2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass.com providing 100% 400-251 exam passing guarantee with real exam questions. We are providing here outstanding braindumps for your 400-251 exam. With the Help of our exam dumps you can get more than 95%.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html
Which two statements about DTLS are true?(Choose two)
A. It uses two simultaneous IPSec tunnels to carry traffic.
B. If DPD is enabled, DTLS can fall back to a TLS connection.
C. Because it requires two tunnels, it may experience more latency issues than SSL connections.
D. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
E. It is disabled by default if you enable SSL VPN on the interface.
Check the section “Configuring DTLS” in this document:
Refer to the exhibit, which two Statements about the given Configuration are true? (Choose two)
A. It is an inbound policy.
B. It will allow 184.108.40.206 to connect to 220.127.116.11 on an IMAP port.
C. It will allow 18.104.22.168 to connect to 22.214.171.124 on an RDP port.
D. It will allow 126.96.36.199 to connect to 188.8.131.52 on an RDP port.
E. It will allow 184.108.40.206 to connect to 220.127.116.11 on a VNC port.
F. It is an outbound policy.
What command can you use to protect a router from TCP SYN-flooding attacks?
A. ip igmp snooping
B. rate-limit input <bps><burst-normal><Burst-max>
C. ip tcp intercept list <access-list>
D. ip dns spoofing <ip-address>
E. police <bps>
Refer to the exhibit, what is the effect of the given configuration?
A. It will Drop all TTL packet with a value of 14 in the IP header field.
B. It will Drop all TTL packet with a TTL value less than 14.
C. It will Drop all TTL packet with a TTL value of 15 or more.
D. It will Drop all TTL packet with a TTL value of 14 or more.
If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?
Which three statements about the SHA-2 algorithm are true? (Choose three)
A. It provides a variable-length output using a collision-resistant cryptographic hash.
B. It provides a fixed-length output using a collision-resistant cryptographic hash.
C. It is used for integrity verification.
D. It generates a 160-bit message digest.
E. It is the collective term for the SHA-224, SHA-256, SHA-384, and SHA-512 algorithms.
F. It generates a 512-bit message digest.
Drag and Drop Question
Drag and drop each RADIUS packet field on the left onto the matching decription on the right.
Which three of these situation warrant engagement of a security incident Response team?(Choose three)
A. damage to computer/network resources
B. pornographic biogs’websites
C. computer or network misuse/abuse
D. denial of service (DoS)
E. loss of data confidentialitymtegrity
What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)
You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch’s port mode to trunk?
Refer to the exhibit. Which statement about the router R1 is true?
A. Its private-config is corrupt.
B. Its NVRAM contains public and private crypto keys.
C. Its running configuration is missing.
D. RMON is configured.
Refer to the Exhibit. What is the effect of the given ACL policy ?
A. The policy will deny all IPv6 eBGP session.
B. The policy will disable IPv6 source routing.
C. The policy will deny all IPv6 routing packet.
D. The policy will deny all IPv6 routed packet.
Which three statements about the RSA algorithm are true? (Choose three.)
A. The RSA algorithm provides encryption but not authentication.
B. The RSA algorithm provides authentication but not encryption.
C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.
D. The private key is never sent across after it is generated.
E. The public key is used to decrypt the message that was encrypted by the private key.
F. The private key is used to decrypt the message that was encrypted by the public key.
Which of these is a core function of the risk assessment process? (Choose one.)
A. performing regular network upgrades
B. performing network optimization
C. performing network posture validation
D. establishing network baselines
E. prioritizing network roll-outs
Which two router configurations block packets with the Type 0 Routing header on the interface? (Choose two)
A. Ipv6 access-list Deny_Loose_Routing
permit ipv6 any any routing-type 0
deny ipv6 any any
ipv6 traffic-filter Deny_Loose_Source_Routing in
B. Ipv6 access-list-Deny_Loose_Source_Routing
Deny ipv6 FE80::/10 any mobility -type bind-refresh
Affic-filter Deny_Loose_Source_Routing in
C. Ipv6 access-list Deny_Loose_Source_Routing
Deny ipv6 any any routing-type 0
Permit ipv6 any any
Ipv6 traffic -filter Deny_Loose_Routing in
D. Ipv6 access -list Deny_Loose_Source_Routing
Deny ipv6 any FE80: :/10 routing -type 0
Deny ipv6 any any routing -type 0
Permit ipv6 any any
Interface FastEthernet t0/0
Ipv6 traffic -filter Deny_Loose_Source_Routing in
E. Ipv6 access -list Deny_Loose_Source_Routing
Sequence 1 deny ipv6 any any routing -type 0 log-input
Sequence 2 permit ipv6 any any flow -label 0 routing interface Fastethernet0/0
Ipv6 traffic-filter Deny_Loose_Source_Routing in
What protocol provides security for datagram protocols?
Which two options are open-source SDN controllers? (Choose two)
C. Big Cloud Fabric
D. Virtual Application Networks SDN Controller
E. Application Policy Infrastructure Controller
Which current RFC made RFCs 2409, 2407, and 2408 obsolete?
A. RFC 4306
B. RFC 2401
C. RFC 5996
D. RFC 4301
E. RFC 1825
Refer to the exhibit. Which effect of this configuration is true?
A. It enables MLD query messages for all link-local groups.
B. It configures the node to generate a link-local group report when it joins the solicited- node multicast group.
C. It enables hosts to send MLD report messages for groups 18.104.22.168/24.
D. it enables local group membership for MLDv1 and MLDv2.
E. It enables the host to send MLD report messages for nonlink local groups.
Which technology builds on the vPathconcept and can be used in virtual and physical environments?
Which two statements about header attacks are true?(Choose two)
A. An attacker can use IPv6 Next Header attacks to steal user data and launch phishing attacks.
B. An attacker can use HTTP Header attacks to launch a DoS attack.
C. An attacker can execute a spoofing attack by populating the RH0 routing header subtype with multiple destination addresses.
D. An attacker can leverage an HTTP response header to write malicious cookies.
E. An attacker can leverage an HTTP response header to inject malicious code into an application layer.
F. An attacker can use vulnerabilities in the IPv6 routing header to launch attacks at the application layer.
Refer to the exhibit. Routers R1, R2, and R3 have IPv6 reachability, and R1 and R3 are able to ping each other with the IPv6 global unicast address.
However, R1 and R3 are unable to ping each other with their link-local addresses.
What is a possible reason for the problem?
A. Link-local addresses can communicate with neighboring interfaces.
B. Link-local addresses are forwarded by IPv6 routers using loopback interfaces.
C. Link-local addresses can be used only with a physical interface’s local network.
D. Multicast must be enabled to allow link-local addresses to traverse multiple hops.
What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?
A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater
B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets
C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes
D. It configures the interface to fragment packets on connections with MTUs of 1024 or less
E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes
Which Two statement about the PCoIP protocol are true? (Choose two)
A. It support both loss and lossless compression
B. It is a client-rendered, multicast-codec protocol.
C. It is available in both software and hardware.
D. It is a TCP-based protocol.
E. It uses a variety of codec to support different operating system.
Drag and Drop Question
Drag the step in the SCEP workflow on the left into the correct order of operation on the right.
Lead2pass.com is best place to prepare your 400-251 exam with 100% reliable study guide. We are providing free sample questions here so you can check our study guide quality.
400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDMERESjlYcVlZNWs
2017 Cisco 400-251 exam dumps (All 470 Q&As) from Lead2pass:
https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]