Tag Archives: 400-251

[100% Pass Guarantee] Latest Cisco 400-251 PDF Exam Questions And Answers

Posted on by

The best Cisco CCIE 400-251 exam pdf training resources which are the best for clearing 400-251 exam test, Cisco CCIE is the industry leader in information technology, and getting certified by them is a guaranteed way to succeed with IT careers. We help you do exactly that with our high quality Cisco CCIE 400-251 pdf training materials.

Which three statements about the Unicast RPF in strict mode and loose mode are true? (Choose three.)
A. Loose mode requires the source address to be present in the routing table.
B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.
C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.
D. Strict mode requires a default route to be associated with the uplink network interface.
E. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.
F. Both loose and strict modes are configured globally on the router.
Answer: ACE

Which two options are disadvantages of MPLS layers 3 VPN services? (Choose two.)
A. They requires cooperation with the service provider to implement transport of non-IP traffic.
B. SLAs are not supported by the service provider.
C. It requires customers to implement QoS to manage congestion in the network.
D. Integration between Layers 2 and 3 peering services is not supported.
E. They may be limited by the technology offered by the service provider.
F. They can transport only IPv6 routing traffic.
Answer: DE
Which two statements about the SHA-1 algorithm are true? (Choose two.)
A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.
B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.
C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.
D. The purpose of the SHA-1 algorithm is to provide data confidentiality.
E. The purpose of the SHA-1 algorithm is to provide data authenticity.
Answer: BE

Which two statement about router Advertisement message are true? (Choose two.) 400-251 pdf
A. Local link prefixes are shared automatically.
B. Each prefix included in the advertisement carries lifetime information f Or that prefix.
C. Massage are sent to the miscast address FF02::1.
D. It support a configurable number of retransmission attempts for neighbor solicitation massage.
E. Flag setting are shared in the massage and retransmitted on the link.
F. Router solicitation massage are sent in response to router advertisement massage.
Answer: AF

Event Store is a component of which IPS application?
A. SensorApp
B. InterfaceApp
C. MainApp
D. NotificationApp
E. AuthenticationApp
Answer: C

What are two action you can take to protect against DDOS attacks on cisco router and switches? (Choose two.)
A. Rate limit SYN packets
B. Filter the RFC-1918 address space
C. configuration IP snooping
D. implement MAC address filtering
E. Configuration PIM-SM
Answer: AB

Which two statements about SOX are true? (Choose two.)
A. SOX is an IEFT compliance procedure for computer systems security.
B. SOX is a US law.
C. SOX is an IEEE compliance procedure for IT management to produce audit reports.
D. SOX is a private organization that provides best practices for financial institution computer systems.
E. Section 404 of SOX is related to IT compliance.
Answer: BE

Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two.)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: BC

Which three statements about the Cisco IPS sensor are true? (Choose three.)
A. You cannot pair a VLAN with itself.
B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.
C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
D. The order in which you specify the VLANs in a inline pair is significant.
E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.
Answer: ACE

Which two statements about the MD5 Hash are true? (Choose two.)
A. Length of the hash value varies with the length of the message that is being hashed.
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.
Answer: BE

A server with Ip address is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface. 400-251 pdf  User on the internet need to access the server at any time but the firewall administrator does not want to apply NAT to the address of the server because it is currently a public address, which three of the following command can be used to accomplish this? (Choose three.)
A. static (inside,outside) netmask″
B. nat (inside) 1
C. no nat-control
D. nat (inside) 0 209.16S.202.150
E. static (outside.insid) netmask
F. access-tist no-nat permit ip host any nat (inside) 0 access-list no-nat
Answer: ADF

Which three statement about VRF-Aware Cisco Firewall are true? (Choose three.)
A. It can run as more than one instance.
B. It supports both global and per-VRF commands and DoS parameters.
C. It can support VPN networks with overlapping address ranges without NAT.
D. It enables service providers to implement firewalls on PE devices.
E. It can generate syslog massages that are visible only to individual VPNs.
F. It enables service providers to deploy firewalls on customer devices.
Answer: ADE

Read more: http://www.lead4pass.com/400-251.html

Reference: http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/400-251-ccie-security.html

Watch the video to learn more:

[100% Pass Guarantee] Latest Cisco 400-251 Dumps Exam Questions And Answers

Posted on by

The best and most updated Cisco 400-251 dumps exam training materials, latest 400-251 dumps exam training material in PDF format, high quality Cisco 400-251 dumps exam practice questions and answers download one of the many PDF readers that are available for free.

Which two statements about implementing GDOI in a DMVPN network are true?(Choose true)
A. Direct spoke-to-spoke traffic is black-holed.
B. Rekeying requires an exclusive IGMP join in the mGRE interface
C. The crypto map is applied to the sub interface of each spoke.
D. If a group member rekey operation fails, it must wait for the SA lifetime to expire before it can reregister with the key server.
E. The DMVPN hub can act as the GDOI key server.
F. DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub
Answer: DE

For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: DF
The computer at on your network has been infected by a botnet that directs traffic to a malware site at Assuming that filtering will be performed on a Cisco ASA. 400-251 dumps
What command can you use to block all current and future connections from the infected host?
A. ip access-list extended BLOCK_BOT_OUT deny ip any host
B. shun 6000 80
C. ip access-list extended BLOCK_BOT_OUT deny ip host host
D. ip access-list extended BLOCK_BOT_OUT deny ip host host
E. shun 6000 80
Answer: C

IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)
A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.
B. Ikev2 perform TCP intercept on all secure connections
C. IKEv2 only allows symmetric keys for peer authentication
D. IKEv2 interoperates with IKEv1 to increase security in IKEv1
E. IKEv2 only allows certificates for peer authentication
F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie
Answer: AF

Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN controller? (Choose five)
A. MAC address range
B. MAC address range number of clients it has
C. open authentication
D. whether it matches a user-configured SSID
E. whether it operates on an authorized channel
F. minimum RSSI
G. time of day the rogue operates
H. Whether it matches a managed AP SSID
Answer: BCDFH

What port has IANA assigned to the GDOI protocol ?
A. UDP 4500
B. UDP 1812
C. UDP 500
D. UDP 848
Answer: D

When attempting to use basic Http authentication to authenticate a client,which type of HTTP massage should the server use? 400-251 dumps
A. HTTP 200 with a WWW-authenticate header.
B. HTTP 401 with a WWW-authenticate header.
C. Http 302 with an authenticate header.
D. HTTP 407.
Answer: B

Which two statement about the DES algorithm are true?(Choose two)
A. It uses a 64-bit key block size and its effective key length is 65 bits
B. It uses a 64-bits key block size and its effective key length is 56 bits
C. It is a stream cripher that can be used with any size input
D. It is more efficient in software implements than hardware implementations.
E. It is vulnerable to differential and linear cryptanalysis
F. It is resistant to square attacks
Answer: BE

Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: ABF

In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?
A. On MAC Filter Failure
B. Pass through
C. Splash Page Web Redirect
D. Conditional Web Redirect
E. Authentication
Answer: A

Read more: http://www.lead4pass.com/400-251.html

Reference: http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/400-251-ccie-security.html

Watch the video to learn more: