Cisco 400-251 CCIE Security Written Exam (v5.0) Online Training
Cisco 400-251 Online Training
The questions for 400-251 were last updated at Dec 19,2025.
- Exam Code: 400-251
- Exam Name: CCIE Security Written Exam (v5.0)
- Certification Provider: Cisco
- Latest update: Dec 19,2025
Which function of MSE in the WIPS architecture is true?
- A . detects over-the-air traffic network anomalies and attacks
- B . scans channels without impacting data-serving radios
- C . provides view of security threats
- D . performs the correlation of security events
- E . channel to connect with ISE to implement CoA
- F . applies rogue policy to mitigate rogue threats
- G . detects rogue Aps
A sneaky employee using an Android phone on your network has disabled DHCP, enabled its firewall, and modified its Http user-agent header to fool ISE into profiling it as a windows 10 machine connected to the wireless network. this user can now get authorization for unrestricted network access using his Active Directory credentials because your policy states that a windows device using AD credentials should be able to get full network access.
However, an Android device should only get access to the web proxy.
Which two steps can you take to avoid this sort of rogue behavior? Choose two)
- A . Modify the authorization policy to allow only Windows machines that have passed machine authentication to get full network access.
- B . Create an authentication rule that allows only a session with a specific Http user-agent header
- C . Allow only certificate-based authentication from Windows end points, such as EAP-TLS or PEAP-TLS. If the end point uses MSCHAPv2(EAP or PEAP), the user is given only restricted access
- D . Chain an authorization policy to the windows authorization policy that performs additional NMAP scans to verify the machine type before access is allowed
- E . Add an authorization policy before the windows authorization policy that redirects a user with a static IP to a web portal for authentication
- F . Perform CoA to push a restricted access when the machine is acquiring address using DHCP.
Refer to the exhibit.
The FMC with address 161 1 7 16 is not seeing AMP Connector scan events that are reported to the AMP cloud from the test-pc Windows machine that belongs to "protect" group.
Which cause of the issue is true?
- A . The Windows machine belongs to an incorrect group in the amp cloud policy
- B . The FMC was not added in the amp cloud
- C . The incorrect group is selected for the events export in the amp cloud for the FMC.
- D . The Event must be viewed as a Connection event in the FMC
- E . The AMP cloud was not added in the FMC.
- F . The Windows machine is not reporting scan events to the AMP cloud
- G . The Windows machine is not reporting events to the FMC.
Which three messages are part of the SSL protocol? (Choose three)
- A . OFFER
- B . Record
- C . Cipher Spec
- D . Message Authentication
- E . DISCOVERY
- F . Alert
- G . Handshake
- H . Change Cipher Spec
ISE can be integrated with an MDM to ensure that only registered devices are allowed on the network, and use the MDM to push policies to the device. Devices can go in and out of compliance either due to policy changes on the MDM server, or another reason. Consider a device that has already authenticated on the network, and stays connected, but fails out of compliance.
Which action can you take to ensure that a noncompliant device is checked periodically and re-assessed before allowing access to the network?
- A . Enable change of authorization on MDM
- B . Fire-AMP consider scan can be used to relay posture information to ISE via Fire AMP cloud
- C . The MDM agent periodically sends a packet with compliance info that the wireless controller can be used to limit network access
- D . Enable Period compliance checking on ISE
- E . Enable Change of authorization on ISE
- F . The MDM agent automatically discounts the device from the network when it is noncompliant
Which statement correctly describes Botnet attack?
- A . It is launched by a single machine controlled by command and control system
- B . It can be used to steal data
- C . It is launched by a collection of noncompromised machines controllers by command and control system
- D . It is a form of a man-in-the-middle attack where the compromised machine is controlled remotely
- E . It is a form of a fragmentation attack to evade an intrusion prevention security device
- F . It is a form a wireless attack where attacker installs an access point to create backdoor to a network
Which statement about securing connection using MACsec is true?
- A . The ISAKMP protocol is used to manage MACSec encryption keys
- B . It is implemented after a successful MAB authentication of supplicant
- C . The Switch uses session keys to calculate encrypted packet ICV value for the frame integrity check
- D . A Switch configured for MACSec can accept MACSec frames from the MACSec client
- E . It secures connection between two supplicant clients
- F . It provides network layer encryption on a wired network
Which three protocols are used by the management plane in a Cisco IOS device? (Choose three)
- A . Telnet
- B . Https
- C . TLS
- D . RIP
- E . 3DES
- F . CHAP
- G . SSH
- H . PAP
- I . DHCP
Which three protocols are used by the management plane in a Cisco IOS device? (Choose three)
- A . Telnet
- B . Https
- C . TLS
- D . RIP
- E . 3DES
- F . CHAP
- G . SSH
- H . PAP
- I . DHCP
7.21 configured ipv4, authenticated instance invalid, unsynced, stratum 16
ref ID INIT, time 00000000 0000000 (17:00:00.000 ccie Wed Dec 31, 1899)
R2 is getting time synchronized from NTP server R1. It has been reported that clock on R2 cannot associate with the NTP server R1.
Which possible cause is true?
- A . R2 has connectivity issue with the NTP server
- B . R1 has an incorrect NTP source interface defined
- C . R2 should not have two trusted keys for the NTP authentication
- D . R2 does not support NTP authentication
- E . R2 has an incorrect trusted key binded with the NTP server
- F . R2 has incorrect NTP server address
Latest 400-251 Dumps Valid Version with 124 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
