[Free] 2017(Apr) Ensurepass Passguide Cisco 400-251 Latest Dumps 61-70

Ensurepass
2017 April Cisco Official New Released 400-251 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-251.html

CCIE Security Written Exam v5.1

QUESTION 61

With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails Registration will continue to fail until you do which of these?

 

clip_image002

 

A.

Modify the NHRP network IDs to match on the hub and spoke.

B.

configure the ip nhrp caches non-authoritative command on the hub’s tunnel interface.

C.

modify the tunnel keys to match on the hub and spoke.

D.

modify the NHRP hold time to match on the hub and spoke.

 

Correct Answer: C

 

 

QUESTION 62

Which three statements are true regarding Security Group Tags? (Choose three.)

 

A.

When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.

B.

When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.

C.

Security Group Tags are a supported network authorization result using Cisco ACS 5.x.

D.

Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.

E.

A Security Group Tag is a variable length string that is returned as an authorization result.

 

Correct Answer: ACD

 

QUESTION 63

In which class of applications security threads does HTTP header manipulation reside?

 

A.

Session management

B.

Parameter manipulation

C.

Software tampering

D.

Exception managements

 

Correct Answer: A

 

 

QUESTION 64

Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)

 

clip_image004

 

A.

It provides backward compability with legacy IPv6 inspection

B.

It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.

C.

It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.

D.

It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.

E.

It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.

F.

It provide backward compatibility with legacy IPv4 inseption.

 

Correct Answer: AB

 

 

QUESTION 65

what is the most commonly used technology to establish an encrypted HTTP connection?

 

A.

the HTTP/1.1 Upgrade header

B.

the HTTP/1.0 Upgrade header

C.

Secure Hypertext Transfer Protocol

D.

HTTPS

 

Correct Answer: D

QUESTION 66

What functionality is provided by DNSSEC?

 

A.

origin authentication of DNS data

B.

data confidentiality of DNS queries and answers

C.

access restriction of DNS zone transfers

D.

storage of the certificate records in a DNS zone file

 

Correct Answer: A

 

 

QUESTION 67

What are the two mechanism that are used to authenticate OSPFv3 packets? (Choose two)

 

A.

MD5

B.

ESP

C.

PLAIN TEXT

D.

AH

E.

SHA

 

Correct Answer: BD

 

 

QUESTION 68

You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

 

(A) You need two customer contexts, named contextA and contextB

(B) Allocate interfaces G0/0 and G0/1 to contextA

(C) Allocate interfaces G0/0 and G0/2 to contextB

(D) The physical interface name for G0/1 within contextA should be “inside”.

(E) All other context interfaces must be viewable via their physical interface names.

 

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

 

A.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/2 visible

B.

context contexta

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside context contextb

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/2 visible

C.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 invisible

allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 invisible

allocate-interface GigabitEthernet0/2 invisible

D.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0

allocate-interface GigabitEthernet0/2

E.

context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible

allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible

allocate-interface GigabitEthernet0/2 visible

 

Correct Answer: A

 

 

QUESTION 69

Which statement about the cisco anyconnect web security module is true?

 

A.

It is VPN client software that works over the SSl protocol.

B.

It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.

C.

It operates as an NAC agent when it is configured with the Anyconnect VPN client.

D.

It is deployed on endpoints to route HTTP traffic to SCANsafe.

 

Correct Answer: D

 

 

QUESTION 70

Which two statements about the SeND protocol are true? (Choose two)

 

A.

It uses IPsec as a baseline mechanism

B.

It supports an autoconfiguration mechanism

C.

It must be enabled before you can configure IPv6 addresses

D.

It supports numerous custom neighbor discovery messages

E.

It counters neighbor discovery threats

F.

It logs IPv6-related threats to an external log server

 

Correct Answer: BE

100% Free Download!
—Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-251 Full Exam PDF and VCE Q&As:315
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com