This page was exported from All The Latest MCTS Exam Questions And Answers For Free Share
[
https://www.mctsdump.com
]
Export date: Thu Mar 28 9:03:34 2024 / +0000 GMT
New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms QUESTION 241 A. Cisco Cloud Orchestrator Answer: C QUESTION 242 A. GR Answer: B QUESTION 243 A. dynamic ARP inspection Answer: AE QUESTION 244 A. It directs the actions an organization can take in response to a reported vulnerability Answer: C QUESTION 245 A. IP address allocation Answer: ADE QUESTION 246 A. They support synchronous and asynchronous requests. Answer: D QUESTION 247 A. device-traffic-class=switch Answer: A QUESTION 248 A. ISO/IEC 27001 is only intended to report security breaches to the management authority. Answer: C QUESTION 249 Answer: QUESTION 250 A. NHRP Server NHC Table Answer: A QUESTION 251 A. L2TP-Encryption Answer: BDE QUESTION 252 A. OpenAM must be deployed in a different domain Microsoft Active Directory. Answer: BE QUESTION 253 A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network. Answer: D QUESTION 254 A. Eseutil.exe Answer: C QUESTION 255 A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client. Answer: QUESTION 256 A. It uses EAP authentication Answer: EF QUESTION 257 A. broadcast Answer: AB QUESTION 258 A. 0:0:0:0:0:10:10:100:16 Answer: AD QUESTION 259 A. NAT 6to4 Answer: E QUESTION 260 A. Destination address Answer: CDE QUESTION 261 A. A webtypeACL Answer: D QUESTION 262 A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform SGT tagging at Layer 2 to devices that support it Answer: AC QUESTION 263 A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD. Answer: ACD QUESTION 264 A. It sends a high-power RF pulse that can damage the internals of the AP. Answer: D QUESTION 265 A. PBR Answer: C QUESTION 266 A. Unicast RPF Answer: AB QUESTION 267 A. The router telnet to the on port 2002. Answer: QUESTION 268 A. The hashes of each peer's IP address and port number are compared to determine whether NAT-T is required Answer: AD QUESTION 269 A. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation. Answer: C QUESTION 270 A. SOX is an IEFT compliance procedure for computer systems security. Answer: BE Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms
Which Cisco product solution is designed for workload mobility between public-public and private-public clouds?
B. Cisco Unified Cloud
C. Cisco Intercloud Fabric
D. Cisco Metapod
Refer to the exhibit. What protocol format is illustrated?
B. AH
C. ESP
D. IP
What are two features that help to mitigate man-in-the-middle attacks? (Choose two.)
B. ARP sniffing on specific ports
C. destination MAC ACLs
D. ARP spoofing
E. DHCP snooping
What is the purpose of the vulnerability risk method for assessing risk?
B. It evaluates the effectiveness and appropriateness of an organization's current risk management activities
C. It directs the actions an organization can take to ensure perimeter security
D. It prevents and protects against security vulnerabilities in an organization
E. It establishes a security team to perform forensic examinations of known attacks
Which three IP resources is the IANA responsible? (Choose three.)
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Which Statement about remote procedure calls is true?
B. They can emulate different hardware specifications on a single platform.
C. They support optimized data replication among multiple machines.
D. They use a special assembly instruction set to process remote code without conflicting with other remote processes.
E. They can be invoked by the client and the server.
You have configured an authenticator switch in access mode on a network configured with NEAT. What RADIUS attribute must the ISE sever return to change the switch's port mode to trunk?
B. device-traffic-class=trunk
C. Framed-protocol=1
D. EAP-message=switch
E. Acct-Authentic=RADIUS
F. Authenticate=Administrative
Which statement about ISO/IEC 27001 is true?
B. ISO/IEC 27001 was reviewed by the International Organization for Standardization.
C. ISO/IEC 27001 is intend to bring information security under management control.
D. ISO/IEC 27001 was reviewed by the International Electrotechnical Commission.
E. ISO/IEC 27001 was published by ISO/IEC.
Drag and Drop Question
Drag and drop ESP header field on the left to the appropriate field length on the right.
Which object table contains information about the clients know to the server in Cisco NHRP MIB implementaion?
B. NHRP Client Statistics Table
C. NHRP Cache Table
D. NHRP Purge Request Table
Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three.)
B. Web-VPN-ACL-Filters
C. IPsec-Client-Firewall-Filter-Name
D. Authenticated-User-Idle-Timeout
E. IPsec-Default-Domain
F. Authorization-Type
Which two options are system requirements for single sign-on on Cisco Unified Communications Manager? (Choose two.)
B. All participating entities must have their clocks synchronized.
C. The local user profile on Cisco Unified Communications must be disabled.
D. IWA and Kerberos authentication must be configured in the Windows domain.
E. Microsoft Active Directory must be deployed in a domain-based configuration.
Which of the following statement is true about the ARP attack?
B. Attackers sends the ARP request with the MAC address and IP address of its own.
C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.
D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.
During a DoS attacks all of the data is lost from a user's laptop and the user must now rebuild the system. Which tool can the user use to extract the outlook PST file from the Microsoft server database?
B. NTabackup.exe
C. Exmerge.exe
D. Ost2st.exe
A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue?
B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client.
C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.
D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.
E. The Cisco Easy VPN client machine needs to have multiple NICs to support this.
Which two statements about IKEv2 are true? (Choose two.)
B. It uses X.509 certificates for authentication
C. The profile is a collection of transforms used to negotiate IKE SAs
D. It supports DPD and Nat-T by default
E. The profile contains a repository of symmetric and asymmetric preshared keys
F. At minimum, a complete proposal requires one encryption algorithm and one integrity algorithm
Which two OSPF network types support the concept of a designated router? (Choose two.)
B. NBMA
C. point-to-multipoint
D. point-to-multipoint nonbroadcast
E. loopback
Given the IPv4 address 10.10.100.16, which two address are valid IPv4-compatible IPv6 addresses? (Choose two.)
B. 0:0:10:10:10:16:0:0:0
C. 0:0:10:10:100:16:0:0:0
D. ::10:10:100:16
E. :::A:A:64:10
What technology can you implement on your network to allow IPv4-dependent applications to work with IPv6- capable application?
B. DS-lite
C. NAT-PT
D. ISATAP
E. NAT64
Which three fields are part of the AH header? (Choose three.)
B. Protocol ID
C. Packet ICV
D. SPI identifying SA
E. Next header
F. Application port
G. Source address
What ASA feature can do use to restrict a user to a specific VPN group?
B. MPF
C. A VPN filter
D. Group-lock
Which two statements about SGT Exchange Protocol are true? (Choose two.)
B. SXP runs on UDP port 64999
C. A connection is established between a "listener" and a "speaker"
D. SXP is only supported across two hops
E. SXPv2 introduces connection security via TLS
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
How does a wireless association flood attack create a DoS?
B. It spoofs disassociation frames from the access point.
C. It uses a brute force attack to crack the encryption.
D. It exhausts the access client association table.
Refer to the exhibit, you have configured two route-map instances on R1 which passes traffic from switch 1 on both VLAN 1 and VLAN 2. You wish to ensure that the first route-map instance matches packets from VLAN 1 and sets next hop to 3232::2/128. The second route-map instance matches packets from VLAN 2 and sets the next hop to 3232::3/128. What feature can you implement on R1 to make this configuration possible?
B. BGP local-preference
C. BGP next-hop
D. VSSP
E. GLBP
What are two feature that can be used to drop incoming traffic with spoofed bogon address? (Choose two.)
B. ingress ACLs
C. flexible ACLs
D. egress ACLs
E. reflexive ACLs
F. Source Specific Multicast
Refer to the exhibit, what is the effect of the given command sequence?
B. The AP console port is shut down.
C. A session is opened between the router console and the AP.
D. The router telnet to the router on port 2002.
Which two statements about IPsec in a NAT-enabled environment are true? (Choose two.)
B. NAT-T is not supported when IPsec Phase 1 is set to Aggressive Mode
C. The first two messages of IPsec Phase 2 are used to determine whether the remote host supports NAT-T
D. NAT-T is not supported when IPsec Phase 1 is set to Main Mode
E. IPsec packets are encapsulated in UDP 500 or UDP 10000 packets
F. To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers
Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?
B. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.
C. AV pairs are only string values.
D. AV pairs are of two types: string and integer.
Which statement about Sarbanes-Oxley (SOX) is true?
B. SOX is a US law.
C. SOX is an IEEE compliance procedure for IT management to produce audit reports.
D. SOX is a private organization that provides best practices for financial institution computer systems.
E. Section 404 of SOX is only related to IT compliance.
Post date: 2017-02-14 10:06:23
Post date GMT: 2017-02-14 10:06:23
Post modified date: 2017-02-14 10:06:23
Post modified date GMT: 2017-02-14 10:06:23
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com