[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 111-120

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 111

DRAG DROP

Drag and drop the desktop-security terms from the left onto their right definitions on the right.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 112

What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?

 

A.

merge rule tool

B.

policy simplification tool

C.

rule grouping tool

D.

object group tool

E.

combine rule tool

 

Correct Answer: E

 

 

QUESTION 113

Refer to the exhibit. Which statement about the effect of this configuration is true?

 

clip_image005

 

A.

reply protection is disable

B.

It prevent man-in-the-middle attacks

C.

The replay window size is set to infinity

D.

Out-of-order frames are dropped

 

Correct Answer: D

 

 

QUESTION 114

When a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?

 

A.

0 to 65535

B.

1 to 1024

C.

0 to 4,294,967,295

D.

1 to 65535

E.

1 to 4,294,967,295

F.

0 to 1024

 

Correct Answer: C

 

 

QUESTION 115

What port has IANA assigned to the GDOI protocol?

 

A.

UDP 4500

B.

UDP 500

C.

UDP 1812

D.

UDP 848

 

Correct Answer: D

 

QUESTION 116

DRAG DROP

Drag each Cisco TrustSec feature on the left to its description on the right.

 

clip_image007

 

Correct Answer:

clip_image009

 

 

QUESTION 117

Which statement is true about SYN cookies?

 

A.

The state is kept on the server machine TCP stack

B.

A system has to check every incoming ACK against state tables

C.

NO state is kept on the server machine state but is embedded in the initial sequence number

D.

SYN cookies do not help to protect against SYN flood attacks

 

Correct Answer: C

 

 

QUESTION 118

Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?

 

clip_image011

 

A.

eBGP peering will fail because ASA is transit lacks BGP support.

B.

eBGP peering will be successful.

C.

eBGP peering will fail because the two routers must be directly connected to allow peering.

D.

eBGP peering will fail because of the TCP random sequence number feature.

 

Correct Answer: C

 

 

QUESTION 119

What is the maximum pattern length supported by FPM searches within a packet ?

 

A.

256 bytes

B.

1500 bytes

C.

512 bytes

D.

128 bytes

 

Correct Answer:
A

 

 

QUESTION 120

Refer to the exhibit. What are three effect of the given firewall configuration? (Choose three.)

 

clip_image013

 

A.

The firewall allows Echo Request packets from any source to pass server.

B.

The firewall allows time Exceeded error messages from any source to pass to the server.

C.

PCs outside the firewall are unable to communicate with the server over HTTP

D.

The firewall allows Echo Reply packets from any source to pass to the server.

E.

The firewall allows Destination Unreachable error messages from any source to pass to the server.

F.

The firewall allows Packet too big error messages from any source to pass to the server.

 

Correct Answer: ADF

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com