[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 181-190

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 181 – (Topic 2)

Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

  1. Destination Unreachable-protocol Unreachable

  2. Destination Unreachable-port Unreachable

  3. Time Exceeded-Time to Live exceeded in Transit

  4. Redirect-Redirect Datagram for the Host

  5. Time Exceeded-Fragment Reassembly Time Exceeded

  6. Redirect-Redirect Datagram for the Type of service and Host

Answer: B,C

Question No: 182 – (Topic 2)

What port has IANA assigned to the GDOI protocol?

  1. UDP 4500

  2. UDP 500

  3. UDP 1812

  4. UDP 848

Answer: D

Question No: 183 – (Topic 2)

You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):

Dumps4Cert 2017 PDF and VCE

With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP

registration fails. Registration will continue to fail until you do which of these?

  1. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

  2. Modify the NHRP hold times to match on the hub and spoke

  3. Modify the NHRP network IDs to match on the hub and spoke

  4. Modify the tunnel keys to match on the hub and spoke

Answer: D

Question No: 184 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. What are three effect of the given firewall configuration? (Choose three.)

  1. The firewall allows Echo Request packets from any source to pass server.

  2. The firewall allows time Exceeded error messages from any source to pass to the server.

  3. PCs outside the firewall are unable to communicate with the server over HTTP

  4. The firewall allows Echo Reply packets from any source to pass to the server.

  5. The firewall allows Destination Unreachable error messages from any source to pass to the server.

  6. The firewall allows Packet too big error messages from any source to pass to the server.

Answer: A,D,F

Question No: 185 – (Topic 2)

What are three IPv6 extension headers? (Choose three)

  1. TTL

  2. source option

  3. Destination options

  4. Authentication

  5. Segment

  6. Hop-by-Hop options

Answer: C,D,F

Question No: 186 – (Topic 2)

Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)

  1. The maximum path MTU across the GRE tunnel is set to 65534 bytes.

  2. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.

  3. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.

  4. It disables PMTUD discovery for tunnel interfaces.

  5. The DF bit are copied to the GRE IP header.

  6. The minimum path MTU across the GRE tunnel is set to 1476 bytes.

Answer: B,E

Question No: 187 – (Topic 2)

Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

  1. Network translation mode

  2. Single-context routed mode

  3. Multiple-context mode

  4. Transparent mode

Answer: B

Question No: 188 – (Topic 2)

Which two current RFCs discuss special use IP addresses that may be used as a checklist of invalid routing prefixes for IPv4 and IPv6 addresses? (Choose two.)

  1. RFC 5156

  2. RFC 5735

  3. RFC 3330

  4. RFC 1918

  5. RFC 2827

Answer: A,B

Question No: 189 – (Topic 2)

Given the IPv4 address 10.10.100.16, which two address are valid IPv4-compatible IPv6 addresses? (Choose two)

A. 0:0:0:0:0:10:10:100:16

B. 0:0:10:10:10:16:0:0:0

C. 0:0:10:10:100:16:0:0:0

D. ::10:10:100:16

E. :::A:A:64:10

Answer: A,D

Question No: 190 – (Topic 2)

What are two features that help to mitigate man-in-the-middle attacks?(Choose two)

  1. dynamic ARP inspection

  2. ARP sniffing on specific ports

  3. destination MAC ACLs

  4. ARP spoofing

  5. DHCP snooping

Answer: A,E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *