[100% Pass Guarantee] Latest Cisco 400-251 Dumps Exam Questions And Answers

Posted on by

The best and most updated Cisco 400-251 dumps exam training materials, latest 400-251 dumps exam training material in PDF format, high quality Cisco 400-251 dumps exam practice questions and answers download one of the many PDF readers that are available for free.

QUESTION 1
Which two statements about implementing GDOI in a DMVPN network are true?(Choose true)
A. Direct spoke-to-spoke traffic is black-holed.
B. Rekeying requires an exclusive IGMP join in the mGRE interface
C. The crypto map is applied to the sub interface of each spoke.
D. If a group member rekey operation fails, it must wait for the SA lifetime to expire before it can reregister with the key server.
E. The DMVPN hub can act as the GDOI key server.
F. DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub
Answer: DE

QUESTION 2
For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: DF
400-251
QUESTION 3
The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA. 400-251 dumps
What command can you use to block all current and future connections from the infected host?
A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4
B. shun 10.10.10.4 168.65.201.120 6000 80
C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120
D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4
E. shun 168.65.201.120 10.10.10.4 6000 80
Answer: C

QUESTION 4
IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)
A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.
B. Ikev2 perform TCP intercept on all secure connections
C. IKEv2 only allows symmetric keys for peer authentication
D. IKEv2 interoperates with IKEv1 to increase security in IKEv1
E. IKEv2 only allows certificates for peer authentication
F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie
Answer: AF

QUESTION 5
Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN controller? (Choose five)
A. MAC address range
B. MAC address range number of clients it has
C. open authentication
D. whether it matches a user-configured SSID
E. whether it operates on an authorized channel
F. minimum RSSI
G. time of day the rogue operates
H. Whether it matches a managed AP SSID
Answer: BCDFH

QUESTION 6
What port has IANA assigned to the GDOI protocol ?
A. UDP 4500
B. UDP 1812
C. UDP 500
D. UDP 848
Answer: D

QUESTION 7
When attempting to use basic Http authentication to authenticate a client,which type of HTTP massage should the server use? 400-251 dumps
A. HTTP 200 with a WWW-authenticate header.
B. HTTP 401 with a WWW-authenticate header.
C. Http 302 with an authenticate header.
D. HTTP 407.
Answer: B

QUESTION 8
Which two statement about the DES algorithm are true?(Choose two)
A. It uses a 64-bit key block size and its effective key length is 65 bits
B. It uses a 64-bits key block size and its effective key length is 56 bits
C. It is a stream cripher that can be used with any size input
D. It is more efficient in software implements than hardware implementations.
E. It is vulnerable to differential and linear cryptanalysis
F. It is resistant to square attacks
Answer: BE

QUESTION 9
Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: ABF

QUESTION 10
In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?
A. On MAC Filter Failure
B. Pass through
C. Splash Page Web Redirect
D. Conditional Web Redirect
E. Authentication
Answer: A

Read more: http://www.lead4pass.com/400-251.html

Reference: http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/400-251-ccie-security.html

Watch the video to learn more:

Comments are disabled