[2026] Cisco CCIE Security Written Exam (v5.0) - 400-251 무료 시험 문제

문제1

What are the four possible options for authorization condition NetwockAccess EAPChainingResult? (Choose Four)

A. User succeeded and machine failed

B. User and NAD both succeeded

C. User and NAD both failed

D. User failed and machine succeeded

E. User and machine both failed

F. User and machine both succeeded

G. User succeeded and NAD failed

H. User failed NAD succeeded

정답: A,D,E,F

문제2

Which statement about Cisco VSG functionality is true?

A. It does not allow extension of zone-based firewall capabilities to VMs on VXLAN

B. It allows active/active failover operation mode when deployed as a high availability pair

C. It does not allow the third-party orchestration tool to interact with XML APIs for its provisioning

D. It applies the security profile only after VM instantiation

E. It provides trusted access to VMs in an enterprise data center

F. It allows administrative segregation, which allows the security administrator to author and manage port profiles

정답: F

문제3

Refer to the exhibit.

The ASA at 150.1.7.43 is configured to receive the IP address to SGT mapping from ISE at 161.1.7.14 Which statement about this packet capture from Wireshark is true?

A. The SXP message uses MD5 for packet encryption

B. The TACACS connection keep alive using UDP originated from ASA

C. The ISE keep alive message for NDAC connection using TCP originated from ASA

D. The SXP keep alive message using TCP originated from ASA

E. The NTP keep alive message using UDP originate^from ISE

F. The RADIUS connection keep alive using TCP originated from ISE

G. The SXP message uses TCP port 64999 for connection termination

정답: D

문제4

Cisco ISE can assign a VLAN as a result of an 802.1x authentication and authorization request. What does the switch do if the VLAN assigned by ISE does not exist?

A. Mark The 802.1x attempt as failed

B. Request creation of the VLAN on the VTP server

C. Send a RADIUS CoA NACK packet to ISE

D. Treat the 802.1x attempt as passed and assign the default VLAN

E. Create the VLAN locally

정답: D

문제5

Which are the three conditions in which ISE profiler issues a CoA request to a NAD? (Choose three)

A. In the global profiler settings, CoA type set to "No CoA"

B. An endpoint profiled for the first time

C. A profile policy exception is triggered

D. An endpoint disconnects from the network

E. An endpoint deleted from the ISE endpoint page

정답: B,C,E

문제6

A customer has configured Cisco ISE to assign a Downloadable Access-List as a result of successful 802.1x authentication. When they check the switch after a successful authentication, they do not see the DACL applied. They also notice that ISE logs do not contain the Framed-IP-Address value from the RAIDUS exchange. What is the most likely fix?

A. Enable IDPT on the switch

B. Add source IP address on the DACL in ISE

C. Add the "aaa accounting dot1x default" command on the switch

D. Apply a default ACL on the switchport

정답: A

문제7

Refer to the exhibit.

15 is building a Site-to-Site IPsec certificate-based VPN tunnel with the peer at 20.1.7.16. The CA is running at port 80 on address 172.16.100.18 . R15 has a BGP peer at 20.6.1.18 doing an authenticated session to establish reachability with the VPN remote site.
The VPN tunnel secures traffic between 192.168.15.0/24 and 192.168.16.0/24 networks. It has been reported that VPN tunnel is not coming up with remote site, what could be the issues? (Choose two)

A. Incorrect ISAKMP policy configuration

B. Incorrect ACL defined for the traffic encryption

C. The crypto map is not applied on the correct interface

D. Incorrect static route

E. Incorrect crypto map configuration

F. Incorrect transform set configuration

G. Incorrect truspoint configuration

H. Incorrect BGP peer Configuration

정답: G,H

문제8

What is a physical layer (Layer 1) bypass that allows inline paired IPS interfaces to go into bypass mode so that the hardware forwards packets between the inline port pairs without software intervention?

A. Ether Channel

B. Tap

C. Redundant interface

D. Fail-To-Wire

E. Cluster

정답: D

Cisco CCIE Security Written Exam (v5.0) - 400-251무료 덤프문제 풀어보기

우리와 연락하기

유용한 링크

최신 업데이트