This page was exported from PassLeader VCE Dumps and PDF Dumps for Free
[
https://www.testkingvce.com
]
Export date: Fri Mar 29 1:09:38 2024 / +0000 GMT
New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms QUESTION 91 A. Increase the ICMP Unreachable massage rate limit interval Answer: AE QUESTION 92 A. AES Answer: B QUESTION 93 A. crypto key export rsa pki.cisco.com pern url flash: 3des CiscoPKI Answer: E QUESTION 94 A. Cisco Security MARS Answer: C QUESTION 95 A. Access-list 10 deny 192.168.1.2.0.0.0.0 Answer: D QUESTION 96 A. SCEP Answer: CE QUESTION 97 A. Length of the hash value varies with the length of the message that is being hashed. Answer: BE QUESTION 98 A. It can run as more than one instance. Answer: ADE QUESTION 99 A. The PFS groups are mismatched. Answer: B QUESTION 100 A. A DNS server Answer: AC QUESTION 101 A. Host_1 learns about R2 and only and prefers R2 as its default router Answer: E QUESTION 102 A. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors Answer: C QUESTION 103 A. Local link prefixes are shared automatically. Answer: AF QUESTION 104 A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes. Answer: E QUESTION 105 A. FPM Answer: DE QUESTION 106 A. They are solicited when a node initialized the multicast process Answer: BC QUESTION 107 A. DH exchange initiation Answer: B QUESTION 108 Answer: QUESTION 109 A. IP address allocation Answer: ADE QUESTION 110 A. default-inspection-traffic Answer: ACEF QUESTION 111 A. By default, the sender uses a single 1024-packet sliding window Answer: BD QUESTION 112 A. Configure the ipnhrp cache non-authoritative command on the hub's tunnel interface Answer: D QUESTION 113 A. Virtualization Answer: B QUESTION 114 A. The DH group is used to provide data authentication. Answer: BD QUESTION 115 A. extKeyUsage Answer: B QUESTION 116 A. static (inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.2" Answer: ADF QUESTION 117 A. It can detect rogue Aps that use WPA encryption Answer: ABD QUESTION 118 A. Network translation mode Answer: B QUESTION 119 A. The signature belongs to the IOS IPS Basic category. Answer: C QUESTION 120 A. Router(config)#ip wccp web-cache service-list Answer: D Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms
What are two method of preventing DoS attacks on your network? (Choose two.)
B. Implement shaping on the perimeter router
C. Disable the ICMP Unreachable response on the loopback and Null0 interfaces
D. Decrees the ICMP Unreachable massage interval
E. Implement CWBQ on the perimeter router
What protocol does SMTPS use to secure SMTP connections?
B. TLS
C. Telnet
D. SSH
Refer to the exhibit, you executed the show crypto key mypubkeyrsa command to verify that the RSA key is protected and it generated the given output. What command must you have entered to protect the key?
B. crypto key decrypt rsa name pki.cisco.com passphrase CiscoPKI
C. crypto key import rsa pki.cisco.com pern url nvram: CiscoPKI
D. crypto key zeroize rsa CiscoPKI
E. crypto key lock rsa name pki.cisco.com passphrase CiscoPKI
All of these Cisco security products provide event correlation capabilities excepts which one?
B. Cisco Guard/Detector
C. Cisco ASA adaptive security appliance
D. Cisco IPS
E. Cisco Security Agent.
Refer to the exhibit, which configuration prevents R2 from become a PIM neighbor with R1?
!
Interface gi0/0
Ippim neighbor-filter 1
B. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ipigmp access-group 10
C. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippimneighbour-filter 10
D. Access-list 10 permit 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 10
Which two certificate enrollment methods can be completed without an RA and require no direct connection to a CA by the end entity? (Choose two.)
B. TFTP
C. manual cut and paste
D. enrollment profile with direct HTTP
E. PKCS#12 import/export
Which two statements about the MD5 Hash are true? (Choose two.)
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.
Which three statement about VRF-Aware Cisco Firewall are true? (Choose three.)
B. It supports both global and per-VRF commands and DoS parameters.
C. It can support VPN networks with overlapping address ranges without NAT.
D. It enables service providers to implement firewalls on PE devices.
E. It can generate syslog massages that are visible only to individual VPNs.
F. It enables service providers to deploy firewalls on customer devices.
Refer to the exhibit. What is the meaning of the given error message?
B. The pre-shared keys are mismatched.
C. The mirrored crypto ACLs are mismatched.
D. IKE is disabled on the remote peer.
Which two value must you configure on the cisco ASA firewall to support FQDN ACL? (Choose two.)
B. A Service policy
C. An FQDN object
D. A Class map
E. A services object
F. A policy map
Refer to the exhibit. Which effect of this configuration is true?
B. Host_1 selects R2 as its default router and load balances between R2 and R3
C. Host_1 learns about R2 and R3 only and prefers R3 as its default router
D. Host_1 learns about R1,R2 and R3 and load balances between them
E. Host_1 learns about R1, R2 and R3 and prefers R2 as its default router
Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
B. The ASA supports policy-based routing with route maps
C. Routes to the Null0 interface cannot be configured to black-hole traffic
D. The translations table cannot override the routing table for new connections
Which two statement about router Advertisement message are true? (Choose two.)
B. Each prefix included in the advertisement carries lifetime information f Or that prefix.
C. Massage are sent to the miscast address FF02::1.
D. It support a configurable number of retransmission attempts for neighbor solicitation massage.
E. Flag setting are shared in the massage and retransmitted on the link.
F. Router solicitation massage are sent in response to router advertisement massage.
Refer to the exhibit. Which effect of this configuration is true?
B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.
C. NUD retransmits Neighbor Solicitation messages every 4 seconds.
D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.
E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.
F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.
What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two.)
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Which two statement about the multicast addresses query message are true? (Choose two.)
B. They are used to discover the multicast group to which listeners on a link are subscribed
C. They are used to discover whether a specified multicast address has listeners
D. They are send unsolicited when a node initializes the multicast process
E. They are usually sent only by a single router on a link
F. They are sent when a node discover a multicast group
Refer to the exhibit. What IPSec function does the given debug output demonstrate?
B. setting SPIs to pass traffic
C. PFS parameter negotiation
D. crypto ACL confirmation
Drag and Drop Question
Drag each MACsec term on the left to the right matching statement on the right.
IANA is responsible for which three IP resources? (Choose three.)
B. Detection of spoofed address
C. Criminal prosecution of hackers
D. Autonomous system number allocation
E. Root zone management in DNS
F. BGP protocol vulnerabilities
When you are configuring QoS on the Cisco ASA appliance. Which four are valid traffic selection criteria? (Choose four.)
B. qos-group
C. DSCP
D. VPN group
E. tunnel group
F. IP precedence
Which two statements about the anti-replay feature are true? (Choose two.)
B. By default, the receiver uses a single 64-packet sliding window
C. The sender assigns two unique sequence numbers to each clear-text packet
D. The sender assigns two unique sequence numbers to each encrypted packet
E. the receiver performs a hash of each packet in the window to detect replays
F. The replay error counter is incremented only when a packet is dropped
You have configured a DMVPN hub and spoke a follows (assume the IPsec profile "dmvpnprofile" is configured correctly):
With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?
B. Modify the NHRP hold times to match on the hub and spoke
C. Modify the NHRP network IDs to match on the hub and spoke
D. Modify the tunnel keys to match on the hub and spoke
Which of the following is one of the components of cisco Payment Card Industry Solution?
B. Risk Assessment
C. Monitoring
D. Disaster Management
Which two statements about the DH group are true? (Choose two.)
B. The DH group is negotiated in IPsec phase-1.
C. The DH group is used to provide data confidentiality.
D. The DH group is used to establish a shared key over an unsecured medium.
E. The DH group is negotiated in IPsec phase-2.
Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?
B. nameConstrainsts
C. id-pe-ipAddrBlocks
D. Id-pe-autonomousSyslds
E.
F. Ia-ad-calssuers
keyUsage
A server with Ip address 209.165.202.150 is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface. User on the internet need to access the server at any time but the firewall administrator does not want to apply NAT to the address of the server because it is currently a public address, which three of the following command can be used to accomplish this? (Choose three.)
B. nat (inside) 1 209.165.202.150 255.255.255.255
C. no nat-control
D. nat (inside) 0 209.16S.202.150 255.255.255.255
E. static (outside.insid) 209.165.202.150 209.165.202.150 netmask 255.255.255.255
F. access-tist no-nat permit ip host 209.165.202.150 any nat (inside) 0 access-list no-nat
Which three statements about RLDP are true? (Choose three.)
B. It detects rogue access points that are connected to the wired network
C. The AP is unable to serve clients while the RLDP process is active
D. It can detect rogue APs operating only on 5 GHz
E. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network
F. It can detect rogue APs that use WEP encryption
Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?
B. The signature belongs to the IOS IPS Advanced category.
C. There is insufficient memory to compile the signature.
D. The signature is retired.
E. Additional signature must be complied during the compiling process.
Which command sequence can you enter to enable IP multicast for WCCPv2?
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
B. Router(config)#ip wccp web-cache group-list
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
C. Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache redirect in
D. Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
E. Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache redirect out
Post date: 2017-02-13 10:48:07
Post date GMT: 2017-02-13 10:48:07
Post modified date: 2017-02-13 10:48:07
Post modified date GMT: 2017-02-13 10:48:07
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com