[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 101-110

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 101

CCMP (CCM mode Protocol) is based on which algorithm?

 

A.

3DES

B.

Blowfish

C.

RC5

D.

AES

E.

IDEA

 

Correct Answer: D

 

 

QUESTION 102

Which command can you enter on the Cisco ASA to disable SSH?

 

A.

Crypto key generate ecdsa label

B.

Crypto key generate rsa usage-keys noconfirm

C.

Crypto keys generate rsa general-keys modulus 768

D.

Crypto keys generate ecdsa noconfirm

E.

Crypto keys zeroize rsa noconfirm

 

Correct Answer: EQUESTION 103

DRAG DROP

Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

 

 

QUESTION 104

Which one of the following Cisco ASA adaptive security appliance rule samples will send HTTP data to the AIP- SSM module to evaluate and stop HTTP attacks?

 

A.

clip_image005

B.

clip_image006

C.

clip_image007

D.

clip_image008

 

Correct Answer: C

 

 

QUESTION 105

Why is the IPv6 type 0 routing header vulnerable to attack?

 

A.

It allows the receiver of a packet to control its flow.

B.

It allows the sender to generate multiple NDP requests for each packet.

C.

It allows the sender of a packet to control its flow.

D.

It allows the sender to generate multiple ARP requests for each packet.

E.

It allows the receiver of a packet to modify the source IP address.

 

Correct Answer: C

 

 

QUESTION 106

What context-based access control (CBAC. command sets the maximum time that a router running Cisco IOS Will wait for a new TCP session to reach the established state?

 

A.

IP inspect max-incomplete

B.

IP inspect tcp finwait-time

C.

Ip inspect udp idle-time

D.

Ip inspect tcpsynwait-time

E.

Ip inspect tcp idle-time

 

Correct Answer: D

 

 

QUESTION 107

Which three statements about Cisco Flexible NetFlow are true? (Choose three.)

 

A.

The packet information used to create flows is not configurable by the user.

B.

It supports IPv4 and IPv6 packet fields.

C.

It tracks all fields of an IPv4 header as well as sections of the data payload.

D.

It uses two types of flow cache, normal and permanent.

E.

It can be a useful tool in monitoring the network for attacks.

 

Correct Answer: BCE

 

 

QUESTION 108

What are the two most common methods that security auditors use to assess an organization’s security processes? (Choose two.)

 

A.

social engineering attempts

B.

interviews

C.

policy assessment

D.

penetration testing

E.

document review

F.

physical observations

 

Correct Answer: AE

 

 

QUESTION 109

On Which encryption algorithm is CCMP based?

 

A.

IDEA

B.

BLOWFISH

C.

RCS

D.

3DES

E.

AES

 

Correct Answer: E

 

 

QUESTION 110

By defaults which amount of time does the ASA add to the TTL value of a DNS entry to determine the amount of time a DNS entry is valid?

 

A.

60 seconds

B.

30 seconds

C.

0 second

D.

180 seconds

E.

120 seconds

F.

100 seconds

 

Correct Answer: A

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com