[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 101-110

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 101 – (Topic 2)

You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

  1. You need two customer contexts, named contextA and contextB

  2. Allocate interfaces G0/0 and G0/1 to contextA

  3. Allocate interfaces G0/0 and G0/2 to contextB

  4. The physical interface name for G0/1 within contextA should be quot;insidequot;.

  5. All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

  1. context contextA

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

  2. context contexta

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextb

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

  3. context contextA

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextB

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisible

  4. context contextA

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/1 inside context contextB

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2

  5. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible

Answer: A

Question No: 102 – (Topic 2)

Which two statements about CoPP are true? (Choose two)

  1. When a deny rule in an access list is used for MQC is matched, classification continues on the next class

  2. It allows all traffic to be rate limited and discarded

  3. Access lists that are used with MQC policies for CoPP should omit the log and log-input keywords

  4. The mls qos command disables hardware acceleration so that CoPP handles all QoS

  5. Access lists that use the log keyword can provide information about the device’s CPU usage

  6. The policy-map command defines the traffic class

Answer: A,C

Question No: 103 DRAG DROP – (Topic 2)

Drag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right.

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation:

A-4,B-3,C-1,D-2,E-5,F-7,G-6

Question No: 104 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. Which effect of this configuration is true?

  1. The WLC accepts self-signed certificates from the RADIUS server to authorize APs.

  2. The WLC adds the MAC addresses listed in the ssc ap-policy to its internal authorization list.

  3. The WLC adds the ssc access point to the auth-list internal authorization list.

  4. The WLC accepts the manufacture-installed certificate from the local access point.

  5. The WLC accepts self-signed certificates from devices added to itsa internal authorization list.

Answer: D

Question No: 105 – (Topic 2)

Which two options are benefits of the Cisco ASA Identity Firewall? (Choose two)

  1. It can apply security policies on an individual user or user-group basis

  2. It can identify threats quickly based on their URLs

  3. It can operate completely independently of other services

  4. It decouples security policies from the network topology

  5. It supports an AD server module to verify identity data

Answer: A,D

Question No: 106 – (Topic 2)

Which three statements about the Cisco IPS sensor are true? (Choose three.)

  1. You cannot pair a VLAN with itself.

  2. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.

  3. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can

    be a member of an inline VLAN pair on more than one sensing interface.

  4. The order in which you specify the VLANs in a inline pair is significant.

  5. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

Answer: A,C,E Explanation:

Inline VLAN Interface Pairs

Dumps4Cert 2017 PDF and VCE

You cannot pair a VLAN with itself.

For a given sensing interface, a VLAN can be a member of only one inline VLAN pair. However, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.

The order in which you specify the VLANs in an inline VLAN pair is not significant.

A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

Question No: 107 – (Topic 2)

Which RFC outlines BCP 84?

  1. RFC 3704

  2. RFC 2827

  3. RFC 3030

  4. RFC 2267

  5. RFC 1918

Answer: A

Question No: 108 – (Topic 2)

Which three statements about the keying methods used by MAC Sec are true (Choose Three)

  1. MKA is implemented as an EAPoL packet exchange

  2. SAP is enabled by default for Cisco TrustSec in manual configuration mode.

  3. SAP is supported on SPAN destination ports

  4. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA

  5. SAP is not supported on switch SVIs .

  6. A valid mode for SAP is NULL

Answer: A,B,F

Question No: 109 – (Topic 2)

Which object table contains information about the clients know to the server in Cisco NHRP MIB

implementaion?

  1. NHRP Server NHC Table

  2. NHRP Client Statistics Table

  3. NHRP Cache Table

  4. NHRP Purge Request Table

Answer: A

Question No: 110 – (Topic 2)

What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)

  1. FPM

  2. DCAR

  3. NBAR

  4. IP source Guard

  5. URPF

  6. Dynamic ARP inspection

Answer: D,E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *