[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 41-50

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 41

DRAG DROP

Drag and drop the description on the left on to the associated item on the right.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 42

Which two statement about the Cisco ASA in a transparent-mode deployment are true? (Choose two)

 

A.

It block all ARP packets by default.

B.

It supports QoS.

C.

It supports iBGP.

D.

It can act as a DHCP server.

E.

It performs a MAC address look to forward traffic.

F.

It performs a route lookup to forward traffic.

 

Correct Answer: DE

 

 

 

QUESTION 43

What functionality does SXP provide to enhance security?

 

A.

It supports secure communication between cisco ironport Cisco and Microsoft Exchange.

B.

It supports Cisco’s trustsec solution by transporting information over network that are unable to support SGT propagation.

C.

It support secure communications between cisco ironport and cloud-based email servers.

D.

It support cisco’s trustsec implementation on virtual machines.

 

Correct Answer: B

 

 

QUESTION 44

DRAG DROP

Drag each IPsec term on the left to the definition on the right.

 

clip_image006

 

Correct Answer:

clip_image008

 

 

QUESTION 45

Which two statements about the RC4 algorithm are true? (Choose two.)

 

A.

The RC4 algorithm is an asymmetric key algorithm.

B.

The RC4 algorithm is a symmetric key algorithm.

C.

The RC4 algorithm is slower in computation than DES.

D.

The RC4 algorithm is used with wireless encryption protocols.

E.

The RC4 algorithm uses fixed-length keys.

 

Correct Answer: BD

 

 

QUESTION 46

Which two statement about PVLAN port types are true? (Choose two)

 

A.

A community port can send traffic to community port in other communities on its broadcast domain.

B.

An isolated port can send and receive traffic only to and from promiscuous ports.

C.

An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.

D.

A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.

E.

A community port can send traffic to promiscuous port in other communities on its broadcast domain.

F.

A Promiscuous port can send traffic to all ports within a broadcast domain.

 

Correct Answer: BF

 

 

QUESTION 47

Which statement about the 3DES algorithm is true?

 

A.

The 3DES algorithm uses the same key for encryption and decryption,

B.

The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption.< /span>

C.

The 3DES algorithm is a block cipher.

D.

The 3DES algorithm uses a key length of 112 bits.

E.

The 3DES algorithm is faster than DES due to the shorter key length.

 

Correct Answer: C

 

 

QUESTION 48

Which significant change to PCI DSS standards was made in PCI DSS version 3.1?

 

A.

No version of TLS is now considered to provide strong cryptography.

B.

Storage of sensitive authentication data after authorization is now permitted when proper encryption is applied.

C.

Passwords are now required to be changed at least once every 30 days.

D.

SSL is now considered a weak cryptographic technology.

E.

If systems that are vulnerable to POODLE are deployed in an organization, a patching and audit review process must be implemented.

 

Correct Answer: D

QUESTION 49

Refer to the Exhibit. What is a possible reason for the given error?

 

clip_image010

 

A.

One or more require application failed to respond.

B.

The IPS engine is busy building cache files.

C.

The IPS engine I waiting for a CLI session to terminate.

D.

The virtual sensor is still initializing.

 

Correct Answer: D

 

 

QUESTION 50

Which three statements about the keying methods used by MAC Sec are true? (Choose three)

 

A.

MKA is implemented as an EAPoL packet exchange

B.

SAP is enabled by default for Cisco TrustSec in manual configuration mode.

C.

SAP is supported on SPAN destination ports

D.

Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA

E.

SAP is not supported on switch SVIs .

F.

A valid mode for SAP is NULL

 

Correct Answer: ABF

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com