[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 161-170

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 161

You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):

 

clip_image001

 

With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?

 

A.

Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

B.

Modify the NHRP hold times to match on the hub and spoke

C.

Modify the NHRP network IDs to match on the hub and spoke

D.

Modify the tunnel keys to match on the hub and spoke

 

Correct Answer: D

 

 

 

QUESTION 162

Which of the following is one of the components of cisco Payment Card Industry Solution?

 

A.

Virtualization

B.

Risk Assessment

C.

Monitoring

D.

Disaster Management

 

Correct Answer: B

 

 

QUESTION 163

Which two statements about the DH group are true? (Choose two.)

 

A.

The DH group is used to provide data authentication.

B.

The DH group is negotiated in IPsec phase-1.

C.

The DH group is used to provide data confidentiality.

D.

The DH group is used to establish a shared key over an unsecured medium.

E.

The DH group is negotiated in IPsec phase-2.

 

Correct Answer: BD

 

 

QUESTION 164

Your IPv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?

 

A.

extKeyUsage

B.

nameConstrainsts

C.

id-pe-ipAddrBlocks

D.

Id-pe-autonomousSysldsE. Ia-ad-calssuers

E.

keyUsage

 

Correct Answer: B

 

 

QUESTION 165

A server with ip address 209.165.202.150 is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface. User on the internet need to access the server at any time but the firewall administrator does not want to apply NAT to the address of the server because it is currently a public address. Which three of the following command can be used to accomplish this? (Choose three)

 

A.

static (inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.2

B.

nat (inside) 1 209.165.202.150 255.255.255.255

C.

no nat-control

D.

nat (inside) 0 209.16S.202.150 255.255.255.255

E.

static (outside.insid) 209.165.202.150 209.165.202.150 netmask 255.255.255.255

F.

access-tist no-nat permit ip host 209.165.202.150 any nat (inside) 0 access-list no-nat

 

Correct Answer: ADF

 

 

QUESTION 166

Which three statements about RLDP are true? (Choose three)

 

A.

It can detect rogue Aps that use WPA encryption

B.

It detects rogue access points that are connected to the wired network

C.

The AP is unable to serve clients while the RLDP process is active

D.

It can detect rogue APs operating only on 5 GHz

E.

Active Rogue Containment can be initiated manually against rogue devices detected on the wired network

F.

It can detect rogue APs that use WEP encryption

 

Correct Answer: ABD

 

 

QUESTION 167

Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

 

A.

Network translation mode

B.

Single-context routed mode

C.

Multiple-context mode

D.

Transparent mode

 

Correct Answer: B

 

 

QUESTION 168

Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?

 

clip_image003

 

A.

The signature belongs to the IOS IPS Basic category.

B.

The signature belongs to the IOS IPS Advanced category.

C.

There is insufficient memory to compile the signature.

D.

The signature is retired.

E.

Additional signature must be complied during the compiling process.

 

Correct Answer: C

 

 

QUESTION 169

Which command sequence can you enter to enable IP multicast for WCCPv2?

 

A.

Router(config)#ip wccp web-cache service-list

Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache group-listen

B.

Router(config)#ip wccp web-cache group-list

Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache group-listen

C.

Router(config)#ip wccp web-cache group-address 224.1.1.100

Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache redirect in

D.

Router(config)#ip wccp web-cache group-address 224.1.1.100

Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache group-listen

E.

Router(config)#ip wccp web-cache group-address 224.1.1.100

Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache redirect out

 

Correct Answer: D

 

 

QUESTION 170

The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA. What command can you use to block all current and future connections from the infected host?

 

A.

ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4

B.

shun 10.10.10.4 168.65.201.120 6000 80

C.

ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120

D.

ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4

E.

shun 168.65.201.120 10.10.10.4 6000 80

 

Correct Answer: C

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com