[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 11-20

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 11 – (Topic 1)

A new computer is not getting its IPv6 address assigned by the router. While running wire Shark to try to troubleshoot the problem , you find a lot of data that is not helpful to nail down the problem. What two filters would you apply to Wire Shark to the data that you are looking for?(Choose two)

  1. Icmpv6.type==135

  2. Icmpv6type==136

  3. Icmpv6.type==136

  4. Icmp5type==135

  5. Icmp6type==135

Answer: A,B

Question No: 12 – (Topic 1)

Which effect of the crypto pki authenticate commend is true?

  1. It sets the certificate enrollment method.

  2. It retrievers and authentication a CA certificate.

  3. It configures a CA trustpoint.

  4. It displays the current CA certificate.

Answer: B

Question No: 13 – (Topic 1)

Which two characteristics of DTLS are true?(Choose two )

  1. It is used mostly by applications that use application layer object-protocols

  2. It includes a congestion control mechanism

  3. It completes key negotiation and bulk data transfer over a single channel.

  4. It supports long data transfers and connectionless data transfers.

  5. It cannot be used if NAT exists along the path.

  6. It concludes a retransmission method because it uses an unreliable datagram transport

Answer: C,D

Question No: 14 – (Topic 1)

Which three statements about PKI on Cisco IOS Software are true?(Choose three)

  1. OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.

  2. The match certificate and allow expired-certificate commands are ignored unless the router clock is set

  3. If a certificate-based ACL specifies more than one filed, any one successful field-to- value test is treated as a match.

  4. OCSP enables a PKI to use a CRL without time limitations.

  5. Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.

  6. Different OCSP servers can be configured for different groups of client certificates.

Answer: A,E,F

Question No: 15 – (Topic 1)

In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router?

  1. Clustering

  2. PIM multicast routing

  3. Stub multicast routing

  4. Multicast group concept

Answer: C

Question No: 16 – (Topic 1)

A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server application. What TCP dump filter would best to verify that traffic is reaching the Linux Server eth0 interface?

A. Tcpdump-ieth0 host 10.10.7.4 and host 11.0.1.9 and port 8080.

B. Tcpump-ieth0 host 10.10.7.4 and 11.0.1.9.

  1. Tcpdump-ieth0 dst 11.0.1.9 and dst port 8080.

  2. Tcpdump-ieth0 src 10.10.7.4 and dst 11.0.1.9 and dst port 8080.

Answer: D

Question No: 17 – (Topic 1)

Which feature does Cisco VSG use to redirecttraffic in a Cisco Nexus 1000V Series Switch?

  1. VEM

  2. Vpath

  3. VDC

  4. VPC

Answer: B

Question No: 18 – (Topic 1)

Refer to the exhibit,

Dumps4Cert 2017 PDF and VCE

Which three additional configuration elements must you apply to complete a functional Flex VPN deployment?(Choose three)

  1. Interface Loopback0 Tunnel mode ipsec ipv6

    Tunnel protection ipsec profile default

  2. Aaa authorization network ccie local

  3. Crypto ikev2 keyring default Peer PEER-ROUTER

    Address 2001 101/64

    Interface Virtual-Template5 type tunnel Ip nhrp network-id 10

    Ip nhrp shortcut Loopack0

  4. Crypto ikev2 keyring KEYS Peer PEER-ROUTER

    Address 2001 101/64 Crypto ikev2 profile default

    Aaa authorization group pak list ccie default

  5. Interface Tunnelo

    Bfdinterval 50 min-rx 50 multiplier 3 No bfd echo

  6. Interface Virtual-Template5 type tunnel Ip nhrp network-id 10

Ipv6 enable Interface Lookback0 Ipv6 eigrp 10

Answer: B,D,F

Question No: 19 – (Topic 1)

Which description of SaaS is true?

  1. A server offering that allowing developers to bulid their own applications.

  2. A server offering on-demand software downloads.

  3. A server offering a software environment in which applications can be build and deployed.

  4. A server offering on-demand licensed applications for end users.

Answer: D

Question No: 20 – (Topic 1)

Which two events can cause a failover event on an active/standby setup? (Choose two)

  1. The active unit experiences interface failure above the threshold.

  2. The unit that was previously active recovers.

  3. The stateful failover link fails.

  4. The failover link fails

  5. The active unit fails.

Answer: A,E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *