This page was exported from All The Latest MCTS Exam Questions And Answers For Free Share [ https://www.mctsdump.com ] Export date:Tue Mar 19 8:09:32 2024 / +0000 GMT ___________________________________________________ Title: [Free-Dumps] 100 Percent Pass 400-251 By Learning PassLeader Free 400-251 Study Guide (Question 271 – Question 300) --------------------------------------------------- New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms QUESTION 271Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID? A.    Network translation modeB.    Single-context routed modeC.    Multiple-context modeD.    Transparent mode Answer: B QUESTION 272What protocol is responsible for issuing certificates? A.    SCEPB.    DTLSC.    ESPD.    AHE.    GET Answer: A QUESTION 273Which category to protocol mapping for NBAR is correct? A.    Category: internetProtocol: FTP, HTTP, TFTPB.    Category: Network managementProtocol: ICMP, SNMP, SSH, telentC.    Category: network mail servicesProtocol: mapi, pop3, smtpD.    Category: Enterprise applicationsProtocal: citrixICA, PCAnywhere, SAP, IMAP Answer: A QUESTION 274You have discovered unwanted device with MAC address 001c.0f12.badd on port FastEthernet1/1 on VLAN 4. What command or command sequence can you enter on the switch to prevent the MAC address from passing traffic on VLAN 4?     Answer: D QUESTION 275Which two options are benefits of the Cisco ASA Identity Firewall? (Choose two.) A.    It can apply security policies on an individual user or user-group basisB.    It can identify threats quickly based on their URLsC.    It can operate completely independently of other servicesD.    It decouples security policies from the network topologyE.    It supports an AD server module to verify identity data Answer: AD QUESTION 276Refer to the exhibit. Which effect of this command is true? A.    The current public key of the router is deleted from the cache when the router reboots, and the router generates a new one.B.    The CA revokes the public key certificate of the router.C.    The public key of the remote peer is deleted from the router cache.D.    The router immediately deletes its current public key from the cache and generates a new one.E.    The router sends a request to the CA to delete the router certificate from its configuration. Answer: C QUESTION 277Refer to the exhibit. If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true? (Choose two.) A.    The device will close each connection after 90 seconds even if a connection is actively processing a request.B.    Connections will close after 60 seconds without activity or 90 seconds with activity.C.    Connections will close after 60 seconds or as soon as the first request is processed.D.    When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds.E.    Connections will close after 60 seconds without activity or as soon as the first request is processed. Answer: CE QUESTION 278Which two statements about global ACLs are true? (Choose two.) A.    They support an implicit denyB.    They are applied globally instead of being replicated on each interfaceC.    They override individual interface access rulesD.    They require an explicit denyE.    They can filer different packet types than extended ACLsF.    They require class-map configuration Answer: AB QUESTION 279What are two security controls you can implement to protect your organization's network from virus and worm outbreak? (Choose two.) A.    Require users to authenticate before accessing the networkB.    Quarantine hosts that fail to meet your organization's IT security requirementsC.    Implement Cisco Identity Service Engine (ISE) for network securityD.    Implement routing protocols with strong interface authenticationE.    Deploy Cisco prime LMS to manage network security Answer: BC QUESTION 280Which two statement about DHCP snooping are true? (Choose two.) A.    The binding database stores information about trusted interface.B.    Massages sent from outside the service-provider network are untrusted.C.    The binding database stores information about both IP and MAC addresses.D.    The lease time in the binding database is a pre-set value.E.    DHCP servers connect to untrusted interface on the switch. Answer: CD QUESTION 281Which three statements about Unicast RPF in strict mode and loose mode are true? (Choose three.) A.    Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.B.    Strict mode requires a default route to be associated with the uplink network interface.C.    Both loose and strict modes are configured globally on the router.D.    Loose mode requires the source address to be present in the routing table.E.    Strict mode is recommended on interfaces that will receive packets only form the same subnet to which the interface is assigned.F.    Interfaces in strict mode drop traffic with return routes that point to the NULL 0 interface. Answer: DEF QUESTION 282What are three IPv6 extension headers? (Choose three.) A.    TTLB.    source optionC.    Destination optionsD.    AuthenticationE.    SegmentF.    Hop-by-Hop options Answer: CDF QUESTION 283What command specifies the peer from which MSDP SA message are accepted? A.    IP msdpsa-filter in <peer>[list<acl>] [route-map <map> ]B.    Ipmsdp default-peer <peer>C.    Ipmsdp mesh-groupD.    Ipmsdp originator-id <interface> Answer: B QUESTION 284Which two statements about the AES algorithm are true? (Choose two.) A.    The AES algorithm is an asymmetric block cipher.B.    The AES algorithm operates on a 128-bits block.C.    The AES algorithm uses a fixed length-key of 128 bits.D.    The AES algorithm does not give any advantage over 3DES due to the same key length.E.    The AES algorithm consist of four functions. Three functions provide confusion-diffusion and one provides encryption. Answer: BE QUESTION 285Which feature can prevent IP spoofing attacks? A.    CoPPB.    CBACC.    ARP spoofingD.    TCP InterceptE.    Unicast RPFF.    CAR Answer: E QUESTION 286What technique can an attacker use to obfuscate a malware application payload, allowing it to bypass standard security mechanisms? A.    Teredo tunnellingB.    DecryptionC.    A PE32 headerD.    SteganographyE.    BASE64 Answer: E QUESTION 287Drag and Drop QuestionDrag each EAP variant in the 802.1X framework on the left to the matching statement on the right. Answer: QUESTION 288Refer to the exhibit. What feature must be implemented on the network to produce the given output? A.    PQB.    CQC.    WFQD.    NBARE.    CAR Answer: D QUESTION 289Which two options are benefits of shortcut Switching Enhancements for NHRP on DMVPN networks? (Choose two.) A.    Its enables the NHRP FIB lookup process to perform route summarization on the hub.B.    It allows data packets to be fast switched while spoke-to-spoke tunnels are being established.C.    It is most beneficial with partial full-mesh DVMPN setup.D.    It supports layered network topologies with the central hubs and direct spoke-to-spoke tunnels between spokes on different hubs.E.    It enables spokes to use a summary route to build spoke-to-spoke tunnels. Answer: BE QUESTION 290Which two statements about the DES algorithm are true? (Choose two.) A.    The DES algorithm is based on asymmetric cryptography.B.    The DES algorithm is a stream cipher.C.    The DES algorithm is based on symmetric cryptography.D.    The DES algorithm encrypts a block of 128 bits.E.    The DES algorithm uses a 56-bit key. Answer: CE QUESTION 291What are the two IPSec modes? (Choose two.) A.    AggressiveB.    ISAKMPC.    TransportD.    IKEE.    MainF.    Tunnel Answer: CF QUESTION 292Which two options are unicast address types for IPv6 addressing? (Choose two.) A.    EstablishedB.    StaticC.    GlobalD.    DynamicE.    Link-local Answer: CE QUESTION 293What are the two technologies that support AFT? (Choose two.) A.    SNATB.    NAT -6to4C.    DNATD.    NAT -PTE.    NAT -PMPF.    NAT64 Answer: DF QUESTION 294Refer to the Exhibit. Which service or feature must be enabled on 209.165.200.255 produce the given output? A.    The finger serviceB.    A BOOTp serverC.    A TCP small serverD.    The PAD service Answer: C QUESTION 295Drag and Drop QuestionDrag each step in the configuration of flexiblenetflow IPv6 traffic Unicast flows on the left into the Correct order of operation on the right. Answer: QUESTION 296You want to allow existing network hardware (which is not part of the ACI infrastructure) to be governed by the APIC, by installing device packages. Where must these packages be installed? A.    On the connecting leaf switchesB.    On the APICC.    On the network element you are addingD.    On all devices on the path Answer: A QUESTION 297What are three QoS features supported on the ASA running version 8.x? (Choose three.) A.    Traffic shaping and standard priority queuing on the same interface.B.    IPSec-over-TCP priority queuing.C.    Traffic shaping within the class-default class map only.D.    Priority queuing.E.    Traffic shaping within any class map.F.    Traffic policing. Answer: CDF QUESTION 298What IOS feature can prevent header attacks by using packet-header information to classify traffic? A.    CARB.    FPMC.    TOSD.    LLQE.    TTL Answer: B QUESTION 299Which two statement about MLD version 2 on the ASA are true? (Choose two.) A.    It allows the ASA to function as a multicast router.B.    It enables the ASA to discover multicast address listeners on attached and remote links.C.    It discover other multicast address listeners by listening to multicast listener reports.D.    It enables the ASA to discover multicast address listeners to attached links only.E.    It sends multicast listener reports in response to multicast listener quires. Answer: DE QUESTION 300Which two characteristics of DTLS are true? (Choose two.) A.    It includes a congestion control mechanismB.    It supports long data transfers and connections data transfersC.    It completes key negotiation and bulk data transfer over a single channelD.    It is used mostly by applications that use application layer object-security protocolsE.    It includes a retransmission method because it uses an unreliable datagram transportF.    It cannot be used if NAT exists along the path Answer: AE Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-02-14 10:38:07 Post date GMT: 2017-02-14 10:38:07 Post modified date: 2017-02-14 10:38:07 Post modified date GMT: 2017-02-14 10:38:07 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com