Get Latet and Valid Cisco Certified Internetwork Expert Security 400-251 VCE Dumps For Guaranteed Success, Real Success Guaranteed with Updated 400-251 pdf dumps vce Materials. 100% PASS Cisco Certified Internetwork Expert Security 400-251 exam Today!
400-251 Exam Dumps: https://www.dumpsschool.com/400-251-exam-dumps.html
Version: 20.0
Question: 1
A server with IP address 209.165.202.150 is protected behind the inside interface of a Cisco ASA and
the
Internet on the outside interface. User on the Internet need to access the server ay any time, but the
firewall administrator does not want to apply NAT to the address of the server because it is currently
a public address. Which three of the following commands can be used to accomplish this? (Choose
three.)
A. static (outside, inside) 209.165.202.150.209.165.202.150 netmask 255.255.255.255
B. nat (inside) 1 209.165.202.150 255.255.255.255
C. static (inside, outside) 209.165.202.150.209.165.202.150 netmask 255.255.255.255
D. no nat-control
E. access-list no-nat permit ip host 209.165.202.150 any
nat (inside) 0 access-list no-nat
F. nat (inside) 0 209.165.202.150 255.255.255.255
Answer: CEF
Question: 2
Which statement about the Cisco AMP Virtual Private Cloud Appliance is true for deployments in airgap
mode?
A. The amp-sync tool syncs the threat-intelligence repository on the appliance directly with the AMP
public cloud.
B. The appliance can perform disposition lookup against either the Protect DB or the AMP public
cloud.
C. The appliance can perform disposition lookups against the Protect DB without an Internet
connection.
D. The appliance evaluates files against the threat intelligence and disposition information residing
on the
Update Host.
E. The Update Host automatically downloads updates and deploys them to the Protect DB on a daily
basis.
Answer: C
Question: 3
What are the most common methods that security auditors use to access an organization’s securityprocesses? (Choose two.)
A. physical observation
B. social engineering attempts
C. penetration testing
D. policy assessment
E. document review
F. interviews
Answer: AF
Question: 4
Which two statements about Cisco AMP for Web Security are true? (Choose two.)
A. It can prevent malicious data exfiltration by blocking critical files from exiting through the Web
gateway.
B. It can perform reputation-based evaluation and blocking by uploading the fingerprint of incoming
files to a cloud-based threat intelligence network.
C. It can detect and block malware and other anomalous traffic before it passes through the Web
gateway.
D. It can perform file analysis by sandboxing known malware and comparing unknown files to a local
repository of the threats.
E. It can identify anomalous traffic passing through the Web gateway by comparing it to an
established of
expected activity.
F. It continues monitoring files after they pass the Web gateway.
Answer: BF
Question: 5
Which three statements about WCCP are true? (Choose three.)
A. If a specific capability is missing from the Capabilities Info Component, the router is assumed to
support the default capability.
B. The web cache transmits its capabilities as soon as it receives a receive ID from a router.
C. The minimum WCCP-Fast Timers message interval is 500 ms.
D. The assignment method supports GRE encapsulation for sending traffic.
E. If the packet return method is missing from a packet return method advertisement, the web cache
uses
the Layer 2 rewrite method.
F. The router must receive a valid receive ID before it negotiates capabilities.
Answer: ACF
Question: 6
What are two features that helps to mitigate man-in-the-middle attacks? (Choose two.)
A. DHCP snooping
B. ARP spoofing
C. destination MAC ACLs
D. dynamic ARP inspection
E. ARP sniffing on specific ports
Answer: AD
400-251 Dumps Questions: https://www.dumpsschool.com/400-251-exam-dumps.html