description of a Botnet attack is true?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='19908' \/><input type='hidden' id='answerType19908' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19908[]' id='answer-id-82559' class='answer   answerof-19908 ' value='82559'   \/><label for='answer-id-82559' id='answer-label-82559' class=' answer'><span>It can be used to participate its DDoS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19908[]' id='answer-id-82560' class='answer   answerof-19908 ' value='82560'   \/><label for='answer-id-82560' id='answer-label-82560' class=' answer'><span>It is form a wireless attack where the attacker installs an access point to create backdoor to a network<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19908[]' id='answer-id-82561' class='answer   answerof-19908 ' value='82561'   \/><label for='answer-id-82561' id='answer-label-82561' class=' answer'><span>It is launched by a collection of noncompromised machines controlled by the Command and Control system<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19908[]' id='answer-id-82562' class='answer   answerof-19908 ' value='82562'   \/><label for='answer-id-82562' id='answer-label-82562' class=' answer'><span>It is launched by a single machine controlled by the Command and Control system<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19908[]' id='answer-id-82563' class='answer   answerof-19908 ' value='82563'   \/><label for='answer-id-82563' id='answer-label-82563' class=' answer'><span>It is form of a fragmentation attack to evade an intrusion prevention security device<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19908[]' id='answer-id-82564' class='answer   answerof-19908 ' value='82564'   \/><label for='answer-id-82564' id='answer-label-82564' class=' answer'><span>It is a form pf man-in-the-middle attack where the compromised machine is controlled<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-19909'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>Which of the following is true regarding ASA clustering requirements?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='19909' \/><input type='hidden' id='answerType19909' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19909[]' id='answer-id-82565' class='answer   answerof-19909 ' value='82565'   \/><label for='answer-id-82565' id='answer-label-82565' class=' answer'><span>Units in the cluster can be in different security context modes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19909[]' id='answer-id-82566' class='answer   answerof-19909 ' value='82566'   \/><label for='answer-id-82566' id='answer-label-82566' class=' answer'><span>Units in the cluster can be in different geographical locations<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19909[]' id='answer-id-82567' class='answer   answerof-19909 ' value='82567'   \/><label for='answer-id-82567' id='answer-label-82567' class=' answer'><span>Units in the cluster can have different hardware configuration as long as they are running same software version<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19909[]' id='answer-id-82568' class='answer   answerof-19909 ' value='82568'   \/><label for='answer-id-82568' id='answer-label-82568' class=' answer'><span>Units in the cluster can be running different software version as long as they have identical hardware configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19909[]' id='answer-id-82569' class='answer   answerof-19909 ' value='82569'   \/><label for='answer-id-82569' id='answer-label-82569' class=' answer'><span>Only routed mode is allowed in the Single context mode<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19909[]' id='answer-id-82570' class='answer   answerof-19909 ' value='82570'   \/><label for='answer-id-82570' id='answer-label-82570' class=' answer'><span>Units in the cluster can have different amount of flash memory<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-19910'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>In FMC, which two elements can the correlation rule be based on? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_24' value='19910' \/><input type='hidden' id='answerType19910' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82571' class='answer   answerof-19910 ' value='82571'   \/><label for='answer-id-82571' id='answer-label-82571' class=' answer'><span>authorization rule<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82572' class='answer   answerof-19910 ' value='82572'   \/><label for='answer-id-82572' id='answer-label-82572' class=' answer'><span>Security Group Tag mapping<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82573' class='answer   answerof-19910 ' value='82573'   \/><label for='answer-id-82573' id='answer-label-82573' class=' answer'><span>discovery event<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82574' class='answer   answerof-19910 ' value='82574'   \/><label for='answer-id-82574' id='answer-label-82574' class=' answer'><span>user activity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82575' class='answer   answerof-19910 ' value='82575'   \/><label for='answer-id-82575' id='answer-label-82575' class=' answer'><span>database type<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82576' class='answer   answerof-19910 ' value='82576'   \/><label for='answer-id-82576' id='answer-label-82576' class=' answer'><span>authentication condition<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82577' class='answer   answerof-19910 ' value='82577'   \/><label for='answer-id-82577' id='answer-label-82577' class=' answer'><span>Change of Authorization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19910[]' id='answer-id-82578' class='answer   answerof-19910 ' value='82578'   \/><label for='answer-id-82578' id='answer-label-82578' class=' answer'><span>Network Device Admission Control<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-19911'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>Which statement correctly describes TAP mode deployment in IPS?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='19911' \/><input type='hidden' id='answerType19911' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19911[]' id='answer-id-82579' class='answer   answerof-19911 ' value='82579'   \/><label for='answer-id-82579' id='answer-label-82579' class=' answer'><span>In TAP mode traffic flow gets disturbed for analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19911[]' id='answer-id-82580' class='answer   answerof-19911 ' value='82580'   \/><label for='answer-id-82580' id='answer-label-82580' class=' answer'><span>TAP mode is available when ports are configured as passive interfaces<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19911[]' id='answer-id-82581' class='answer   answerof-19911 ' value='82581'   \/><label for='answer-id-82581' id='answer-label-82581' class=' answer'><span>TAP mode implementation requires SPAN configuration on a switch<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19911[]' id='answer-id-82582' class='answer   answerof-19911 ' value='82582'   \/><label for='answer-id-82582' id='answer-label-82582' class=' answer'><span>TAP mode is available when IPS is deployed inline<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19911[]' id='answer-id-82583' class='answer   answerof-19911 ' value='82583'   \/><label for='answer-id-82583' id='answer-label-82583' class=' answer'><span>Access rules configured in TAP mode does not generate events<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19911[]' id='answer-id-82584' class='answer   answerof-19911 ' value='82584'   \/><label for='answer-id-82584' id='answer-label-82584' class=' answer'><span>Access rules configured in TAP mode generates events when triggered as well as perform defined action on the traffic stream<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-19912'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>Which statement about NVGRE functionality is true?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='19912' \/><input type='hidden' id='answerType19912' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82585' class='answer   answerof-19912 ' value='82585'   \/><label for='answer-id-82585' id='answer-label-82585' class=' answer'><span>It allows physical Layer 2 topologies to be created on a virtual Layer 3 network<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82586' class='answer   answerof-19912 ' value='82586'   \/><label for='answer-id-82586' id='answer-label-82586' class=' answer'><span>In an NVGRE network the endpoints are not responsible for the NVGRE encapsulation removal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82587' class='answer   answerof-19912 ' value='82587'   \/><label for='answer-id-82587' id='answer-label-82587' class=' answer'><span>It tunnels Ethernet frames inside an IP packet over a virtual network.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82588' class='answer   answerof-19912 ' value='82588'   \/><label for='answer-id-82588' id='answer-label-82588' class=' answer'><span>It allows physical Layer 2 topologies to be created on a physical Layer 3 network.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82589' class='answer   answerof-19912 ' value='82589'   \/><label for='answer-id-82589' id='answer-label-82589' class=' answer'><span>In an NVGRE network, VSID must be unique<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82590' class='answer   answerof-19912 ' value='82590'   \/><label for='answer-id-82590' id='answer-label-82590' class=' answer'><span>It tunnels PPP frames inside an IP packet over a physical network<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19912[]' id='answer-id-82591' class='answer   answerof-19912 ' value='82591'   \/><label for='answer-id-82591' id='answer-label-82591' class=' answer'><span>In an NVGRE network, VSID js used to identify Layer 3 network address space<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-19913'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>Which statement is true regarding Private VLAN?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='19913' \/><input type='hidden' id='answerType19913' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19913[]' id='answer-id-82592' class='answer   answerof-19913 ' value='82592'   \/><label for='answer-id-82592' id='answer-label-82592' class=' answer'><span>Each port in a private VLAN domain is a member of the secondary VLANs in that domain<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19913[]' id='answer-id-82593' class='answer   answerof-19913 ' value='82593'   \/><label for='answer-id-82593' id='answer-label-82593' class=' answer'><span>A subdomain in a primary VLAN domain consists of a primary and secondary VLAN pair<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19913[]' id='answer-id-82594' class='answer   answerof-19913 ' value='82594'   \/><label for='answer-id-82594' id='answer-label-82594' class=' answer'><span>In a private VLAN domain a secondary VLAN can have only one promiscuous port<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19913[]' id='answer-id-82595' class='answer   answerof-19913 ' value='82595'   \/><label for='answer-id-82595' id='answer-label-82595' class=' answer'><span>In a private VLAN domain a secondary VLAN port needs to an isolated port for it to be able to communicate with a layer-3 device<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19913[]' id='answer-id-82596' class='answer   answerof-19913 ' value='82596'   \/><label for='answer-id-82596' id='answer-label-82596' class=' answer'><span>Each secondary VLAN in a private VLAN domain needs to have a separate associated primary VLAN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19913[]' id='answer-id-82597' class='answer   answerof-19913 ' value='82597'   \/><label for='answer-id-82597' id='answer-label-82597' class=' answer'><span>A private VLAN domain can have multiple primary VLAN<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-19914'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>Which statement about Nmap scanning on the Cisco Firepower System is true?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='19914' \/><input type='hidden' id='answerType19914' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19914[]' id='answer-id-82598' class='answer   answerof-19914 ' value='82598'   \/><label for='answer-id-82598' id='answer-label-82598' class=' answer'><span>It can scan IP addresses, address locks, and address ranges on IPv4 and IPv6 networks<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19914[]' id='answer-id-82599' class='answer   answerof-19914 ' value='82599'   \/><label for='answer-id-82599' id='answer-label-82599' class=' answer'><span>It can leverage multiple proxy devices to increase scan speed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19914[]' id='answer-id-82600' class='answer   answerof-19914 ' value='82600'   \/><label for='answer-id-82600' id='answer-label-82600' class=' answer'><span>It performs host discovery before each scan to identify hosts that are online hosts and skips the full scan for hosts that are offline<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19914[]' id='answer-id-82601' class='answer   answerof-19914 ' value='82601'   \/><label for='answer-id-82601' id='answer-label-82601' class=' answer'><span>It supports custom fingerprinting to identify malware by its unique characteristics in your specific environment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19914[]' id='answer-id-82602' class='answer   answerof-19914 ' value='82602'   \/><label for='answer-id-82602' id='answer-label-82602' class=' answer'><span>It can scan TCP and UDP ports, but TCP ports require significantly more resources<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19914[]' id='answer-id-82603' class='answer   answerof-19914 ' value='82603'   \/><label for='answer-id-82603' id='answer-label-82603' class=' answer'><span>The Fast Port Scan option scans only the TCP ports that are listed in nmap-services file<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-19915'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>Refer to the exhibit. <br \/>\r<br><br><img decoding=\"async\" width=510 height=396 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2018\/exams\/400-251%20V16.files\/image012.jpg\" v:shapes=\"_x0000_i1030\"><br><br \/>\r<br>Which two statements about the given IPv6 ZBF configuration are true? (Choo two)<\/div><input type='hidden' name='question_id[]' id='qID_29' value='19915' \/><input type='hidden' id='answerType19915' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19915[]' id='answer-id-82604' class='answer   answerof-19915 ' value='82604'   \/><label for='answer-id-82604' id='answer-label-82604' class=' answer'><span>It passes TCP, UDP, ICMP, and FTP traffic in both directions between z1 and z2.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19915[]' id='answer-id-82605' class='answer   answerof-19915 ' value='82605'   \/><label for='answer-id-82605' id='answer-label-82605' class=' answer'><span>It provides backward compatibility with legacy IPv6 inspection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19915[]' id='answer-id-82606' class='answer   answerof-19915 ' value='82606'   \/><label for='answer-id-82606' id='answer-label-82606' class=' answer'><span>It inspects TCP, UDP, ICMP and FTP traffic from z2 to z1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19915[]' id='answer-id-82607' class='answer   answerof-19915 ' value='82607'   \/><label for='answer-id-82607' id='answer-label-82607' class=' answer'><span>It provides backward compatibility with legacy lPv4 inspection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19915[]' id='answer-id-82608' class='answer   answerof-19915 ' value='82608'   \/><label for='answer-id-82608' id='answer-label-82608' class=' answer'><span>It passes TCP, UDP, ICMP and FTP traffic from z1 to z2<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19915[]' id='answer-id-82609' class='answer   answerof-19915 ' value='82609'   \/><label for='answer-id-82609' id='answer-label-82609' class=' answer'><span>It inspects TCP, UDP, ICMP and FTP traffic from z1 to z2<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-19916'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>Which statement about the Traffic Substitution and Insertion attack is true?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='19916' \/><input type='hidden' id='answerType19916' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82610' class='answer   answerof-19916 ' value='82610'   \/><label for='answer-id-82610' id='answer-label-82610' class=' answer'><span>It substitutes by performing action slower than normal not exceeding threshold<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82611' class='answer   answerof-19916 ' value='82611'   \/><label for='answer-id-82611' id='answer-label-82611' class=' answer'><span>It is used for reconnaissance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82612' class='answer   answerof-19916 ' value='82612'   \/><label for='answer-id-82612' id='answer-label-82612' class=' answer'><span>It substitutes payload data in a different format but has the same*leaning.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82613' class='answer   answerof-19916 ' value='82613'   \/><label for='answer-id-82613' id='answer-label-82613' class=' answer'><span>It is form of a DoS attack.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82614' class='answer   answerof-19916 ' value='82614'   \/><label for='answer-id-82614' id='answer-label-82614' class=' answer'><span>It substitutes payload data in the same format but has different meaning<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82615' class='answer   answerof-19916 ' value='82615'   \/><label for='answer-id-82615' id='answer-label-82615' class=' answer'><span>It substitutes by performing action faster than normal not exceeding threshold<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19916[]' id='answer-id-82616' class='answer   answerof-19916 ' value='82616'   \/><label for='answer-id-82616' id='answer-label-82616' class=' answer'><span>It is a form pivoting in the network<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-19917'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>The purpose of an authentication proxy is to force the user to authenticate to a network device before users are allowed access through the device. This is primarily used for HTTP based services, but can also be used for other services. <br \/>\r<br>In the case of an ASA, what does ISE have to send to enforce this access policy?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='19917' \/><input type='hidden' id='answerType19917' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19917[]' id='answer-id-82617' class='answer   answerof-19917 ' value='82617'   \/><label for='answer-id-82617' id='answer-label-82617' class=' answer'><span>Downloadable ACL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19917[]' id='answer-id-82618' class='answer   answerof-19917 ' value='82618'   \/><label for='answer-id-82618' id='answer-label-82618' class=' answer'><span>Redirect URL to ISE<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19917[]' id='answer-id-82619' class='answer   answerof-19917 ' value='82619'   \/><label for='answer-id-82619' id='answer-label-82619' class=' answer'><span>Not possible on the ASA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19917[]' id='answer-id-82620' class='answer   answerof-19917 ' value='82620'   \/><label for='answer-id-82620' id='answer-label-82620' class=' answer'><span>VLAN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19917[]' id='answer-id-82621' class='answer   answerof-19917 ' value='82621'   \/><label for='answer-id-82621' id='answer-label-82621' class=' answer'><span>LDAP attribute with ACL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19917[]' id='answer-id-82622' class='answer   answerof-19917 ' value='82622'   \/><label for='answer-id-82622' id='answer-label-82622' class=' answer'><span>Group Policy enabled for proxy-auth<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-19918'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>Which of the following is the correct statement regarding enabling SMTP encryption on ESA?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='19918' \/><input type='hidden' id='answerType19918' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19918[]' id='answer-id-82623' class='answer   answerof-19918 ' value='82623'   \/><label for='answer-id-82623' id='answer-label-82623' class=' answer'><span>Enabling TLS is an optional step.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19918[]' id='answer-id-82624' class='answer   answerof-19918 ' value='82624'   \/><label for='answer-id-82624' id='answer-label-82624' class=' answer'><span>TLS can be enabled only for delivery<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19918[]' id='answer-id-82625' class='answer   answerof-19918 ' value='82625'   \/><label for='answer-id-82625' id='answer-label-82625' class=' answer'><span>It only allows to use the self signed certificates<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19918[]' id='answer-id-82626' class='answer   answerof-19918 ' value='82626'   \/><label for='answer-id-82626' id='answer-label-82626' class=' answer'><span>TLS can be enabled only for receiving.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19918[]' id='answer-id-82627' class='answer   answerof-19918 ' value='82627'   \/><label for='answer-id-82627' id='answer-label-82627' class=' answer'><span>It only allows to import certificate from CA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19918[]' id='answer-id-82628' class='answer   answerof-19918 ' value='82628'   \/><label for='answer-id-82628' id='answer-label-82628' class=' answer'><span>Enabling TLS for delivery goes under the &quot;Destination Controls&quot; menu of mail policies<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-19919'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>Which of the following four traffic should be allowed during an unknown posture state? (Choose four)<\/div><input type='hidden' name='question_id[]' id='qID_33' value='19919' \/><input type='hidden' id='answerType19919' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82629' class='answer   answerof-19919 ' value='82629'   \/><label for='answer-id-82629' id='answer-label-82629' class=' answer'><span>Traffic to FireAMP cloud for AMP for endpoint scan results<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82630' class='answer   answerof-19919 ' value='82630'   \/><label for='answer-id-82630' id='answer-label-82630' class=' answer'><span>Traffic to ISE PSNs to which Client Provisioning Portal FQDN points<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82631' class='answer   answerof-19919 ' value='82631'   \/><label for='answer-id-82631' id='answer-label-82631' class=' answer'><span>Traffic from AnyConnect client, with posture module, to ASA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82632' class='answer   answerof-19919 ' value='82632'   \/><label for='answer-id-82632' id='answer-label-82632' class=' answer'><span>Traffic to public search engines<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82633' class='answer   answerof-19919 ' value='82633'   \/><label for='answer-id-82633' id='answer-label-82633' class=' answer'><span>DHCP Traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82634' class='answer   answerof-19919 ' value='82634'   \/><label for='answer-id-82634' id='answer-label-82634' class=' answer'><span>DNS Traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82635' class='answer   answerof-19919 ' value='82635'   \/><label for='answer-id-82635' id='answer-label-82635' class=' answer'><span>SSH traffic for network device administration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19919[]' id='answer-id-82636' class='answer   answerof-19919 ' value='82636'   \/><label for='answer-id-82636' id='answer-label-82636' class=' answer'><span>Traffic to remediation servers if needed<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-19920'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>Which statement description of the Strobe scan is true?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='19920' \/><input type='hidden' id='answerType19920' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19920[]' id='answer-id-82637' class='answer   answerof-19920 ' value='82637'   \/><label for='answer-id-82637' id='answer-label-82637' class=' answer'><span>It never opens a full TCP connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19920[]' id='answer-id-82638' class='answer   answerof-19920 ' value='82638'   \/><label for='answer-id-82638' id='answer-label-82638' class=' answer'><span>It relies on ICMP &quot;port unreachable&quot; message to determine if the port is open<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19920[]' id='answer-id-82639' class='answer   answerof-19920 ' value='82639'   \/><label for='answer-id-82639' id='answer-label-82639' class=' answer'><span>It is used to find the ports that already have an existing vulnerability to exploit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19920[]' id='answer-id-82640' class='answer   answerof-19920 ' value='82640'   \/><label for='answer-id-82640' id='answer-label-82640' class=' answer'><span>It checks the firewall deployment in the path.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19920[]' id='answer-id-82641' class='answer   answerof-19920 ' value='82641'   \/><label for='answer-id-82641' id='answer-label-82641' class=' answer'><span>It is a directed scan to a known TCP\/UDP port.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19920[]' id='answer-id-82642' class='answer   answerof-19920 ' value='82642'   \/><label for='answer-id-82642' id='answer-label-82642' class=' answer'><span>It evades network auditing tools.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-19921'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>Which statement is true regarding SSI- policy implementation in a Firepower system?<\/div><input type='hidden' name='question_id[]' id='qID_35' value='19921' \/><input type='hidden' id='answerType19921' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19921[]' id='answer-id-82643' class='answer   answerof-19921 ' value='82643'   \/><label for='answer-id-82643' id='answer-label-82643' class=' answer'><span>Access control policy is responsible to handle all the encrypted traffic if SSI- policy is tried to it.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19921[]' id='answer-id-82644' class='answer   answerof-19921 ' value='82644'   \/><label for='answer-id-82644' id='answer-label-82644' class=' answer'><span>If SSL policy is not supported by the system then access control policy handles all the encrypted traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19921[]' id='answer-id-82645' class='answer   answerof-19921 ' value='82645'   \/><label for='answer-id-82645' id='answer-label-82645' class=' answer'><span>If Firepower system cannot decrypt the traffic, it allows the connection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19921[]' id='answer-id-82646' class='answer   answerof-19921 ' value='82646'   \/><label for='answer-id-82646' id='answer-label-82646' class=' answer'><span>Intrusion policy is mandatory to configure the SSL inspection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19921[]' id='answer-id-82647' class='answer   answerof-19921 ' value='82647'   \/><label for='answer-id-82647' id='answer-label-82647' class=' answer'><span>Access control policy is optional for the SSL policy implementation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19921[]' id='answer-id-82648' class='answer   answerof-19921 ' value='82648'   \/><label for='answer-id-82648' id='answer-label-82648' class=' answer'><span>Access control policy is invoked first before the SSL policy tied to it<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-19922'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>Refer to the exhibit. <br \/>\r<br><br><img decoding=\"async\" width=649 height=660 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2018\/exams\/400-251%20V16.files\/image018.jpg\" v:shapes=\"_x0000_i1033\"><br><br \/>\r<br>R2 is configured as a WCCP router to redirect HTTP traffic for policy implementation to WSA at 171.1.7.12 with the passphrase used for authentication as &quot;ccie&quot;. The redirection is for the traffic on R2 Gi2 interface in the inbound direction. There is an issue reported that web sites are not accessible anymore. <br \/>\r<br>What could the cause be?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='19922' \/><input type='hidden' id='answerType19922' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19922[]' id='answer-id-82649' class='answer   answerof-19922 ' value='82649'   \/><label for='answer-id-82649' id='answer-label-82649' class=' answer'><span>There is an issue with routing of traffic between R2 and WSA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19922[]' id='answer-id-82650' class='answer   answerof-19922 ' value='82650'   \/><label for='answer-id-82650' id='answer-label-82650' class=' answer'><span>There is an issue with WCCP redirection applied on Gi2 interface<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19922[]' id='answer-id-82651' class='answer   answerof-19922 ' value='82651'   \/><label for='answer-id-82651' id='answer-label-82651' class=' answer'><span>There is an issue with WSA server list binded for the redirection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19922[]' id='answer-id-82652' class='answer   answerof-19922 ' value='82652'   \/><label for='answer-id-82652' id='answer-label-82652' class=' answer'><span>There is an issue with WCCP passphrase configured on R2<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19922[]' id='answer-id-82653' class='answer   answerof-19922 ' value='82653'   \/><label for='answer-id-82653' id='answer-label-82653' class=' answer'><span>There is an issue with source network defined for WCCP redirection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19922[]' id='answer-id-82654' class='answer   answerof-19922 ' value='82654'   \/><label for='answer-id-82654' id='answer-label-82654' class=' answer'><span>There is an issue with destination servers defined for WCCP redirection<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-19923'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>Which statement about SMTP authentication in a Cisco ESA deployment is true?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='19923' \/><input type='hidden' id='answerType19923' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19923[]' id='answer-id-82655' class='answer   answerof-19923 ' value='82655'   \/><label for='answer-id-82655' id='answer-label-82655' class=' answer'><span>If an authenticating user belongs to more than one LDAP group. each with different user roles, AsyncOS grants permissions in accordance with the least<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19923[]' id='answer-id-82656' class='answer   answerof-19923 ' value='82656'   \/><label for='answer-id-82656' id='answer-label-82656' class=' answer'><span>the LDAP servers used by an ESA must share a single SMTP authentication profile<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19923[]' id='answer-id-82657' class='answer   answerof-19923 ' value='82657'   \/><label for='answer-id-82657' id='answer-label-82657' class=' answer'><span>Clients can be authenticated with an LDAP bind or by fetching a passphrase as an attribute<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19923[]' id='answer-id-82658' class='answer   answerof-19923 ' value='82658'   \/><label for='answer-id-82658' id='answer-label-82658' class=' answer'><span>It enables users at remote sites to release email messages from spam quarantine<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19923[]' id='answer-id-82659' class='answer   answerof-19923 ' value='82659'   \/><label for='answer-id-82659' id='answer-label-82659' class=' answer'><span>When SMTP authentication with forwarding is performed by a second SMTP server the second server also performs the transfer of queued messages<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19923[]' id='answer-id-82660' class='answer   answerof-19923 ' value='82660'   \/><label for='answer-id-82660' id='answer-label-82660' class=' answer'><span>It enables users at remote sites to retrieve their email message via secure client<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-19924'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>In a large organization with thousands of employees scattered across the globe, it is difficult to provision and onboard new employee devices with the correct proxies and certificates. <br \/>\r<br>With ISE, it is possible to do client provisioning provided which four conditions are met. (Choose four)<\/div><input type='hidden' name='question_id[]' id='qID_38' value='19924' \/><input type='hidden' id='answerType19924' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82661' class='answer   answerof-19924 ' value='82661'   \/><label for='answer-id-82661' id='answer-label-82661' class=' answer'><span>ISE should be configured as SXP listener to push SGT-To-lP mapping to network access devices<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82662' class='answer   answerof-19924 ' value='82662'   \/><label for='answer-id-82662' id='answer-label-82662' class=' answer'><span>Microsoft Windows Server is configured with Certificate Services<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82663' class='answer   answerof-19924 ' value='82663'   \/><label for='answer-id-82663' id='answer-label-82663' class=' answer'><span>Network access devices and ISE should have the PAG provisioning for GTS environment authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82664' class='answer   answerof-19924 ' value='82664'   \/><label for='answer-id-82664' id='answer-label-82664' class=' answer'><span>SCEP Proxy enabled on ISE<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82665' class='answer   answerof-19924 ' value='82665'   \/><label for='answer-id-82665' id='answer-label-82665' class=' answer'><span>Client Provisioning is enabled on IS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82666' class='answer   answerof-19924 ' value='82666'   \/><label for='answer-id-82666' id='answer-label-82666' class=' answer'><span>Profiling is enabled on ISE<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82667' class='answer   answerof-19924 ' value='82667'   \/><label for='answer-id-82667' id='answer-label-82667' class=' answer'><span>The pxGrid controller should be enabled on ISE<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82668' class='answer   answerof-19924 ' value='82668'   \/><label for='answer-id-82668' id='answer-label-82668' class=' answer'><span>Endpoint Operating System should be supported<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-19924[]' id='answer-id-82669' class='answer   answerof-19924 ' value='82669'   \/><label for='answer-id-82669' id='answer-label-82669' class=' answer'><span>Device MAC Addresses are added to the Endpoint Identity Group<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-19925'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>Which security control in PCI-DSS is responsible for restrictive card holder data access?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='19925' \/><input type='hidden' id='answerType19925' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82670' class='answer   answerof-19925 ' value='82670'   \/><label for='answer-id-82670' id='answer-label-82670' class=' answer'><span>rapid threat containment of infected host using Lancope and ISE<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82671' class='answer   answerof-19925 ' value='82671'   \/><label for='answer-id-82671' id='answer-label-82671' class=' answer'><span>using strong encryption when sending card holder data over the network<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82672' class='answer   answerof-19925 ' value='82672'   \/><label for='answer-id-82672' id='answer-label-82672' class=' answer'><span>network access policy orchestration using DNAC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82673' class='answer   answerof-19925 ' value='82673'   \/><label for='answer-id-82673' id='answer-label-82673' class=' answer'><span>realtime traffic analysis for malware using ThreatGRlD<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82674' class='answer   answerof-19925 ' value='82674'   \/><label for='answer-id-82674' id='answer-label-82674' class=' answer'><span>identification of security vulnerabilities and their risk analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82675' class='answer   answerof-19925 ' value='82675'   \/><label for='answer-id-82675' id='answer-label-82675' class=' answer'><span>creating users access policies based on the least privilege concept<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82676' class='answer   answerof-19925 ' value='82676'   \/><label for='answer-id-82676' id='answer-label-82676' class=' answer'><span>making sure card holder data is not recoverable after authorization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-19925[]' id='answer-id-82677' class='answer   answerof-19925 ' value='82677'   \/><label for='answer-id-82677' id='answer-label-82677' class=' answer'><span>restricting public internet access to cardholder data environment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-40'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons748\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"748\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-08 09:15:29\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778231729\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"19887:82428,82429,82430,82431,82432,82433 | 19888:82434,82435,82436,82437,82438,82439 | 19889:82440,82441,82442,82443,82444,82445 | 19890:82446,82447,82448,82449,82450,82451 | 19891:82452,82453,82454,82455,82456,82457 | 19892:82458,82459,82460,82461,82462 | 19893:82463,82464,82465,82466,82467,82468 | 19894:82469,82470,82471,82472,82473,82474,82475 | 19895:82476,82477,82478,82479,82480,82481,82482 | 19896:82483,82484,82485,82486,82487 | 19897:82488,82489,82490,82491,82492 | 19898:82493,82494,82495,82496,82497,82498,82499 | 19899:82500,82501,82502,82503,82504,82505 | 19900:82506,82507,82508,82509,82510,82511 | 19901:82512,82513,82514,82515,82516,82517,82518,82519 | 19902:82520,82521,82522,82523,82524,82525,82526 | 19903:82527,82528,82529,82530,82531,82532 | 19904:82533,82534,82535,82536,82537,82538 | 19905:82539,82540,82541,82542,82543,82544,82545,82546 | 19906:82547,82548,82549,82550,82551,82552,82553 | 19907:82554,82555,82556,82557,82558 | 19908:82559,82560,82561,82562,82563,82564 | 19909:82565,82566,82567,82568,82569,82570 | 19910:82571,82572,82573,82574,82575,82576,82577,82578 | 19911:82579,82580,82581,82582,82583,82584 | 19912:82585,82586,82587,82588,82589,82590,82591 | 19913:82592,82593,82594,82595,82596,82597 | 19914:82598,82599,82600,82601,82602,82603 | 19915:82604,82605,82606,82607,82608,82609 | 19916:82610,82611,82612,82613,82614,82615,82616 | 19917:82617,82618,82619,82620,82621,82622 | 19918:82623,82624,82625,82626,82627,82628 | 19919:82629,82630,82631,82632,82633,82634,82635,82636 | 19920:82637,82638,82639,82640,82641,82642 | 19921:82643,82644,82645,82646,82647,82648 | 19922:82649,82650,82651,82652,82653,82654 | 19923:82655,82656,82657,82658,82659,82660 | 19924:82661,82662,82663,82664,82665,82666,82667,82668,82669 | 19925:82670,82671,82672,82673,82674,82675,82676,82677\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"19887,19888,19889,19890,19891,19892,19893,19894,19895,19896,19897,19898,19899,19900,19901,19902,19903,19904,19905,19906,19907,19908,19909,19910,19911,19912,19913,19914,19915,19916,19917,19918,19919,19920,19921,19922,19923,19924,19925\";\nWatuPROSettings[748] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 748;\t    \nWatuPRO.post_id = 1953;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.05934200 1778231729\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(748);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>How to pass Cisco 400-251 Written exam for CCIE Security certification? Here recommend you Updated CCIE Security 400-251 V5.0 Written Exam Questions, which provide you real 400-251 exam questions and answers to pass it successfully. Be sure to use real 400-251 practice questions widely during your knowledge process. They will encourage you to nail down [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[4504,1946,4507,4810,1948,4505],"class_list":["post-1953","post","type-post","status-publish","format-standard","hentry","category-dumpsbase-exam-news","tag-400-251","tag-400-251-dumps","tag-400-251-exam-dumps","tag-400-251-exam-questions","tag-400-251-test-questions","tag-ccie-security"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/1953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=1953"}],"version-history":[{"count":2,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/1953\/revisions"}],"predecessor-version":[{"id":1955,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/1953\/revisions\/1955"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=1953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=1953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=1953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}