15 02 2017
[2017-New]Braindump2go Cisco 400-251 PDF & VCE Dumps 1106Q&As for 100% Passing 400-251 Exam[Q101-Q115]
2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now!
2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!
1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As Download:
http://www.braindump2go.com/400-251.html
2.|2017 NEW 400-251 Written Exam Questions & Answers:
http://www.braindump2go.com/400-251.html
QUESTION 101
Refer to the exhibit. Which effect of this configuration is true?
A. Host_1 learns about R2 and only and prefers R2 as its default router
B. Host_1 selects R2 as its default router and load balances between R2 and R3
C. Host_1 learns about R2 and R3 only and prefers R3 as its default router
D. Host_1 learns about R1,R2 and R3 and load balances between them
E. Host_1 learns about R1, R2 and R3 and prefers R2 as its default router
Answer: E
QUESTION 102
Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
A. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors
B. The ASA supports policy-based routing with route maps
C. Routes to the Null0 interface cannot be configured to black-hole traffic
D. The translations table cannot override the routing table for new connections
Answer: C
QUESTION 103
Which two statement about router Advertisement message are true? (Choose two)
A. Local link prefixes are shared automatically.
B. Each prefix included in the advertisement carries lifetime information f Or that prefix.
C. Massage are sent to the miscast address FF02::1
D. It support a configurable number of retransmission attempts for neighbor solicitation massage.
E. Flag setting are shared in the massage and retransmitted on the link.
F. Router solicitation massage are sent in response to router advertisement massage
Answer: AF
QUESTION 104
Refer to the exhibit. Which effect of this configuration is true?
A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes.
B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.
C. NUD retransmits Neighbor Solicitation messages every 4 seconds.
D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.
E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.
F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.
Answer: E
QUESTION 105
What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)
A. FPM
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Answer: DE
QUESTION 106
Which two statement about the multicast addresses query message are true?(Choose two)
A. They are solicited when a node initialized the multicast process.
B. They are used to discover the multicast group to which listeners on a link are subscribed
C. They are used to discover whether a specified multicast address has listeners
D. They are send unsolicited when a node initializes the multicast process
E. They are usually sent only by a single router on a link
F. They are sent when a node discover a multicast group
Answer: BC
QUESTION 107
Refer to the exhibit. What IPSec function does the given debug output demonstrate?
A. DH exchange initiation
B. setting SPIs to pass traffic
C. PFS parameter negotiation
D. crypto ACL confirmation
Answer: B
QUESTION 108
Drag and Drop Question
Drag each MACsec term on the left to the right matching statement on the right.
Answer:
QUESTION 109
IANA is responsible for which three IP resources? (Choose three.)
A. IP address allocation
B. Detection of spoofed address
C. Criminal prosecution of hackers
D. Autonomous system number allocation
E. Root zone management in DNS
F. BGP protocol vulnerabilities
Answer: ADE
QUESTION 110
When you are configuring QoS on the Cisco ASA appliance.
Which four are valid traffic selection criteria? (Choose four)
A. default-inspection-traffic
B. qos-group
C. DSCP
D. VPN group
E. tunnel group
F. IP precedence
Answer: ACEF
QUESTION 111
Which two statements about the anti-replay feature are true? (Choose two)
A. By default, the sender uses a single 1024-packet sliding window
B. By default, the receiver uses a single 64-packet sliding window
C. The sender assigns two unique sequence numbers to each clear-text packet
D. The sender assigns two unique sequence numbers to each encrypted packet
E. the receiver performs a hash of each packet in the window to detect replays
F. The replay error counter is incremented only when a packet is dropped
Answer: BD
QUESTION 112
You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):
With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?
A. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
B. Modify the NHRP hold times to match on the hub and spoke
C. Modify the NHRP network IDs to match on the hub and spoke
D. Modify the tunnel keys to match on the hub and spoke
Answer: D
QUESTION 113
Which of the following is one of the components of cisco Payment Card Industry Solution?
A. Virtualization
B. Risk Assessment
C. Monitoring
D. Disaster Management
Answer: B
QUESTION 114
Which two statements about the DH group are true? (Choose two.)
A. The DH group is used to provide data authentication.
B. The DH group is negotiated in IPsec phase-1.
C. The DH group is used to provide data confidentiality.
D. The DH group is used to establish a shared key over an unsecured medium.
E. The DH group is negotiated in IPsec phase-2.
Answer: BD
QUESTION 115
Your 1Pv6 network uses a CA and trust anchor to implement secure network discover.
What extension must your CA certificates support?
A. extKeyUsage
B. nameConstrainsts
C. id-pe-ipAddrBlocks
D. Id-pe-autonomousSysldsE. Ia-ad-calssuers
E. keyUsage
Answer: B
!!! RECOMMEND!!!
1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As Download:
http://www.braindump2go.com/400-251.html
2.|2017 NEW 400-251 Study Guide Video:
[2017-New]100% Real Cisco 400-251 VCE 400-251 Exam Dumps 1106q&as-Braindump2go[Q86-Q100] [2017-New]Braindump2go Cisco 400-251 Exam VCE and PDF 1106Q&As for 100% Passing 400-251 Exam[Q116-Q130]
Comments are currently closed.