[100% Pass Guarantee] Latest Cisco 400-251 PDF Exam Questions And Answers

Posted on by 0 comment

The best Cisco CCIE 400-251 exam pdf training resources which are the best for clearing 400-251 exam test, Cisco CCIE is the industry leader in information technology, and getting certified by them is a guaranteed way to succeed with IT careers. We help you do exactly that with our high quality Cisco CCIE 400-251 pdf training materials.

QUESTION 1
Which three statements about the Unicast RPF in strict mode and loose mode are true? (Choose three.)
A. Loose mode requires the source address to be present in the routing table.
B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.
C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.
D. Strict mode requires a default route to be associated with the uplink network interface.
E. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.
F. Both loose and strict modes are configured globally on the router.
Answer: ACE

QUESTION 2
Which two options are disadvantages of MPLS layers 3 VPN services? (Choose two.)
A. They requires cooperation with the service provider to implement transport of non-IP traffic.
B. SLAs are not supported by the service provider.
C. It requires customers to implement QoS to manage congestion in the network.
D. Integration between Layers 2 and 3 peering services is not supported.
E. They may be limited by the technology offered by the service provider.
F. They can transport only IPv6 routing traffic.
Answer: DE
400-251
QUESTION 3
Which two statements about the SHA-1 algorithm are true? (Choose two.)
A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.
B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.
C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.
D. The purpose of the SHA-1 algorithm is to provide data confidentiality.
E. The purpose of the SHA-1 algorithm is to provide data authenticity.
Answer: BE

QUESTION 4
Which two statement about router Advertisement message are true? (Choose two.) 400-251 pdf
A. Local link prefixes are shared automatically.
B. Each prefix included in the advertisement carries lifetime information f Or that prefix.
C. Massage are sent to the miscast address FF02::1.
D. It support a configurable number of retransmission attempts for neighbor solicitation massage.
E. Flag setting are shared in the massage and retransmitted on the link.
F. Router solicitation massage are sent in response to router advertisement massage.
Answer: AF

QUESTION 5
Event Store is a component of which IPS application?
A. SensorApp
B. InterfaceApp
C. MainApp
D. NotificationApp
E. AuthenticationApp
Answer: C

QUESTION 6
What are two action you can take to protect against DDOS attacks on cisco router and switches? (Choose two.)
A. Rate limit SYN packets
B. Filter the RFC-1918 address space
C. configuration IP snooping
D. implement MAC address filtering
E. Configuration PIM-SM
Answer: AB

QUESTION 7
Which two statements about SOX are true? (Choose two.)
A. SOX is an IEFT compliance procedure for computer systems security.
B. SOX is a US law.
C. SOX is an IEEE compliance procedure for IT management to produce audit reports.
D. SOX is a private organization that provides best practices for financial institution computer systems.
E. Section 404 of SOX is related to IT compliance.
Answer: BE

QUESTION 8
Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two.)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: BC

QUESTION 9
Which three statements about the Cisco IPS sensor are true? (Choose three.)
A. You cannot pair a VLAN with itself.
B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.
C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
D. The order in which you specify the VLANs in a inline pair is significant.
E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.
Answer: ACE

QUESTION 10
Which two statements about the MD5 Hash are true? (Choose two.)
A. Length of the hash value varies with the length of the message that is being hashed.
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.
Answer: BE

QUESTION 11
A server with Ip address 209.165.202.150 is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface. 400-251 pdf  User on the internet need to access the server at any time but the firewall administrator does not want to apply NAT to the address of the server because it is currently a public address, which three of the following command can be used to accomplish this? (Choose three.)
A. static (inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.2″
B. nat (inside) 1 209.165.202.150 255.255.255.255
C. no nat-control
D. nat (inside) 0 209.16S.202.150 255.255.255.255
E. static (outside.insid) 209.165.202.150 209.165.202.150 netmask 255.255.255.255
F. access-tist no-nat permit ip host 209.165.202.150 any nat (inside) 0 access-list no-nat
Answer: ADF

QUESTION 12
Which three statement about VRF-Aware Cisco Firewall are true? (Choose three.)
A. It can run as more than one instance.
B. It supports both global and per-VRF commands and DoS parameters.
C. It can support VPN networks with overlapping address ranges without NAT.
D. It enables service providers to implement firewalls on PE devices.
E. It can generate syslog massages that are visible only to individual VPNs.
F. It enables service providers to deploy firewalls on customer devices.
Answer: ADE

Read more: http://www.lead4pass.com/400-251.html

Reference: http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/400-251-ccie-security.html

Watch the video to learn more:

         

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *