cisco 400-251 Exam Questions
Questions for the 400-251 were updated on : Dec 01 ,2025
Page 1 out of 35. Viewing questions 1-15 out of 514
Question 1
Which statement about the Firepower Security Intelligence feature is true?
- A. It uses user-configured ACLs to blacklist and whitelist traffic
- B. It can override custom whitelists to provide greater security against emerging threats
- C. It filters traffic after policy-based inspection is complete and before the default action is taken
- D. Blacklisted traffic is blocked without further inspection
- E. It filters traffic after policy-based inspection is completed and the default action is taken
Answer:
D
Question 2
What is the most common loT threat vector?
- A. Physical access to IOT device that are installed in non-secure locations
- B. Insertion of invalid inputs that cause denial of service
- C. Human error and social engineering to access supervisory control systems
- D. Attacks against programming errors in loT devices
Answer:
A
Question 3
Which tool or program is a version control system?
- A. Git
- B. Log stash
- C. Travis CI
- D. Jenkins
- E. SmartC
Answer:
A
Question 4
Which markup language is used to format Ansible's playbook?
- A. HTML
- B. NAML
- C. ADML
- D. XML
- E. YAML
Answer:
E
Question 5
Which three HTTP methods are supported by a REST API? (Choose three.)
- A. PUT
- B. COPY
- C. SET
- D. RETRIVE
- E. POST
- F. GET
Answer:
A, E, F
Question 6
Which three policies are building blocks of vSmart architecture? (Choose three.)
- A. Control policy
- B. Bandwidth policy
- C. Service policy
- D. Data policy
- E. Site policy
- F. Application aware policy
Answer:
A, D, F
Question 7
Which two descriptions of the encoding formats supported by RESTCONF and NETCONF are true?
(Choose two)
- A. RESTCONF supports JSON and XML encoding
- B. NETCONF supports JSON encoding
- C. NETCONF supports JSON and XML encoding
- D. RESTCONF supports XML encoding
- E. RESTCONF supports JSON encoding
- F. NETCONF supports XML encoding
Answer:
A, F
Question 8
What are the two available firewall modes on the Cisco NGFW? (Choose two.)
- A. Passive
- B. Transparent
- C. ERSPAN
- D. Inline Pair
- E. Routed
- F. Inline Tap
Answer:
B. E
Question 9
If a packet capture is taken between ISE and an endpoint to capture an EAP-TLS session, you will be
able to see:
- A. Certificates from ISE and the endpoint
- B. Certificate and associated private keys from ISE only
- C. Certificate and associated private keys from endpoint only
- D. Certificates from ISE only
Answer:
A
Question 10
What is a physical layer (Layer 1) bypass mat allows inline paired IPS interfaces to go into bypass
mode so that the hardware forwards packets between the inline port pairs without software
intervention?
- A. Redundant interface
- B. Cluster
- C. Tap
- D. Fail-To-Wire
- E. EtherChannel
Answer:
D
Question 11
While troubleshooting access to site
WWW.Cisco.com
, you notice the following_logs line in Cisco
Web Security Appliance (WSA).
Which of the following statements is true regarding this request?
- A. WSA used upstream proxy defined
- B. WSA allowed traffic from client 10.42.42.42 to https://www caedomain.com
- C. The HTTP response size was 80037B
- D. The Request is matching custom URL category
Answer:
D
Question 12
Which are the three conditions in which ISE profiler issues a CoA request to a NAD? (Choose three)
- A. An endpoint is profiled for the first time.
- B. An endpoint disconnects from the network
- C. A profile policy exception is triggered
- D. An endpoint is deleted from the ISE Endpoint page
- E. In the global profiler settings, CoA type set to "No CoA
Answer:
A, C, D
Question 13
What are the four possible options for authorization condition Network Access EAPChainingResult?
(Choose four.)
- A. User succeeded and machine failed
- B. User and NAD both failed
- C. User and machine both succeeded
- D. User failed and machine succeeded
- E. User succeeded and NAD failed
- F. User and machine both failed
- G. User failed NAD succeeded
- H. User and NAD both succeeded
Answer:
A, C, D, F
Question 14
Which of the following statement about Cisco Web Security Appliance is true?
- A. FTP access to WSAs Management interface is enabled by default
- B. Cisco Web Security Appliance (WSA) has HTTPS decryption services enabled by default
- C. Cisco Web Security Appliance (WSA) Management interface can be accessed using GUI interface only
- D. HTTPS access to WSAs Management interface is enabled by default
Answer:
D
Question 15
You are verifying the access to the site
www.ccie.local
and found the following two log lines in AWS
access logs:
Which of the following statement is true based on logs shown above
- A. The request matched Education predefined URL category
- B. End-user with IP of 10 1010 10 got the content of site www ccie.local shown in browser using HTTPS protocol .
- C. The end-user with IP of 1010 1010 needed to authenticate towards the server www ccie.local
- D. End-user with IP Of 10 10 10 10 got the content of site www ccie.local shown in browser using HTTP protocol
Answer:
B