[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 211-220

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 211

Which statement about ICMPv6 filtering is true?

 

A.

clip_image002

B.

clip_image004

C.

clip_image006

D.

clip_image008

E.

clip_image010

F.

clip_image012

 

Correct Answer: BQUESTION 212

Which three statements about the Unicast RPF in strict mode and loose mode are true? (Choose three)

 

A.

Loose mode requires the source address to be present in the routing table.

B.

Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.

C.

Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.

D.

Strict mode requires a default route to be associated with the uplink network interface.

E.

Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.

F.

Both loose and strict modes are configured globally on the router.

 

Correct Answer: ACE

 

 

QUESTION 213

What protocol does IPv6 Router Advertisement use for its messages?

 

A.

TCP

B.

ICMPv6

C.

ARP

D.

UDP

 

Correct Answer: B

 

 

QUESTION 214

DRAG DROP

Drag each ESP header field on the left into corresponding field-length category on the right.

 

clip_image014

 

Correct Answer:

clip_image016

 

 

QUESTION 215

When TCP intercept is enabled in its default mode, how does it react to a SYN request?

 

A.

It intercepts the SYN before it reaches the server and responds with a SYN-ACK

B.

It drops the connection

C.

It monitors the attempted connection and drops it if it fails to establish within 30 seconds

D.

It allows the connection without inspection

E.

It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established

 

Correct Answer: E

 

 

QUESTION 216

Refer to the exhibit. What are the two effects of the given configuration? (Choose two)

 

clip_image018

 

A.

It permits Time Exceeded messages that indicate the fragment assembly time was exceeded

B.

It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering

C.

It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagram

D.

It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed

E.

It permits Parameter Problem messages that indicate an error in the header

F.

It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram

 

Correct Answer: CF

 

 

QUESTION 217

According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)

 

A.

ISMS Policy

B.

Corrective Action Procedure

C.

IS Procedures

D.

Risk Assessment Reports

E.

Complete Inventory of all information assets

 

Correct Answer: ABCD

 

 

QUESTION 218

Which two statements about ICMP redirect messages are true? (Choose two)

 

A.

By default, configuring HSRP on the interface disables ICMP redirect functionality.

B.

They are generated when a packet enters and exits the same router interface.

C.

The messages contain an ICMP Type 3 and ICMP code 7.

D.

They are generated by the host to inform the router of an alternate route to the destination.

E.

Redirects are only punted to the CPU if the packets are also source-routed.

 

Correct Answer: AB

 

 

QUESTION 219

Which two statements about NAT-PT with IPv6 are true? (Choose two)

 

A.

It can be configured as dynamic, static, or PAT.

B.

It provides end-to-end security.

C.

It supports IPv6 BVI configurations.

D.

It provides support for Cisco Express Forwarding.

E.

It provides ALG support for ICMP and DNS.

F.

The router can be a single point of failure on the network.

 

Correct Answer: AE

 

 

QUESTION 220

Which of the following Cisco IPS signature engine has relatively high memory usage?

 

A.

The STRING-TCP engine

B.

The STRING-UDP engine

C.

The NORMALIZER engine

D.

The STRING-ICMP engine

 

Correct Answer: C

 

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com