[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 111-120

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 111 – (Topic 2)

According to RFC 2577, Which two options describe drawbacks of the FTP protocol? (Choose two)

  1. If access to the FTP server is restricted by network address, the server still is susceptible to spoofing attacks.

  2. Servers that apply connection limits to protect against brute force attacks are vulnerable to DoS attacks

  3. It is susceptible to man-m-the-middle attacks

  4. An attacker can validate user names if the 331 response is in use.

  5. It is susceptible to bounce attacks on port 1024

Answer: D,E

Question No: 112 – (Topic 2)

What functionality is provided by DNSSEC?

  1. origin authentication of DNS data

  2. data confidentiality of DNS queries and answers

  3. access restriction of DNS zone transfers

  4. storage of the certificate records in a DNS zone file

Answer: A

Question No: 113 – (Topic 2)

Which statement about ISO/IEC 27001 is true?

  1. ISO/IEC 27001 is only intended to report security breaches to the management authority.

  2. ISO/IEC 27001 was reviewed by the International Organization for Standardization.

  3. ISO/IEC 27001 is intend to bring information security under management control.

  4. ISO/IEC 27001 was reviewed by the International Electrotechnical Commission.

  5. ISO/IEC 27001 was published by ISO/IEC

Answer: C

Question No: 114 – (Topic 2)

Which statement about the Cisco Secure ACS Solution Engine TACACS AV pair is true?

  1. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.

  2. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.

  3. AV pairs are only string values.

  4. AV pairs are of two types: string and integer.

Answer: C

Question No: 115 – (Topic 2)

Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

  1. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.

  2. It defines a wide variety of authorization actions, including quot;reauthenticate.quot;

  3. It defines the format for a Change of Authorization packet.

  4. It defines a DM.

  5. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: A,C,D

Question No: 116 – (Topic 2)

What functionality does SXP provide to enhance security?

  1. It supports secure communication between cisco ironport Cisco and Microsoft Exchange.

  2. It supports Cisco’s trustsec solution by transporting information over network that are unable to support

    SGT propagation.

  3. It support secure communications between cisco ironport and cloud-based email servers.

  4. It support cisco’s trustsec implementation on virtual machines.

Answer: B

Question No: 117 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. Which two effects of this configuration are true? (Choose two)

  1. The BGP neighbor session tears down after R1 receives 100 prefixes from the neighbor 1.1.1.1

  2. The BGP neighbor session between R1 and R2 re-establishes after 50 minutes

  3. A warning message is displayed on R2 after it receives 50 prefixes

  4. A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1

  5. The BGP neighbor session tears down after R1 receives 200 prefixes from neighbor 2.2.2.2

  6. The BGP neighbor session between R1 and R2 re-establishes after 100 minutes

Answer: D,E

Question No: 118 – (Topic 2)

Which three statements about the RSA algorithm are true? (Choose three.)

  1. The RSA algorithm provides encryption but not authentication.

  2. The RSA algorithm provides authentication but not encryption.

  3. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.

  4. The private key is never sent across after it is generated.

  5. The public key is used to decrypt the message that was encrypted by the private key.

  6. The private key is used to decrypt the message that was encrypted by the public key.

Answer: C,D,F

Question No: 119 – (Topic 2)

In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource- limited by default when their context is a member of the default class?(choose three).

  1. Telnet sessions

  2. ASDM sessions

  3. IPSec sessions

  4. SSH sessions

  5. TCP sessions

  6. SSL VPN sessions

Answer: A,B,D

Question No: 120 – (Topic 2)

Which two statements about WPA 2 in enterprise mode are true? (choose two)

  1. TKIP generates a MCI to provide data integrity for the wireless frame.

  2. The PMK is generated dynamically by the servers and passed to the access point.

  3. 802.1x authentication is performed in the second of two authentication phases.

  4. It is commonly used in home environments as well as enterprises.

  5. 802.1x authentication is performed in the first of two authentication phases.

  6. Session keys can be shared with multiple clients.

Answer: B,E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *