[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 301-310

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 301 – (Topic 2)

For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)

  1. BVI is required for the inspection of IP traffic.

  2. The firewall can perform routing on bridged interfaces.

  3. BVI is required if routing is disabled on the firewall.

  4. BVI is required if more than two interfaces are in a bridge group.

  5. BVI is required for the inspection of non-IP traffic.

  6. BVI can manage the device without having an interface that is configured for routing.

Answer: D,F

Question No: 302 – (Topic 2)

How does a wireless association flood attack create a DoS?

  1. It sends a high-power RF pulse that can damage the internals of the AP

  2. It spoofs disassociation frames from the access point.

  3. It uses a brute force attack to crack the encryption.

  4. It exhausts the access client association table.

Answer: D

Question No: 303 – (Topic 2)

What are the two technologies that support AFT? (Choose two)

  1. NAT-PT

  2. SNAT

  3. NAT64

  4. DNAT

  5. NAT-PMP

  6. NAT-6to4

Answer: A,C

Question No: 304 – (Topic 2)

NWhich two statements about the ISO are true? (Choose two.

  1. The ISO is a government-based organization.

  2. The ISO has three membership categories: Member, Correspondent, and Subscribers.

  3. Subscriber members are individual organizations.

  4. Only member bodies have voting rights.

  5. Correspondent bodies are small countries with their own standards organization.

Answer: B,D

Explanation: Member bodies are national bodies considered the most representative standards body in each country. These are the only members of ISO that have voting rights.

Question No: 305 – (Topic 2)

Refer to the exhibit . What is the meaning of the given error message?

  1. The PFS groups are mismatched.

  2. The pre-shared keys are mismatched.

  3. The mirrored crypto ACLs are mismatched.

  4. IKE is disabled on the remote peer.

Answer: B

Question No: 306 – (Topic 2)

Which two options are disadvantages of MPLS layers 3 VPN services? (choose two)

  1. They requires cooperation with the service provider to implement transport of non-IP traffic.

  2. SLAs are not supported by the service provider.

  3. It requires customers to implement QoS to manage congestion in the network.

  4. Integration between Layers 2 and 3 peering services is not supported.

  5. They may be limited by the technology offered by the service provider.

  6. They can transport only IPv6 routing traffic.

Answer: D,E

Question No: 307 – (Topic 2)

What security element must an organization have in place before it can implement a security audit and validate the audit results?

  1. firewall

  2. network access control

  3. an incident response team

  4. a security policy

  5. a security operation center

Answer: D

Question No: 308 – (Topic 2)

Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)

  1. confidentiality and integrity of customer records and credit card information

  2. accountability in the event of corporate fraud

  3. financial information handled by entities such as banks, and mortgage and insurance

    brokers

  4. assurance of the accuracy of financial records

  5. US Federal government information

  6. security standards that protect healthcare patient data

Answer: B,D

Explanation: 826)A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue?

  1. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.

  2. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client.

  3. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.

  4. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.

  5. The Cisco Easy VPN client machine needs to have multiple NICs to support this.

Answer: B

Question No: 309 – (Topic 2)

Which two statements about NAT-PT with IPv6 are true?(choose twp)

  1. It can be configured as dynamic, static, or PAT.

  2. It provides end-to-end security.

  3. It supports IPv6 BVI configurations.

  4. It provides support for Cisco Express Forwarding.

  5. It provides ALG support for ICMP and DNS.

  6. The router can be a single point of failure on the network.

Answer: A,E

Question No: 310 – (Topic 2)

what is the most commonly used technology to establish an encrypted HTTP connection?

  1. the HTTP/1.1 Upgrade header

  2. the HTTP/1.0 Upgrade header

  3. Secure Hypertext Transfer Protocol

  4. HTTPS

Answer: D

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 291-300

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 291 – (Topic 2)

What is an example of a WEP cracking attack ?

  1. SQL injection attack

  2. Caf茅 latte attack

  3. directory traversal attack

  4. Reflected XSS attack

Answer: B

Question No: 292 – (Topic 2)

What are two advantages of NBAR2 over NBAR? (Choose two)

  1. Only NBAR2 support Flexible NetFlow for extracting and exporting fields from the packet header.

  2. Only NBAR2 allows the administrator to apply individual PDL files.

  3. Only NBAR2 support PDLM to support new protocals.

  4. Only NBAR2 can use Sampled NetFlow to extract pre-defined packet headers for reporting.

  5. Only NBAR2 supports custom protocols based on HTTP URLs.

Answer: A,E

Question No: 293 – (Topic 2)

What protocol does SMTPS use to secure SMTP connections?

  1. AES

  2. TLS

  3. Telnet

  4. SSH

Answer: B

Question No: 294 – (Topic 2)

You want to enable users in your company’s branch offices to deploy their own access points using WAN link from the central office, but you are unable to a deploy a controller in the branch offices. What lightweight access point wireless mode should you choose?

  1. TLS mode

  2. H-REAP mode

  3. Monitor mode

  4. REAP mode

  5. Local mode

Answer: B

Question No: 295 – (Topic 2)

What are the two IPSec modes? (Choose two)

  1. Aggressive

  2. ISAKMP

  3. Transport

  4. IKE

  5. Main

  6. Tunnel

Answer: C,F

Question No: 296 – (Topic 2)

Which option describes the purpose of the RADIUS VAP-ID attribute?

  1. It specifies the ACL ID to be matched against the client

  2. It specifies the WLAN ID of the wireless LAN to which the client belongs

  3. It sets the minimum bandwidth for the connection

  4. It sets the maximum bandwidth for the connection

  5. It specifies the priority of the client

  6. It identifies the VLAN interface to which the client will be associated

Answer: B

Question No: 297 – (Topic 2)

Which three global correlation feature can be enabled from cisco IPD device manager (Cisco IDM)? (Choose three)

  1. Network Reputation

  2. Global Data Interaction

  3. Signature Correlation

  4. Reputation Filtering

  5. Global Correlation Inspection

  6. Data Contribution

  7. Reputation Assignment

Answer: C,D,E

Question No: 298 – (Topic 2)

Which technology builds on the vPathconcept and can be used in virtual and physical environments?

  1. VXLAN

  2. ACI

  3. NSH

  4. SDN

Answer: C

Question No: 299 – (Topic 2)

Which Cisco product solution is designed for workload mobility between public-public and private-public clouds?

  1. Cisco Cloud Orchestrator

  2. Cisco Unified Cloud

  3. Cisco Intercloud Fabric

  4. Cisco Metapod

Answer: C

Question No: 300 – (Topic 2)

Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)

  1. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.

  2. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.

  3. Infrastructure ACLs are used to block-permit the transit traffic.

  4. Infrastructure ACLs only protect device physical management interface.

Answer: B,D

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 281-290

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 281 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. What is the effect of the given configuration?

  1. It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.

  2. It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to

    3600 milliseconds.

  3. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.

  4. It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.

  5. It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.

Answer: E

Question No: 282 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?

  1. Configure Unicast RPF Loose Mode on R2 and R3 only.

  2. Configure Unicast RPF Loose Mode on R1 only.

  3. Configure Unicast RPF Strict Mode on R1 only.

  4. Configure Unicast RPF Strict Mode on R1,R2 and R3.

  5. Configure Unicast RPF Strict Mode on R2 and R3 only.

Answer: E

Question No: 283 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit if R1 is acting as a DHCP server ,What action can you take to enable the pc to receive an ip address assignment from the DHCP server ?

  1. Configure the IP local pool command on R2

  2. Configure DHCP option 150 on R2

  3. Configure the IP helper-address command on R2 to use R1’s ip address

  4. Configure the IP helper-address command on R1 to use R2’s ip address

  5. Configuration DHCP option 82 on R1

  6. Configure the ip local pool command on R1

Answer: C

Question No: 284 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?

  1. The signature belongs to the IOS IPS Basic category.

  2. The signature belongs to the IOS IPS Advanced category.

  3. There is insufficient memory to compile the signature.

  4. The signature is retired.

  5. Additional signature must be complied during the compiling process.

Answer: C

Question No: 285 – (Topic 2)

Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)

  1. BGP NHT

  2. route reflector

  3. local preference

  4. confederations

  5. Virtual peering

Answer: B,D

Question No: 286 – (Topic 2)

IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)

  1. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.

  2. Ikev2 perform TCP intercept on all secure connections

  3. IKEv2 only allows symmetric keys for peer authentication

  4. IKEv2 interoperates with IKEv1 to increase security in IKEv1

  5. IKEv2 only allows certificates for peer authentication

  6. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie

Answer: A,F

Question No: 287 DRAG DROP – (Topic 2)

Drag each MACsec term on the left to the right matching statement on the right?

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange

SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco

Question No: 288 – (Topic 2)

Which of the following best describes Chain of Evidence in the context of security forensics?

  1. Evidence is locked down, but not necessarily authenticated.

  2. Evidence is controlled and accounted for to maintain its authenticity and integrity.

  3. The general whereabouts of evidence is known.

  4. Someone knows where the evidence is and can say who had it if it is not logged.

    Answer: B

    Question No: 289 DRAG DROP – (Topic 2)

    Drag each step in the configuration of a cisco ASA NSEL export to a NETFLOW collector on the left into the correct order of operations on the right?

    Dumps4Cert 2017 PDF and VCE

    Answer:

    Dumps4Cert 2017 PDF and VCE

    Explanation:

    1. Configure the NSEL collector.

    2. Create Class-map to identify the desired traffic.

    3. Call ACL under the class-map to match the desired traffic.

    4. Create policy-map

    5. Associate Class-map to policy map.

    6. Configure flow-export action.

    7. Associate Policy-map to service-policy.

      Question No: 290 – (Topic 2)

      What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?

      1. merge rule tool

      2. policy simplification tool

      3. rule grouping tool

      4. object group tool

      5. combine rule tool

Answer: E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 271-280

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 271 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit Which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?

A. _65509.?$ B. _65503$ C. ^65503.* D. ^65503$ E. _65503_ F. 65503

Answer: C

Question No: 272 DRAG DROP – (Topic 2)

Drag and drop the DNS record types from the left to the matching descriptions to the right

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation:

DNSkEY: contains a public key for use by the resolver NSEC: Link to the zone#39;s next record name

NSEC3 : contains a hashed link to the zone#39;s next record name PRSIG: contains the record set#39;s DNSSEC signature

NSEC3PARAM : used by authoritative DNS servers when responding to DNSSEC requests

DS : holds the delegated zone#39;s name

Question No: 273 – (Topic 2)

On which two protocols is VNC based?(Choose two)

  1. Rdesktop

  2. UDP

  3. RFB

  4. Terminal Services Client

  5. CoRD

  6. TCP

Answer: C,F

Question No: 274 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit What is the configuration design to prevent?

  1. Man in the Middle Attacks

  2. Dynamic payload inspection

  3. Backdoor control channels for infected hosts

  4. DNS Inspection

Answer: D

Question No: 275 – (Topic 2)

What protocol provides security for datagram protocols?

  1. MAB

  2. DTLS

  3. SCEP

  4. GET

  5. LDP

Answer: B

Question No: 276 – (Topic 2)

What command specifies the peer from which MSDP SA message are accepted?

  1. IP msdpsa-filter in lt;peergt;[listlt;aclgt;] [route-map lt;mapgt; ]

  2. Ipmsdp default-peer lt;peergt;

  3. Ipmsdp mesh-group

  4. Ipmsdp originator-id lt;interfacegt;

Answer: B

Question No: 277 – (Topic 2)

What is the effect of the following command on Cisco IOS router? ip dns spoofing 1.1.1.1

  1. The router will respond to the DNS query with its highest loopback address configured

  2. The router will respond to the DNS query with 1.1.1.1 if the query id for its own hostname

  3. The router will respond to the DNS query with the IP address of its incoming interface for any hostname query

  4. The router will respond to the DNS query with the IP address of its incoming interface for its own hostname

Answer: D

Question No: 278 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP

registration fails Registration will continue to fail until you do which of these?

  1. Modify the NHRP network IDs to match on the hub and spoke.

  2. configure the ip nhrp caches non-authoritative command on the hub’s tunnel interface.

  3. modify the tunnel keys to match on the hub and spoke.

  4. modify the NHRP hold time to match on the hub and spoke.

Answer: C

Question No: 279 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true?(Choose two)

  1. The device will close each connection after 90 seconds even if a connection is actively processing a request.

  2. Connections will close after 60 seconds without activity or 90 seconds with activity.

  3. Connections will close after 60 seconds or as soon as the first request is processed.

  4. When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds.

  5. Connections will close after 60 seconds without activity or as soon as the first request is processed.

Answer: C,E

Question No: 280 – (Topic 2)

Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?

  1. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors

  2. The ASA supports policy-based routing with route maps

  3. Routes to the Null0 interface cannot be configured to black-hole traffic

  4. The translations table cannot override the routing table for new connections

Answer: C

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 261-270

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 261 – (Topic 2)

Which two commands would enable secure logging on Cisco ASA to a syslog server at

10.0.0.1? (Choose two)

  1. logging host inside 10.0.0.1 TCP/1500 secure

  2. logging host inside 10.0.0.1 UDP/514 secure

  3. logging host inside 10.0.0.1 TCP/1470 secure

  4. logging host inside 10.0.0.1 UDP/500 secure

  5. logging host inside 10.0.0.1 UDP/447 secure

Answer: A,C

Question No: 262 – (Topic 2)

Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN

controller? (Choose five)

  1. MAC address range

  2. MAC address range number of clients it has

  3. open authentication

  4. whether it matches a user-configured SSID

  5. whether it operates on an authorized channel

  6. minimum RSSI

  7. time of day the rogue operates

  8. Whether it matches a managed AP SSID

Answer: B,C,D,F,H

Question No: 263 – (Topic 2)

You are developing an application to manage the traffic flow of a switch using an OpenDaylight controller. Knowing you use a Northbound REST API ,which statement is true?

  1. Different applications, even in different languages, cannot use the same functions in a REST API at same time.

  2. The server retains client state records

  3. We must teach our applications about the Southbound protocol(s) used

  4. The applications are considered to be the clients, and the controller is considered to be the server

Answer: D

Question No: 264 – (Topic 2)

What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)

  1. IMAP

  2. RDP

  3. MME

  4. ICQ

  5. POP3

  6. IKE

Answer: A,D,E

Question No: 265 DRAG DROP – (Topic 2)

Drag and drop the role on the left onto their responsibility in the change-management process on the right

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation:

  1. Change Builder – Plans and Implement

  2. Change Comittee – Determines whether 3 Customer – Submit Change Request

4 Project Manager – Owns and Leads

Question No: 266 – (Topic 2)

All of these Cisco security products provide event correlation capabilities excepts which one?

  1. Cisco Security MARS

  2. Cisco Guard/Detector

  3. Cisco ASA adaptive security appliance

  4. Cisco IPS

  5. Cisco Security Agent.

Answer: C

Question No: 267 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. What are the two effects of the given configuration? (Choose two)

  1. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded

  2. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering

  3. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the

    destination address specified in the datagram

  4. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed

  5. It permits Parameter Problem messages that indicate an error in the header

  6. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram

Answer: C,F

Question No: 268 – (Topic 2)

Which two statements about global ACLs are true? (Choose two)

  1. They support an implicit deny

  2. They are applied globally instead of being replicated on each interface

  3. They override individual interface access rules

  4. They require an explicit deny

  5. They can filer different packet types than extended ACLs

  6. They require class-map configuration

Answer: A,B

Question No: 269 DRAG DROP – (Topic 2)

Drag and drop the description on the left on to the associated item on the right.

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation: Collection of similar programs that work together to execute specific tasks: Botnet

Independent malicious program copies itself: Worms

Programs that appear to have one function but actually performs a different function: Trojan horse

Programs that modify other programs: Virus

Question No: 270 – (Topic 2)

Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

  1. Network translation mode

  2. Single-context routed mode

  3. Multiple-context mode

  4. Transparent mode

Answer: B

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 251-260

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 251 DRAG DROP – (Topic 2)

Drag and drop each RADIUS packet field on the left onto the matching decription on the right.

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation: A-5,B-2,C-1,D-3,E-4

Question No: 252 – (Topic 2)

Which two statements about header attacks are true?(Choose Two)

  1. An attacker can use IPv6 Next Header attacks to steal user data and launch phishing attacks.

  2. An attacker can use HTTP Header attacks to launch a DoS attack.

  3. An attacker can execute a spoofing attack by populating the RH0 routing header subtype with multiple

    destination addresses.

  4. An attacker can leverage an HTTP response header to write malicious cookies.

  5. An attacker can leverage an HTTP response header to inject malicious code into an application layer.

  6. An attacker can use vulnerabilities in the IPv6 routing header to launch attacks at the application layer.

Answer: B,C

Question No: 253 – (Topic 2)

What technology can you implement on your network to allow IPv4-dependent applications to work with IPv6- capable application?

  1. NAT 6to4

  2. DS-lite

  3. NAT-PT

  4. ISATAP

  5. NAT64

Answer: E

Question No: 254 – (Topic 2)

Refer to the exhibit. Which statement about the router R1 is true?

  1. Its private-config is corrupt.

  2. Its NVRAM contains public and private crypto keys.

  3. Its running configuration is missing.

  4. RMON is configured.

Answer: B

Question No: 255 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. Which effect of this configuration is true?

  1. Host_1 learns about R2 and only and prefers R2 as its default router

  2. Host_1 selects R2 as its default router and load balances between R2 and R3

  3. Host_1 learns about R2 and R3 only and prefers R3 as its default router

  4. Host_1 learns about R1,R2 and R3 and load balances between them

  5. Host_1 learns about R1, R2 and R3 and prefers R2 as its default router

Answer: E

Explanation: Which two statements about IKEv2 are true? (Choose two)

  1. It uses EAP authentication

  2. It uses X.509 certificates for authentication

  3. The profile is a collection of transforms used to negotiate IKE SAs

  4. It supports DPD and Nat-T by default

  5. The profile contains a repository of symmetric and asymmetric preshared keys

  6. At minimum, a complete proposal requires one encryption algorithm and one integrity algorithm

Answer: E,F

Question No: 256 – (Topic 2)

What feature on Cisco IOS router enables user identification and authorization based on

per-user policies

  1. CBAC

  2. IPsec

  3. Authentication proxy

  4. NetFlow v9

  5. Zone-based firewall

  6. EEM

Answer: C

Question No: 257 DRAG DROP – (Topic 2)

Drag and drop ESP header field on the left to the appropriate field length on the right

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Question No: 258 – (Topic 2)

Which two statements about the MD5 Hash are true? (Choose two.)

  1. Length of the hash value varies with the length of the message that is being hashed.

  2. Every unique message has a unique hash value.

  3. Its mathematically possible to find a pair of message that yield the same hash value.

  4. MD5 always yields a different value for the same message if repeatedly hashed.

  5. The hash value cannot be used to discover the message.

Answer: B,E

Question No: 259 – (Topic 2)

Which two statement about MSDP ate true? (Choose three)

  1. It can connect to PIM-SM and PIM-DM domains

  2. It announces multicast sources from a group

  3. The DR sends source data to the rendezvous point only at the time the source becomes active

  4. It can connect only to PIM-DM domains

  5. It registers multicast sources with the rendezvous point of a domain

  6. It allows domains to discover multicast sources in the same or different domains.

Answer: B,E,F

Question No: 260 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit.While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?

  1. The NTP continuously received the previous 8 packets.

  2. The NTP process is waiting to receive its first acknowledgement.

  3. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.

  4. The NTP process received only the most recent packet.

Answer: C

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 241-250

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 241 – (Topic 2)

What is the default communication port used by RSA SDI and ASA ?

  1. UDP 500

  2. UDP 848

  3. UDP 4500

  4. UDP 5500

Answer: D

Question No: 242 – (Topic 2)

Which two OSPF network types support the concept of a designated router? (Choose two.)

  1. broadcast

  2. NBMA

  3. point-to-multipoint

  4. point-to-multipoint nonbroadcast

  5. loopback

Answer: A,B

Question No: 243 – (Topic 2)

IANA is responsible for which three IP resources? (Choose three.)

  1. IP address allocation

  2. Detection of spoofed address

  3. Criminal prosecution of hackers

  4. Autonomous system number allocation

  5. Root zone management in DNS

  6. BGP protocol vulnerabilities

Answer: A,D,E

Question No: 244 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?

  1. eBGP peering will fail because ASA is transit lacks BGP support.

  2. eBGP peering will be successful.

  3. eBGP peering will fail because the two routers must be directly connected to allow peering.

  4. eBGP peering will fail because of the TCP random sequence number feature.

Answer: C

Question No: 245 – (Topic 2)

What message does the TACACS daemon send during the AAA authentication process

to request additional authentication information?

  1. ACCEPT

  2. REJECT

  3. CONTINUE

  4. ERROR

  5. REPLY

Answer: C

Question No: 246 – (Topic 2)

Which two statements about the SHA-1 algorithm are true? (Choose two)

  1. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.

  2. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.

  3. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.

  4. The purpose of the SHA-1 algorithm is to provide data confidentiality.

  5. The purpose of the SHA-1 algorithm is to provide data authenticity.

Answer: B,E

Question No: 247 – (Topic 2)

What are two security controls you can implement to protect your organization’s network from virus and worm

outbreak? (Choose two)

  1. Require users to authenticate before accessing the network

  2. Quarantine hosts that fail to meet your organization’s IT security requirements

  3. Implement Cisco identity service Engine (ISE. for network security

  4. Implement routing protocols with strong interface authentication

  5. Deploy Cisco prime LMS to manage network security

Answer: B,C

Question No: 248 – (Topic 2)

From the list below, which one is the major benefit of AMP Threat GRID?

  1. AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with viruses

  2. AMP Threat Grid learns ONLY from data you pass on your network and not from anything else to monitor for suspicious behavior. This makes the system much faster and efficient

  3. AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one combined solution

  4. AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral

indicators

Answer: C

Question No: 249 – (Topic 2)

According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)

  1. Router Renumbering(Type 138)

  2. Node Information Query(Type 139)

  3. Router Solicitation(Type 133)

  4. Node information Response(Type

  5. Router Advertisement(Type 134)

  6. Neighbor Solicitaion(Type 135)

Answer: A,B,D

Question No: 250 – (Topic 2)

In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to

WebAuth authentication with a user name and password?

  1. On MAC Filter Failure

  2. Pass through

  3. Splash Page Web Redirect

  4. Conditional Web Redirect

  5. Authentication

Answer: A

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 231-240

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 231 – (Topic 2)

Which statement about Sarbanes-Oxley (SOX) is true?

  1. SOX is an IEFT compliance procedure for computer systems security.

  2. SOX is a US law.

  3. SOX is an IEEE compliance procedure for IT management to produce audit reports.

  4. SOX is a private organization that provides best practices for financial institution computer systems.

  5. Section 404 of SOX is only related to IT compliance.

Answer: B

Question No: 232 – (Topic 2)

Which three statements about Cisco Flexible NetFlow are true? (Choose three.)

  1. The packet information used to create flows is not configurable by the user.

  2. It supports IPv4 and IPv6 packet fields.

  3. It tracks all fields of an IPv4 header as well as sections of the data payload.

  4. It uses two types of flow cache, normal and permanent.

  5. It can be a useful tool in monitoring the network for attacks.

Answer: B,C,E

Question No: 233 – (Topic 2)

Which two options are unicast address types for IPv6 addressing? (Choose two)

  1. Established

  2. Static

  3. Global

  4. Dynamic

  5. Link-local

Answer: C,E

Question No: 234 – (Topic 2)

What are three QoS features supported on the ASA running version 8.x? (Choose Three)

  1. Traffic shaping and standard priority queuing on the same interface.

  2. IPSec-over-TCP priority queuing.

  3. Traffic shaping within the class-default class map only.

  4. Priority queuing.

  5. Traffic shaping within any class map.

  6. Traffic policing.

Answer: C,D,F

Question No: 235 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. Which configuration option will correctly process network authentication and authorization using both single port ?

A)

Dumps4Cert 2017 PDF and VCE

B)

Dumps4Cert 2017 PDF and VCE

C)

Dumps4Cert 2017 PDF and VCE

D)

Dumps4Cert 2017 PDF and VCE

  1. Option A

  2. Option B

  3. Option C

  4. Option D Answer: B

Question No: 236 – (Topic 2)

Which description of a virtual private cloud is true?

  1. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation

  2. An on-demand configurable pool of shared data resources allocated within a private cloud environment,

    which provides assigned DMZ zones

  3. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation

  4. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation

Answer: D

Question No: 237 – (Topic 2)

What feature enables extended secure access from non-secure physical location?

  1. Port security

  2. Strom control

  3. NEAT

  4. CBAC

  5. 802 1x pot-based authentication

Answer: C

Question No: 238 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer the exhibit. Which of the following is the correct output of the above executed command?

A)

Dumps4Cert 2017 PDF and VCE

B)

Dumps4Cert 2017 PDF and VCE

C)

Dumps4Cert 2017 PDF and VCE

D)

Dumps4Cert 2017 PDF and VCE

  1. Option A

  2. Option B

  3. Option C

  4. Option D Answer: C

Question No: 239 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. You executed the show crypto key mypubkey rsa command to verify that the RSA key is protected and it generated the given output. What command must you have entered to protect the key?

  1. crypto key decrypt rsa name pki.cisco.com passphrase CiscoPKI

  2. crypto key zeroize rsa CiscoPKI

  3. crypto key export ras pki.cisco.com pem url flash: 3des CiscoPKI

  4. crypto key lock rsa name pki.cisco.com passphrase CiscoPKI

  5. crypto key import rsa pki.cisco.com pem url nvram: CiscoPKI

Answer: D

Question No: 240 – (Topic 2)

Which three of these are security properties that TLS v1.2 provides?(Choose three)?

  1. Availability

  2. integrity

  3. non-repudiation

  4. authentication

  5. authorization

  6. confidentiality

Answer: B,D,F

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 221-230

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 221 – (Topic 2)

On Which encryption algorithm is CCMP based?

  1. IDEA

  2. BLOWFISH

  3. RCS

  4. 3DES

  5. AES

Answer: E

Question No: 222 – (Topic 2)

What are two feature that can be used to drop incoming traffic with spoofed bogon address? (Choose two)

  1. Unicast RPF

  2. ingress ACLs

  3. flexible ACLs

  4. egress ACLs

  5. reflexive ACLs

  6. Source Specific Multicast

Answer: A,B

Explanation: 859)During a DoS attacks all of the data is lost from a user’s laptop and the user must now rebuild the system Which

tool can the user use to extract the outlook PST file from the Microsoft server database?

  1. Eseutil. exe

  2. NTabackup.cex

  3. Exmerge.exe

  4. Ost2st.exe

Answer: C

Question No: 223 – (Topic 2)

What are the two mechanism that are used to authenticate OSPFv3 packets?(Choose two)

  1. MD5

  2. ESP

  3. PLAIN TEXT

  4. AH

  5. SHA

Answer: B,D

Question No: 224 – (Topic 2)

Which two statement about the multicast addresses query message are true?(choose two)

  1. They are solicited when a node initialized the multicast process.

  2. They are used to discover the multicast group to which listeners on a link are subscribed

  3. They are used to discover whether a specified multicast address has listeners

  4. They are send unsolicited when a node initializes the multicast process

  5. They are usually sent only by a single router on a link

  6. They are sent when a node discover a multicast group

Answer: B,C

Question No: 225 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit. What is the effect of the given configuration ?

  1. It reset and logs FTP connection to all sites except cisco.com and hp.com.

  2. FTP connections are unaffected.

  3. It resets FTP connection to all sites except cisco.com and hp.com.

  4. It resets and logs FTP connection to cisco.com and hp.com only.

  5. It resets FPT connection to cisco.com and hp.com only

Answer: A

Question No: 226 – (Topic 2)

Which two statements about the anti-replay feature are true? (Choose two)

  1. By default, the sender uses a single 1024-packet sliding window

  2. By default, the receiver uses a single 64-packet sliding window

  3. The sender assigns two unique sequence numbers to each clear-text packet

  4. The sender assigns two unique sequence numbers to each encrypted packet

  5. the receiver performs a hash of each packet in the window to detect replays

  6. The replay error counter is incremented only when a packet is dropped

Answer: B,D

Question No: 227 – (Topic 2)

When attempting to use basic Http authentication to authenticate a client,which type of HTTP massage should the server use?

  1. HTTP 200 with a WWW-authenticate header.

  2. HTTP 401 with a WWW-authenticate header.

  3. Http 302 with an authenticate header.

  4. HTTP 407.

Answer: B

Question No: 228 – (Topic 2)

From what type of server can you to transfer files to ASA’s internal memory ?

  1. SSH

  2. SFTP

  3. Netlogon

  4. SMB

Answer: D

Question No: 229 – (Topic 2)

Why is the IPv6 type 0 routing header vulnerable to attack?

  1. It allows the receiver of a packet to control its flow.

  2. It allows the sender to generate multiple NDP requests for each packet.

  3. It allows the sender of a packet to control its flow.

  4. It allows the sender to generate multiple ARP requests for each packet.

  5. It allows the receiver of a packet to modify the source IP address.

Answer: C

Question No: 230 – (Topic 2)

Which of the following statement is true about the ARP spoofing attack?

  1. Attacker sends the ARP request with the MAC address and IP address of the legitimate resource in the network.

  2. Attacker of ends the ARP request with MAC address and IP address of its own.

  3. ARP spoofing does not facilitate man in-the-middle attack for the attacker.

  4. Attacker sends the ARP request with its own MAC address and IP address of legitimate resource in the

network.

Answer: D

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE

[Free] 2017(Oct) Dumps4cert Testinsides Cisco 400-251 Dumps with VCE and PDF Download 211-220

Dumps4Cert 2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 211 – (Topic 2)

What is the purpose of enabling the IP option selective Drop feature on your network routers?

  1. To protect the internal network from IP spoofing attacks.

  2. To drop IP fragmented packets.

  3. To drop packet with a TTL value of Zero.

  4. To protect the network from DoS attacks.

Answer: D

Question No: 212 – (Topic 2)

What are two action you can take to protect against DDOS attacks on cisco router and switches?(Choose two)

  1. Rate limit SYN packets

  2. Filter the RFC-1918 address space

  3. configuration IP snooping

  4. implement MAC address filtering

  5. Configuration PIM-SM

Answer: A,B

Question No: 213 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?

  1. The finger service

  2. A BOOTp server

  3. A TCP small server

  4. The PAD service

Answer: C

Question No: 214 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit, what Is the effect of the given command sequence?

  1. The router telnet to the on port 2002

  2. The AP console port is shut down.

  3. A session is opened between the router console and the AP.

  4. The router telnet to the router on port 2002.

Answer: C

Question No: 215 – (Topic 2)

Class

-map nbar_rtp

Match protocol rtp payload-type “0,1,4-0x10, 10001b – 10010b,64”

The above NBAR configuration matches RTP traffic with which payload types? A)

Dumps4Cert 2017 PDF and VCE

B)

Dumps4Cert 2017 PDF and VCE

C)

Dumps4Cert 2017 PDF and VCE

D)

Dumps4Cert 2017 PDF and VCE

  1. Option A

  2. Option B

  3. Option C

  4. Option D Answer: A

Question No: 216 – (Topic 2)

Which VPN technology is based on GDOI (RFC 3547)?

  1. MPLS Layer 3 VPN

  2. MPLS Layer 2 VPN

  3. GET VPN

  4. IPsec VPN

Answer: C

Question No: 217 – (Topic 2)

Dumps4Cert 2017 PDF and VCE

Refer to the exhibit you have configured two route-map instances on R1 which passes traffic from switch 1 on both VLAN 1 and VLAN 2.You wish to ensure that*the first route- map instance matches packets from VLAN 1 and sets next hop to 3232::2/128.* the second route-map instance matches packets from VLAN 2 and sets the next hop to

3232::3/128 What feature can you implement on R1 to make this configuration possible?

  1. PBR

  2. BGP local-preference

  3. BGP next-hop

  4. VSSP

  5. GLBP

Answer: C

Question No: 218 DRAG DROP – (Topic 2)

Drag each step in the SCEP workflow on the left into the correct order of operations on the right?

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation:

Step 1: Obtain and validate CA cert.

Step 2: Generate a certificate signing request for the CA.

Step 3: Sent a request to SCEP server to confirm that the cert was signed. Step 4: Re- enroll the client and replace the existing certificate.

Step 5: Check Certificate revocation list.

Question No: 219 DRAG DROP – (Topic 2)

Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Explanation:

A:5,B:4,C:2,D:3,E:1,F:6.

Question No: 220 – (Topic 2)

Which of these is a core function of the risk assessment process? (Choose one.)

  1. performing regular network upgrades

  2. performing network optimization

  3. performing network posture validation

  4. establishing network baselines

  5. prioritizing network roll-outs

Answer: C

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 400-251 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE