[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 171-180

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 171

IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities? (Choose two)

 

A.

with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.

B.

Ikev2 perform TCP intercept on all secure connections

C.

IKEv2 only allows symmetric keys for peer authentication

D.

IKEv2 interoperates with IKEv1 to increase security in IKEv1

E.

IKEv2 only allows certificates for peer authentication

F.

An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie

 

Correct Answer: AF

 

 

QUESTION 172

Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN controller? (Choose five)

 

A.

MAC address range

B.

MAC address range number of clients it has

C.

open authentication

D.

whether it matches a user-conf
igured SSID

E.

whether it operates on an authorized channel

F.

minimum RSSI

G.

time of day the rogue operates

H.

Whether it matches a managed AP SSID

Correct Answer: BCDFH

 

 

QUESTION 173

Which two statement about the DES algorithm are true? (Choose two)

 

A.

It uses a 64-bit key block size and its effective key length is 65 bits

B.

It uses a 64-bits key block size and its effective key length is 56 bits

C.

It is a stream cripher that can be used with any size input

D.

It is more efficient in software implements than hardware implementations.

E.

It is vulnerable to differential and linear cryptanalysis

F.

It is resistant to square attacks

 

Correct Answer: BE

 

 

QUESTION 174

Which three types of addresses can the Botnet Traffic Filter feature of the Cisco ASA monitor? (Choose three)

 

clip_image001

clip_image003

A.

Ambiguous addresses

B.

Known malware addresses

C.

Listed addresses

D.

Dynamic addresses

E.

Internal addresses

F.

Known allowed addresses

 

Correct Answer: ABF

 

 

QUESTION 175

Which Three statement about cisco IPS manager express are true? (Choose three)

 

A.

It provides a customizable view of events statistics.

B.

It Can provision policies based on risk rating.

C.

It Can provision policies based on signatures.

D.

It Can provision policies based on IP addresses and ports.

E.

It uses vulnerability-focused signature to protect against zero-day attacks.

F.

It supports up to 10 sensors.

 

Correct Answer: ABF

 

 

QUESTION 176

In Cisco Wireless LAN Controller WLC. Which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?

 

A.

On MAC Filter Failure

B.

Pass through

C.

Splash Page Web Redirect

D.

Conditional Web Redirect

E.

Authentication

 

Correct Answer: A

 

 

QUESTION 177

What port has IANA assigned to the GDOI protocol?

 

A.

UDP 4500

B.

UDP 1812

C.

UDP 500

D.

UDP 848

 

Correct Answer: D

 

 

QUESTION 178

DRAG DROP

Drag and drop each syslog facility code on the left onto its description on the right.

 

clip_image005

 

Correct Answer:

clip_image007

 

 

QUESTION 179

Which two statements about implementing GDOI in a DMVPN network are true? (Choose true)

 

A.

Direct spoke-to-spoke traffic is black-holed.

B.

Rekeying requires an exclusive IGMP join in the mGRE interface.

C.

The crypto map is applied to the sub interface of each spoke.

D.

If a group member rekey operation fails, it must wait for the SA lifetime to expire before it can reregister with the key server.

E.

The DMVPN hub can act as the GDOI key server.

F.

DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub.

 

Correct Answer: DE

QUESTION 180

Refer to the exhibit. What is the effect of the given configuration?

 

clip_image009

 

A.

It reset and logs FTP connection to all sites except cisco.com and hp.com.

B.

FTP connections are unaffected.

C.

It resets FTP connection to all sites except cisco.com and hp.com.

D.

It resets and logs FTP connection to cisco.com and hp.com only.

E.

It resets FPT connection to cisco.com and hp.com only

 

Correct Answer: A

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com