This page was exported from All The Latest MCTS Exam Questions And Answers For Free Share [ https://www.mctsdump.com ] Export date:Thu Apr 25 15:54:50 2024 / +0000 GMT ___________________________________________________ Title: [Free-Dumps] Download Free PassLeader Premium 366q 400-251 Exam Questions (Question 121 – Question 150) --------------------------------------------------- New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms QUESTION 121The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA. What command can you use to block all current and future connections from the infected host? A.    ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4B.    shun 10.10.10.4 168.65.201.120 6000 80C.    ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120D.    ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4E.    shun 168.65.201.120 10.10.10.4 6000 80 Answer: C QUESTION 122IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities? (Choose two.) A.    with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookieB.    Ikev2 perform TCP intercept on all secure connectionsC.    IKEv2 only allows symmetric keys for peer authenticationD.    IKEv2 interoperates with IKEv1 to increase security in IKEv1E.    IKEv2 only allows certificates for peer authenticationF.    An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie Answer: AF QUESTION 123Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN controller? (Choose five.) A.    MAC address rangeB.    MAC address range number of clients it hasC.    open authenticationD.    whether it matches a user-configured SSIDE.    whether it operates on an authorized channelF.    minimum RSSIG.    time of day the rogue operatesH.    Whether it matches a managed AP SSID Answer: BCDFH QUESTION 124Which two statement about the DES algorithm are true? (Choose two.) A.    It uses a 64-bit key block size and its effective key length is 65 bitsB.    It uses a 64-bits key block size and its effective key length is 56 bitsC.    It is a stream cripher that can be used with any size inputD.    It is more efficient in software implements than hardware implementationsE.    It is vulnerable to differential and linear cryptanalysisF.    It is resistant to square attacks Answer: BE QUESTION 125Which three types of addresses can the Botnet Traffic Filter feature of the Cisco ASA monitor? (Choose three.) A.    Ambiguous addressesB.    Known malware addressesC.    Listed addressesD.    Dynamic addressesE.    Internal addressesF.    Known allowed addresses Answer: ABF QUESTION 126Which Three statement about cisco IPS manager express are true? (Choose three.) A.    It provides a customizable view of events statistics.B.    It Can provision policies based on risk rating.C.    It Can provision policies based on signatures.D.    It Can provision policies based on IP addresses and ports.E.    It uses vulnerability-focused signature to protect against zero-day attacks.F.    It supports up to 10 sensors. Answer: ABF QUESTION 127In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password? A.    On MAC Filter FailureB.    Pass throughC.    Splash Page Web RedirectD.    Conditional Web RedirectE.    Authentication Answer: A QUESTION 128Drag and Drop QuestionDrag and drop each syslog facility code on the left onto its description on the right. Answer: QUESTION 129Refer to the exhibit. What is the effect of the given configuration? A.    It reset and logs FTP connection to all sites except cisco.com and hp.com.B.    FTP connections are unaffected.C.    It resets FTP connection to all sites except cisco.com and hp.com.D.    It resets and logs FTP connection to cisco.com and hp.com only.E.    It resets FPT connection to cisco.com and hp.com only Answer: A QUESTION 130What port has IANA assigned to the GDOI protocol? A.    UDP 4500B.    UDP 1812C.    UDP 500D.    UDP 848 Answer: D QUESTION 131Refer to the exhibit, after you implement ingress filter 101 to deny all icmp traffic on your perimeter router user complained of poor web performance and the router and the router display increase CPU load. The debug ipicmp command returned the given output. Which configuration you make to the router configuration to correct the problem?      Answer: D QUESTION 132Which two statements about implementing GDOI in a DMVPN network are true? (Choose two.) A.    Direct spoke-to-spoke traffic is black-holed.B.    Rekeying requires an exclusive IGMP join in the mGRE interface.C.    The crypto map is applied to the sub interface of each spoke.D.    If a group member rekey operation fails, it must wait for the SA lifetime to expire before it can reregister with the key server.E.    The DMVPN hub can act as the GDOI key server.F.    DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub. Answer: DE QUESTION 133For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two.) A.    BVI is required for the inspection of IP traffic.B.    The firewall can perform routing on bridged interfaces.C.    BVI is required if routing is disabled on the firewall.D.    BVI is required if more than two interfaces are in a bridge group.E.    BVI is required for the inspection of non-IP traffic.F.    BVI can manage the device without having an interface that is configured for routing. Answer: DF QUESTION 134Drag and Drop QuestionDrag each step in the configuration of a cisco ASA NSEL export to a NETFLOW collector on the left into the correct order of operations on the right. Answer: QUESTION 135Which two u.s government entities are authorized to execute and enforce the penalties for violations of the Sarbanes-oxley(SOX) act? (Choose two.) A.    Federal trade commission (FTC)B.    Internal Revenue service (IRS)C.    Office of Civil Rights (OCR)D.    Federal Reserve Board (FRB)E.    Securities and exchange commission (SEC)F.    United states Citizenship and immigration services (USCIS) Answer: DE QUESTION 136MWhich three are RFC 5735 addresses? (Choose three.) A.    171.10.0.0/24B.    0.0.0.0/8C.    203.0.113.0/24D.    192.80.90.0/24E.    172.16.0.0/12F.    198.50.100.0/24 Answer: BCE QUESTION 137Refer to the exhibit . Which Statement about this configuration is true? A.    The ASA stops LSA type 7 packets from flooding into OSPF area 1.B.    The ASA injects a static default route into OSPF area 1.C.    The ASA redistributes routes from one OSPF process to another.D.    The ASA redistributes routes from one routing protocol to another.E.    The ASA injects a static default route into OSPF process 1. Answer: C QUESTION 138Drag and Drop QuestionDrag and drop step in the flow of packets on a DMVPN network using GDOI on the left into the correct sequence on the right. Answer: QUESTION 139When attempting to use basic Http authentication to authenticate a client,which type of HTTP massage should the server use? A.    HTTP 200 with a WWW-authenticate header.B.    HTTP 401 with a WWW-authenticate header.C.    Http 302 with an authenticate header.D.    HTTP 407. Answer: B QUESTION 140Drag and Drop QuestionDrag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right. Answer: QUESTION 141Which two statements about the ISO are true? (Choose two.) A.    The ISO is a government-based organization.B.    The ISO has three membership categories: member, correspondent, and subscribers.C.    Only member bodies have voting rights.D.    Correspondent bodies are small countries with their own standards organization.E.    Subscriber members are individual organizations. Answer: BC QUESTION 142What feature on Cisco IOS router enables user identification and authorization based on per-user policies? A.    CBACB.    IPsecC.    Authentication proxyD.    NetFlow v9E.    Zone-based firewallF.    EEM Answer: C QUESTION 143Which two statements about WPA 2 with AES CCMP encryption are true? (Choose two.) A.    AES CCMP is a block cipherB.    It is compatible with TACACS+ servers running LEAP authenticationC.    Every wireless packet sent to the host is tagged with CCMP framesD.    It uses a 256-bit hashing keyE.    The MIC prevents modifications of wireless frames and replay attacksF.    It uses a 128-bit hashing key Answer: AF QUESTION 144Refer to the exhibit. You have received an advisory that your organization could be running a vulnerable product. Using the Cisco Systems Rapid Risk Vulnerability Model, you determine that:* Your organization is running an affected product on a vulnerable version of code vulnerable component is enabled and there is no feasible workaround.* There is medium confidence of an attack without significant collateral damage to the organization.According to the model, what is the appropriate urgency for remediation? A.    priority maintenance processB.    contact ISP to trace attackC.    no action requiredD.    remove vulnerable device from serviceE.    standard maintenance processF.    immediate mitigation process Answer: E QUESTION 145When configuration Cisco IOS firewall CBAC operation on Cisco routers, the "inspection rule" can be applied at which two location? (Choose two.) A.    at the trusted and untrusted interfaces in the inbound direction.B.    at the trusted interface in the inbound direction.C.    at the trusted and untrusted interfaces in the outbound direction.D.    at the untrusted interface in the inbound direction.E.    at the trusted interface in the outbound direction.F.    at the trusted interface in the outbound direction. Answer: BF QUESTION 146Refer to the exhibit, what type of attack is illustrated? A.    ICMP floodB.    ARP spoofingC.    IP address spoofingD.    CAM overflow Answer: B QUESTION 147Which protocol does VNC use for remote access to a GUI? A.    RTPSB.    RARPC.    E6D.    SSHE.    RFB Answer: D QUESTION 148Drag and Drop QuestionDrag each management frame protection feature on the left to the function it performs on the right. Answer: QUESTION 149Which two statements about VPLS and VPWS are true? (Choose two.) A.    VPLS Layer 2 VPNs support both full-mesh and hub-and-spoke implementationsB.    VPWS only sends the data payload over an MPLS coreC.    VPLS is intended for applications that require point-to-point accessD.    VPWS supports multicast using a hub-and-spoke architectureE.    VPLS is intended for applications that require multipoint or broadcast accessF.    VPWS supports point-to-point integration of Layer 2 and Layer 3 services over an MPLS cloud Answer: EF QUESTION 150Refer to the exhibit, which conclusion can be drawn from this output? A.    The license of the device supports multiple virtual firewallsB.    The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platformC.    The license of the device allows for it to be used in a failover setD.    The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher Answer: A Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-02-13 14:16:56 Post date GMT: 2017-02-13 14:16:56 Post modified date: 2017-02-13 14:16:56 Post modified date GMT: 2017-02-13 14:16:56 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com