[May 2018] 100% Pass Lead2pass 400-251 New Questions Free Version 359q

100% Valid Lead2pass Cisco 400-251 New Questions Free Version:

https://www.lead2pass.com/400-251.html

QUESTION 31
Refer to the exhibit. What is the effect of the given command sequence? Read More …

[April 2018] Lead2pass Cisco 400-251 Exam Dumps Free Download 359q

Lead2pass Cisco 400-251 Latest Exam Dumps Download:

https://www.lead2pass.com/400-251.html

QUESTION 21
Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)

211

A.    It provides backward compability with legacy IPv6 inspection
B.    It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.
C.    It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.
D.    It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.
E.    It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.
F.    It provide backward compatibility with legacy IPv4 inseption.

Answer: AB

QUESTION 22
In which class of applications security threads does HTTP header manipulation reside?

A.    Session management
B.    Parameter manipulation
C.    Software tampering
D.    Exception managements

Answer: B
Explanation:
http://www.cgisecurity.com/owasp/html/ch11s04.html
Session management doesn’t have anything to do with HTTP header

QUESTION 23
What is the most commonly used technology to establish an encrypted HTTP connection?

A.    the HTTP/1.1 Upgrade header
B.    the HTTP/1.0 Upgrade header
C.    Secure Hypertext Transfer Protocol
D.    HTTPS

Answer: D

QUESTION 24
What functionality is provided by DNSSEC?

A.    origin authentication of DNS data
B.    data confidentiality of DNS queries and answers
C.    access restriction of DNS zone transfers
D.    storage of the certificate records in a DNS zone file

Answer: A

QUESTION 25
What are the two mechanism that are used to authenticate OSPFv3 packets?(Choose two)

A.    MD5
B.    ESP
C.    PLAIN TEXT
D.    AH
E.    SHA

Answer: BD

QUESTION 26
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

(A) You need two customer contexts, named contextA and contextB
(B) Allocate interfaces G0/0 and G0/1 to contextA
(C) Allocate interfaces G0/0 and G0/2 to contextB
(D) The physical interface name for G0/1 within contextA should be “inside”.
(E) All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

A.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
B.    context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
C.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/2 invisible
D.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/2
E.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible
allocate-interface GigabitEthernet0/2 visible

Answer: A

QUESTION 27
Which statement about the cisco anyconnect web security module is true ?

A.    It is VPN client software that works over the SSl protocol.
B.    It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.
C.    It operates as an NAC agent when it is configured with the Anyconnect VPN client.
D.    It is deployed on endpoints to route HTTP traffic to SCANsafe

Answer: D

QUESTION 28
Which two statements about the SeND protocol are true? (Choose two)

A.    It uses IPsec as a baseline mechanism
B.    It supports an autoconfiguration mechanism
C.    It must be enabled before you can configure IPv6 addresses
D.    It supports numerous custom neighbor discovery messages
E.    It counters neighbor discovery threats
F.    It logs IPv6-related threats to an external log server

Answer: BE

Explanation:
http://www.cisco.com/c/en/us/td/docs/security/ips/6-1/configuration/guide/cli/cliguide/cli_signature_engines.html#wp1141808

400-251 dumps full version (PDF&VCE): https://www.lead2pass.com/400-251.html

Large amount of free 400-251 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8

[February 2018] Official 400-251 Exam Preparation Download From Lead2pass 727q

Pass 400-251 Exam By Exercising Lead2pass Latest 400-251 VCE And PDF Dumps:

https://www.lead2pass.com/400-251.html

QUESTION 11
Drag and Drop Question
Drag each OSPF security feature on the left to its description on the right. Read More …

[January 2018] 100% Pass Lead2pass 400-251 New Questions Free Version 727q

100% Valid Lead2pass Cisco 400-251 New Questions Free Version:

https://www.lead2pass.com/400-251.html

QUESTION 1
According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?

A.    Allow only POST requests.
B.    Mark all cookies as HTTP only.
C.    Use per-session challenge tokens in links within your web application.
D.    Always use the “secure” attribute for cookies.
E.    Require strong passwords. Read More …

[Lead2pass New] Lead2pass Latest 400-251 PDF Guarantee 100% Pass 400-251 Exam (426-450)

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

We never believe in second chances and Lead2pass brings you the best 400-251 Exam Questions which will make you pass in the first attempt. We guarantee all questions and answers in our 400-251 Dumps are the latest released, we check all exam dumps questions from time to time according to Cisco Official Center, in order to guarantee you can read the latest questions!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 426
Refer to the exhibit. Which two statements about a device with this configuration are true? (Choose two)

 

A.    When a peer re-establishes a previous connection to the device.
CTS retains all existing SGT mapping entries for 3 minutes
B.    If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts
C.    If a peer re-establishes a connection to the device before the hold-down tier expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes
D.    It sets the internal hold-down timer of the device to 3 minutes
E.    When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes
F.    If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts

Read More …

[Lead2pass New] Lead2pass Latest 400-251 PDF Guarantee 100% Pass 400-251 Exam (376-400)

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

After purchasing the dumps for the 400-251 Exam from Lead2pass, I had no doubt that I’d easily pass the exam. Bundle of thanks to Lead2pass for helping me pass the exam without any troubles.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 376
Which two statements about 802.1X components are true? (Choose two.)

A.    The access layer switch is the policy enforcement point.
B.    The certificates that are used in the client-server authentication process are stored on the access switch
C.    The RADIUS server is the policy enforcement point.
D.    The RADIUS server is the policy information point
E.    The RADIUS server is the policy decision point.
F.    An LDAP server can serve as the policy enforcement point.

Read More …

[Lead2pass New] Lead2pass Latest 400-251 PDF Guarantee 100% Pass 400-251 Exam (351-375)

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass is now offering Lead2pass 400-251 dumps PDF and Test Engine with 100% passing guarantee. Buy Lead2pass 400-251 PDF and pass your exam easily. If you want real exam simulation then buy test engine and install on your pc for preparation.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 351
Which effect of the ip nhrp map multicast dynamic command is true?

A.    It configures a hub router to automatically add spoke routers to the multicast replication list of the hub
B.    It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs.
C.    it enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel
D.    It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface

Read More …

[Lead2pass New] Lead2pass Latest 400-251 PDF Guarantee 100% Pass 400-251 Exam (326-350)

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

We offer the most current and best training materials of the 400-251 certification Q&A , Practice Software, Study Packs, Preparation Labs and Audio Training you are looking for. Our online certification training offers you quick and cost-efficient way to train and become a certified professional in IT industry.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 326
What is the first step in performing a risk assessment?

A.    Identifying critical services and network vulnerabilrties and determining the potential impact of their compromise or failure.
B.    Investigating reports of data theft or security breaches and assigning responsibility.
C.    Terminating any employee believed to be responsible for compromising security.
D.    Evaluating the effectiveness and appropriateness of the organization’s current risk-managemept activities.
E.     Establishing a security team to perform forensic examinations of previous known attacks.

Answer: A

QUESTION 327
What command can you use to display the number of malformed messages received by a DHCP server?

A.    show ip dhcp relay information trusted-sources
B.    show ip dhcp server statistics
C.    show ip dhcp conflict
D.    show ip dhcp binding
E.     show ip dhcp database

Answer: B

QUESTION 328
Which of the following are-two valid TLS message content types? (Choose two.)

A.    Alert
B.    Application data
C.    Proxy
D.    Identity
E.     Notification DynamiD
F.     Success

Answer: AB

QUESTION 329
What are the two most common methods that security auditors use to assess an organization’s security processes? (Choose two)

A.    social engineering attempts
B.    interviews
C.    policy assessment
D.    penetration testing
E.     document review
F.     Physical observation

Answer: BF
Explanation:
Check out the section called “Auditing security practices”, namely the block for “Security process review”:
http://www.ciscopress.com/articles/article.asp?p=1606900&seqNum=2

QUESTION 330
All of these are avialable from Cisco IPS Device Manager (Cisco IDM) except which one?

A.    Top Signatures
B.    Sensor Information
C.    Interface Status
D.    Global Correlation Reports
E.    CPU. Memory and Load

Answer: A

QUESTION 331
What SNMPv3 command disable descriptive error message?

A.    snmp-server trap link switchover
B.    snmp-server ifindex persist
C.    snmp-server inform
D.    snmp-server usm cisco

Answer: D

QUESTION 332
Refer to the exhibit. Which line in the given configuration contains a locally significant value?

 

A.    tunnel key 123
B.    ip nhrp authentication cisco
C.    ip nhrp map multicast 150.1.1.1
D.    ip nhrp holdtime 60
E.    ip nhrp network-id 123

Answer: E

QUESTION 333
What are the three flag bits in an IPv4 header? (Choose three.)

A.    TTL
B.    Unused
C.    Record Route
D.    DF
E.    MF
F.    Timestamp

Answer: BDE

QUESTION 334
Which two parameters can the HostScan feature scan before users log m? (Choose two)

A.    whether specific files are present
B.    whether a proxy service is configured on a Linux host
C.    whether specific IPv4 and IPv6 addresses are assigned
D.    whether specific certificate authorities are configured
E.    whether a specific keychain entry exists on an OS X host

Answer: AC

QUESTION 335
Refer to the exhibit. You have configured an NDAC seed switch as shown, but the switch is failing to allow other switches to securely join the domain What command must you add to the seed switch’s configuration to enable secure RADIUS communication?

 

A.    Seed-Switch(config)#radius.server host 10.1.1.2 auth-port 1812 acct-port 1813 test username ndac-test pac key Cisco123
B.    Seed-Switch(config)#radius-server vsa send accounting
C.    Seed-Switch(config)#aaa preauth
D.    Seed-Switch(config)#no dot1x system-auth-control
E.    Seed-Switch(config)#radius-server host non-standard
F.    Seed-Switch(config)#aaa authentication dot1x default group local

Answer: A

QUESTION 336
Refer to the exhibit. What is the effect of the given command?

 

A.    It enables CoPP on the FastEthernet 0/0 interface for SSH and SNMP management traffic.
B.    It enables MPP on the FastEthernet 0/0 interface for SSH and SNMP management traffic and CoPP for all other protocols.
C.    It enables MPP on the FastEthernet 0/0 interface, allowing only SSH and SNMP management traffic.
D.    It enables QoS policing on the control plane of the FasEthernet 0/0 interface.
E.    It enables MPP on the FastEthernet 0/0 interface by enforcing rate-limiting for SSH and SNMP management traffic.

Answer: C

QUESTION 337
Which two statements about SCEP are true? (Choose two)

A.    CA servers must support GetCACaps response messages in order to implement extended functionality
B.    The GetCRL exchange is signed and encrypted only in the response direction.
C.    It is vulnerable to downgrade attacks on its cryptographic capabilities
D.    The GetCert exchange is signed and encrypted only in the response direction.
E.    The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.

Answer: AC

QUESTION 338
Which two events can cause a failover event on an active/standby setup? (Choose two.)

A.    The active unit experiences interface failure above the threshold.
B.    The unit that was previously active recovers.
C.    The stateful failover link fails.
D.    The failover link fails.
E.    The active unit fails

Answer: AE

QUESTION 339
Which two statements about the MACsec security protocol are true? (choose two.)

A.    Stations broadcast an MKA heartbeat that contains the key server priority
B.    The SAK is secured by 128 bit AES-GCM by default
C.    When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM
D.    MACsec is not supported in MDA mode.
E.    MKA heartbeats are sent at a default interval of 3 seconds.

Answer: AB

QUESTION 340
Which two options are benefits of network summarization? (Choose two.)

A.    It can summarize discontiguous IP addresses.
B.    It can easily be added to existing networks
C.    it can increase the convergence of the network
D.    It reduces the number of routes
E.    It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.

Answer: DE

QUESTION 341
Refer to the exhibit. Which meaning of this error message on a Cisco ASA is true?

 

A.    The route map redistribution is configured incorrectly.
B.    The default route is undefined.
C.    A packet was denied and dropped by an ACL.
D.    The host is connected directly to the firewall

Answer: B

QUESTION 342
Which two statements about uRPF are true? (Choose two.)

A.    The administrator can configure the allow-default command to force the routing table to use only the default route
B.    It is not supported on the Cisco ASA security appliance.
C.    The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work routing groups.
D.    The administrator can use the show cef interface command to determine whether uRPF is enabled
E.    In strict mode, only one routing path can be available to reach network devices on a subnet

Answer: AD

QUESTION 343
Which type of header attack is detected by Cisco ASA basic threat detection?

A.    connection limit exceeded
B.    denial by access list
C.    failed application inspection
D.    bad packet format

Answer: D

QUESTION 344
Refer to the exhibit. A user authenticates to the NAS, which communicates to the VACACS+ server authentication. The TACACS+ SERVER Then accesses the Active Directory Server through the ASA firewall to validate the user credentials.
Which protocol-port pair must be allowed access through the ASA firewall?

 

A.    SMB over TCP 455
B.    DNS over UDP 53
C.    LDAP over UDP 389
D.    global catalog over UDP 3268
E.    TACACS+ over TCP 49
F.    DNS over TCP 53

Answer: C

QUESTION 345
Which WEP configuration can be exploited by a weak IV attack?

A.    When the static WEP password has been stored without encryption
B.    When a per-packet WEP key is in use
C.    When a 64-bit key is in use
D.    When the static WEP password has been given away
E.    When a 40-bit key is in use
F.    When the same WEP key is used to create every pack

Answer: F

QUESTION 346
Which two statements about Botnet Traffic Filter snooping are true? (Choose two)

A.    It requires DNS packet inspection to be enabled to filter domain names in the dynamic database.
B.    It requires the Cisco ASA DNS server to perform DNS lookups.
C.    It can inspect both IPv4 and IPv6 traffic.
D.    It can log and block suspicious connections from previously unknown bad domains and IP addresses
E.    It checks inbound traffic only
F.    It checks inbound and outbound traffic.

Answer: AF

QUESTION 347
Which three statements about SXP are true? (Choose three )

A.    It resides in the control plane, where connections can be initiated from a listener
B.    Packets can be tagged with SGTs only with hardware support
C.    Each VRF supports only one CTS-SXP connection
D.    To enable an access device to use IP device tracking to learn source device IP addresses.
DHCP snooping must be configured.
E.    The SGA ZBPF uses the SGT to apply forwarding decisions
F.    Separate VRFs require different CTS-SXP peers, but they can use the same source IP addresses.

Answer: BCE

QUESTION 348
Which file extensions are supported on the Firesight Management Center 3.1 file policies that can be analyzed dynamically using the Threat Grid Sandbox integration?

A.    MSEXE , MSOLE2 , NEW-OFFICE ,PDF
B.    DOCX , WAV , XLS , TXT
C.    TXT , MSOLE2 , WAV, PDF
D.    DOC, MSOLE2, XML, PDF

Answer: A

QUESTION 349
Refer to the exhibit You applied this VPN cluster configuration to a Cisco ASA and the cluster failed to form How do you edit the configuration to correct the problem?

 

A.    Define the maximum allowable number of VPN connections.
B.    Define the master/slave relationship.
C.    Configure the cluster IP address.
D.    Enable load balancing.

Answer: C

QUESTION 350
Which effect of the crypto pki authenticate command is true?

A.    It sets the certificate enrollment method.
B.    It retrieves and authenticates a CA certificate.
C.    It configures a CA trust point.
D.    It displays the current CA certificate.

Answer: B

The strength of our 400-251 dumps is the constant update that we perform to keep abreast with the market trends and changes. Our 400-251 exam question is not only the best option for certification but also enhances your skill to an advance level.

400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8

2017 Cisco 400-251 exam dumps (All 636 Q&As) from Lead2pass:

https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

We offer the most current and best training materials of the 400-251 certification Q&A , Practice Software, Study Packs, Preparation Labs and Audio Training you are looking for. Our online certification training offers you quick and cost-efficient way to train and become a certified professional in IT industry.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 326
What is the first step in performing a risk assessment?

A.    Identifying critical services and network vulnerabilrties and determining the potential impact of their compromise or failure.
B.    Investigating reports of data theft or security breaches and assigning responsibility.
C.    Terminating any employee believed to be responsible for compromising security.
D.    Evaluating the effectiveness and appropriateness of the organization’s current risk-managemept activities.
E.     Establishing a security team to perform forensic examinations of previous known attacks.

Read More …

[Lead2pass New] Lead2pass Latest 400-251 PDF Guarantee 100% Pass 400-251 Exam (301-325)

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

As a professional IT exam study material provider, Lead2pass gives you more than just 400-251 exam questions and answers. We provide our customers with the most accurate study material about the 400-251 exam and the guarantee of pass. We assist you to prepare for 400-251 certification which is regarded valuable the IT sector.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 301
Which of the following two statements apply to EAP-FAST? (Choose two.)

A.    EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.
B.    EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.
C.    EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
D.    EAP-FAST is a client/client security architecture.

Read More …

[Lead2pass New] Lead2pass Latest 400-251 PDF Guarantee 100% Pass 400-251 Exam (276-300)

2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

I was recommended by one of my friend, he used the Lead2pass 400-251 dumps and said they are helpful. He was right! I passed my Cisco 400-251 exam yesterday. I was lucky, all my questions in the exams were from Lead2pass dumps.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 276
Refer to the exhibit. Which effect of this command is true?

 

A.    The current public key of the router is deleted from the cache when the router reboots, and the router generates a new one.
B.    The CA revokes the public key certificate of the router.
C.    The public key of the remote peer is deleted from the router cache.
D.    The router immediately deletes its current public key from the cache and generates a new one.
E.    The router sends a request to the CA to delete the router certificate from its configuration.

Read More …

[2017 New] 400-251 Exam Dump Free Updation Availabe In Lead2pass (251-275)

2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

This dump is valid to pass Cisco 400-251 exam and don’t just memorize the answer, you need to get through understanding of it because the question changed a little in the real exam. The material is to supplement your studies.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 251
Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)

A.    L2TP-Encryption
B.    Web-VPN-ACL-Filters
C.    IPsec-Client-Firewall-Filter-Name
D.    Authenticated-User-Idle-Timeout
E.    IPsec-Default-Domain
F.    Authorization-Type

Read More …

[2017 New] 400-251 Exam Dump Free Updation Availabe In Lead2pass (226-250)

2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

I have studied the 400-251 study guide and all questions were very authentic. I passed my 400-251 exam with good grades. I am very happy now. I will definitely back for more exams dumps. I settled well in my career with the help of Lead2pass.com. Thank also guys Hurry!!!!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 226
What are the two technologies that support AFT? (Choose two)

A.    NAT-PT
B.    SNAT
C.    NAT64
D.    DNAT
E.    NAT-PMP
F.    NAT-6to4

Read More …