This page was exported from PassLeader VCE Dumps and PDF Dumps for Free [ https://www.testkingvce.com ] Export date:Fri Mar 29 15:40:32 2024 / +0000 GMT ___________________________________________________ Title: [Free-Dumps] Latest Update PassLeader 400-251 Exam Dumps For Free Download (Question 1 – Question 30) --------------------------------------------------- New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms QUESTION 1According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery? A.    Allow only POST requests.B.    Mark all cookies as HTTP only.C.    Use per-session challenge tokens in links within your web application.D.    Always use the "secure" attribute for cookies.E.    Require strong passwords. Answer: C QUESTION 2What is the maximum pattern length supported by FPM searches within a packet? A.    256 bytesB.    128 bytesC.    512 bytesD.    1500 bytes Answer: A QUESTION 3Which two statements about role-based access control are true? (Choose two.) A.    Server profile administrators have read and write access to all system logs by default.B.    If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.C.    A view is created on the Cisco IOS device to leverage role-based access controls.D.    Network administrators have read and write access to all system logs by default.E.    The user profile on an AAA server is configured with the roles that grant user privileges. Answer: DE QUESTION 4Which three global correlation feature can be enabled from cisco IPD device manager (Cisco IDM)? (Choose three.) A.    Network ReputationB.    Global Data InteractionC.    Signature CorrelationD.    Reputation FilteringE.    Global Correlation InspectionF.    Data ContributionG.    Reputation Assignment Answer: CDE QUESTION 5According to RFC 4890, which three message must be dropped at the transit firewall/router? (Choose three.) A.    Router Renumbering (Type 138)B.    Node Information Query (Type 139)C.    Router Solicitation (Type 133)D.    Node information Response (Type 140)E.    Router Advertisement (Type 134)F.    Neighbor Solicitaion (Type 135) Answer: ABD QUESTION 6What is the effect of the following command on Cisco IOS router?ip dns spoofing 1.1.1.1 A.    The router will respond to the DNS query with its highest loopback address configuredB.    The router will respond to the DNS query with 1.1.1.1 if the query id for its own hostnameC.    The router will respond to the DNS query with the IP address of its incoming interface for any hostname queryD.    The router will respond to the DNS query with the IP address of its incoming interface for its own hostname Answer: D QUESTION 7Which two options are differences between automation and orchestration? (Choose two.) A.    Automation is to be used to replace human interventionB.    Automation is focused on automating a single or multiple tasksC.    Orchestration is focused on an end-to-end process or workflowD.    Orchestration is focused on multiple technologies to be integrated togetherE.    Automation is an IT workflow composed of tasks, and Orchestration is a technical task Answer: BC QUESTION 8Refer to the exhibit. What is the effect of the given configuration? A.    It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.B.    It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to 3600 milliseconds.C.    It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.D.    It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.E.    It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond. Answer: E QUESTION 9What are two characteristics of RPL, used in loT environments? (Choose two.) A.    It is an Exterior Gateway ProtocolB.    It is a Interior Gateway ProtocolC.    It is a hybrid protocolD.    It is link-state protocolE.    It is a distance-vector protocol Answer: BE QUESTION 10In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource-limited by default when their context is a member of the default class? (Choose three.) A.    Telnet sessionsB.    ASDM sessionsC.    IPSec sessionsD.    SSH sessionsE.    TCP sessionsF.    SSL VPN sessions Answer: ABD QUESTION 11Drag and Drop QuestionDrag each OSPF security feature on the left to its description on the right. Answer: QUESTION 12Which VPN technology is based on GDOI (RFC 3547)? A.    MPLS Layer 3 VPNB.    MPLS Layer 2 VPNC.    GET VPND.    IPsec VPN Answer: C QUESTION 13Which statement about the 3DES algorithm is true? A.    The 3DES algorithm uses the same key for encryption and decryption.B.    The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption.C.    The 3DES algorithm is a block cipher.D.    The 3DES algorithm uses a key length of 112 bits.E.    The 3DES algorithm is faster than DES due to the shorter key length. Answer: C QUESTION 14Which significant change to PCI DSS standards was made in PCI DSS version 3.1? A.    No version of TLS is now considered to provide strong cryptography.B.    Storage of sensitive authentication data after authorization is now permitted when proper encryption is applied.C.    Passwords are now required to be changed at least once every 30 days.D.    SSL is now considered a weak cryptographic technology.E.    If systems that are vulnerable to POODLE are deployed in an organization, a patching and audit review process must be implemented. Answer: D QUESTION 15Refer to the Exhibit, what is a possible reason for the given error? A.    One or more require application failed to respond.B.    The IPS engine is busy building cache files.C.    The IPS engine I waiting for a CLI session to terminate.D.    The virtual sensor is still initializing. Answer: D QUESTION 16Which three statements about the keying methods used by MAC Sec are true? (Choose three.) A.    MKA is implemented as an EAPoL packet exchange.B.    SAP is enabled by default for Cisco TrustSec in manual configuration mode.C.    SAP is supported on SPAN destination ports.D.    Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA.E.    SAP is not supported on switch SVIs.F.    A valid mode for SAP is NULL. Answer: ABF QUESTION 17Which two statements about Cisco ASA authentication using LDAP are true? (Choose two.) A.    It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attributeB.    It uses AD attribute maps to assign users to group policies configured under the WebVPN contextC.    The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policiesD.    It can assign a group policy to a user based on access credentialsE.    It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASAF.    It is a closed standard that manages directory-information services over distributed networks Answer: AB QUESTION 18Drag and Drop QuestionDrag each IPS signature engine on the left to its description on the right. Answer: QUESTION 19With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails Registration will continue to fail until you do which of these? A.    Modify the NHRP network IDs to match on the hub and spoke.B.    configure the ip nhrp caches non-authoritative command on the hub's tunnel interface.C.    modify the tunnel keys to match on the hub and spoke.D.    modify the NHRP hold time to match on the hub and spoke. Answer: C QUESTION 20Which three statements are true regarding Security Group Tags? (Choose three.) A.    When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.B.    When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.C.    Security Group Tags are a supported network authorization result using Cisco ACS 5.x.D.    Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.E.    A Security Group Tag is a variable length string that is returned as an authorization result. Answer: ACD QUESTION 21Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two.) A.    It provides backward compability with legacy IPv6 inspection.B.    It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.C.    It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.D.    It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.E.    It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.F.    It provide backward compatibility with legacy IPv4 inseption. Answer: AB QUESTION 22In which class of applications security threads does HTTP header manipulation reside? A.    Session managementB.    Parameter manipulationC.    Software tamperingD.    Exception managements Answer: A QUESTION 23What is the most commonly used technology to establish an encrypted HTTP connection? A.    the HTTP/1.1 Upgrade headerB.    the HTTP/1.0 Upgrade headerC.    Secure Hypertext Transfer ProtocolD.    HTTPS Answer: D QUESTION 24What functionality is provided by DNSSEC? A.    origin authentication of DNS dataB.    data confidentiality of DNS queries and answersC.    access restriction of DNS zone transfersD.    storage of the certificate records in a DNS zone file Answer: A QUESTION 25What are the two mechanism that are used to authenticate OSPFv3 packets?(Choose two.) A.    MD5B.    ESPC.    PLAIN TEXTD.    AHE.    SHA Answer: BD QUESTION 26You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:(A) You need two customer contexts, named contextA and contextB(B) Allocate interfaces G0/0 and G0/1 to contextA(C) Allocate interfaces G0/0 and G0/2 to contextB(D) The physical interface name for G0/1 within contextA should be "inside"(E) All other context interfaces must be viewable via their physical interface namesIf the admin context is already defined and all interfaces are enabled, which command set will complete this configuration? A.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 visibleallocate-interface GigabitEthernet0/1 insidecontext contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 visibleallocate-interface GigabitEthernet0/2 visibleB.    context contextaconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 visibleallocate-interface GigabitEthernet0/1 insidecontext contextbconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 visibleallocate-interface GigabitEthernet0/2 visibleC.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 invisibleallocate-interface GigabitEthernet0/1 insidecontext contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 invisibleallocate-interface GigabitEthernet0/2 invisibleD.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0allocate-interface GigabitEthernet0/1 insidecontext contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0allocate-interface GigabitEthernet0/2E.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 visibleallocate-interface GigabitEthernet0/1 insidecontext contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/1 visibleallocate-interface GigabitEthernet0/2 visible Answer: A QUESTION 27Which statement about the cisco anyconnect web security module is true? A.    It is VPN client software that works over the SSl protocol.B.    It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.C.    It operates as an NAC agent when it is configured with the Anyconnect VPN client.D.    It is deployed on endpoints to route HTTP traffic to SCANsafe. Answer: D QUESTION 28Which two statements about the SeND protocol are true? (Choose two.) A.    It uses IPsec as a baseline mechanismB.    It supports an autoconfiguration mechanismC.    It must be enabled before you can configure IPv6 addressesD.    It supports numerous custom neighbor discovery messagesE.    It counters neighbor discovery threatsF.    It logs IPv6-related threats to an external log server Answer: BE QUESTION 29Drag and Drop QuestionDrag each attack type on the left to the matching attack category on the right. Answer: QUESTION 30Refer to the exhibit. You executed the show crypto key mypubkey rsa command to verify that the RSA key is protected and it generated the given output. What command must you have entered to protect the key? A.    crypto key decrypt rsa name pki.cisco.com passphrase CiscoPKIB.    crypto key zeroize rsa CiscoPKIC.    crypto key export ras pki.cisco.com pem url flash: 3des CiscoPKID.    crypto key lock rsa name pki.cisco.com passphrase CiscoPKIE.    crypto key import rsa pki.cisco.com pem url nvram: CiscoPKI Answer: D Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-02-13 08:14:29 Post date GMT: 2017-02-13 08:14:29 Post modified date: 2017-02-13 08:14:29 Post modified date GMT: 2017-02-13 08:14:29 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com