[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 191-200

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 191

What feature on Cisco IOS router enables user identification and authorization based on per-user policies?

 

A.

CBAC

B.

IPsec

C.

Authentication proxy

D.

NetFlow v9

E.

Zone-based firewall

F.

EEM

 

Correct Answer: C

 

 

QUESTION 192

Which two statements about WPA 2 with AES CCMP encryption are true? (Choose two)

 

A.

AES CCMP is a block cipher

B.

It is compatible with TACACS+ servers running LEAP authentication

C.

Every wireless packet sent to the host is tagged with CCMP frames

D.

It uses a 256-bit hashing key

E.

The MIC prevents modifications of wireless frames and replay attacks

F.

It uses a 128-bit hashing key

 

Correct Answer: AF

 

 

QUESTION 193

When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location? (Choose two)

 

A.

at the trusted and untrusted interfaces in the inbound direction.

B.

at the trusted interface in the inbound direction.

C.

at the trusted and untrusted interfaces in the outbound direction.

D.

at the untrusted interface in the inbound direction.

E.

at the trusted interface in the outbound direction.

F.

at the trusted interface in the outbound direction.

 

Correct Answer: BF

 

QUESTION 194

Refer to the exhibit. You have received an advisory that your organization could be running a vulnerable product. Using the Cisco Systems Rapid Risk Vulnerability Model, you determine that * Your organization is running an affected product on a vulnerable version of code vulnerable component is enabled and there is no feasible workaround * There is medium confidence of an attack without significant collateral damage to the organization. According to the model what is the appropriate urgency for remediation?

 

clip_image001

 

A.

priority maintenance process

B.

contact ISP to trace attack

C.

no action required

D.

remove vulnerable device from service

E.

standard maintenance process

F.

immediate mitigation process

 

Correct Answer: E

 

 

 

QUESTION 195

Refer to the exhibit. What type of attack is illustrated?

 

clip_image002

 

A.

ICMP flood

B.

ARP spoofing

C.

IP address spoofing

D.

CAM overflow

 

Correct Answer: B

 

 

QUESTION 196

Which protocol does VNC use for remote access to a GUI?

 

A.

RTPS

B.

RARP

C.

E6

D.

SSH

E.

RFB

 

Correct Answer: D

 

 

QUESTION 197

Which two statements about VPLS and VPWS are true? (Choose two)

 

A.

VPLS Layer 2 VPNs support both full-mesh and hub-and-spoke implementations

B.

VPWS only sends the data payload over an MPLS core

C.

VPLS is intended for applications that require point-to-point access

D.

VPWS supports multicast using a hub-and-spoke architecture

E.

VPLS is intended for applications that require multipoint or broadcast access

F.

VPWS supports point-to-point integration of Layer 2 and Layer 3 services over an MPLS cloud

 

Correct Answer: EF

QUESTION 198

DRAG DROP

Drag each Management Frame Protection feature on the Left to the function it performs on the right.

 

clip_image004

 

Correct Answer:

clip_image006

 

 

QUESTION 199

Which two statements about the SHA-1 algorithm are true? (Choose two)

 

A.

The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.

B.

The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.

C.

The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.

D.

The purpose of the SHA-1 algorithm is to provide data confidentiality.

E.

The purpose of the SHA-1 algorithm is to provide data authenticity.

 

Correct Answer: BE

 

 

QUESTION 200

Refer to the exhibit, which conclusion can be drawn from this output?

 

clip_image008

 

A.

The license of the device supports multiple virtual firewalls

B.

The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platform

C.

The license of the device allows for it to be used in a failover set

D.

The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher

 

Correct Answer: A

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com