[Free] 2017(Aug) EnsurePass Examcollection Cisco 400-251 Dumps with VCE and PDF 201-210

EnsurePass
2017 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 201 – (Topic 2)

Which of the following Cisco IPS signature engine has relatively high memory usage ?

  1. The STRING-TCP engine

  2. The STRING-UDP engine

  3. The NORMALIZER engine

  4. The STRING-ICMP engine

Answer: C

Question No: 202 – (Topic 2)

Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in the

Cisco ISE solution? (Choose three.)

  1. VLAN

  2. voice VLAN

  3. dACL name

  4. voice domain permission

  5. SGT

Answer: A,C,D

Question No: 203 – (Topic 2)

Which two statement about the DES algorithm are true?(choose two)

  1. It uses a 64-bit key block size and its effective key length is 65 bits

  2. It uses a 64-bits key block size and its effective key length is 56 bits

  3. It is a stream cripher that can be used with any size input

  4. It is more efficient in software implements than hardware implementations.

  5. It is vulnerable to differential and linear cryptanalysis

  6. It is resistant to square attacks

Answer: B,E

Question No: 204 – (Topic 2)

What protocol does IPv6 Router Advertisement use for its messages?

  1. TCP

  2. ICMPv6

  3. ARP

  4. UDP

Answer: B

Question No: 205 – (Topic 2)

You have discovered unwanted device with MAC address 001c.0f12.badd on port FastEthernet1/1 on

VLAN 4.what command or command sequence can you enter on the switch to prevent the MAC address from passing traffic on VLAN 4?

A)

image

B)

image

C)

image

D)

image

E)

image

  1. Option A

  2. Option B

  3. Option C

  4. Option D Answer: D

Question No: 206 – (Topic 2)

Which option describes the purpose of Fog architecture in loT?

  1. To provide compute services at the network edge

  2. To provide intersensor traffic routing

  3. To provide centralized compute resources

  4. To provide highly available environmentally hardened network access

Answer: A

Question No: 207 – (Topic 2)

image

Refer to the exhibit. What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two)

Refer to the exhibit What are two TLS inspection methods you could implement for- outbound Internet traffic that can prevent the given error? (Choose two)

  1. Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the client

  2. Apply an intermediate CA certificate from a trusted authority on the inspection appliance.

  3. Download a copy of the private key from the content provider,

  4. Update your organizational procedures to instruct users to click quot;I Understand the Risksquot; to accept the error and continue

  5. Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance

Answer: A,B

Question No: 208 – (Topic 2)

Which two statements about DTLS are true?(Choose two)

  1. It uses two simultaneous IPSec tunnels to carry traffic.

  2. If DPD is enabled, DTLS can fall back to a TLS connection.

  3. Because it requires two tunnels, it may experience more latency issues than SSL connections.

  4. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.

  5. It is disabled by default if you enable SSL VPN on the interface.

Answer: B,C

Question No: 209 – (Topic 2)

Which three statement about VRF-Aware Cisco Firewall are true? (Choose three)

  1. It can run as more than one instance.

  2. It supports both global and per-VRF commands and DoS parameters.

  3. It can support VPN networks with overlapping address ranges without NAT.

  4. It enables service providers to implement firewalls on PE devices.

  5. It can generate syslog massages that are visible only to individual VPNs.

  6. It enables service providers to deploy firewalls on customer devices.

Answer: A,D,E

Question No: 210 – (Topic 2)

Which statement about the 3DES algorithm is true?

  1. The 3DES algorithm uses the same key for encryption and decryption,

  2. The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption.

  3. The 3DES algorithm is a block cipher.

  4. The 3DES algorithm uses a key length of 112 bits.

  5. The 3DES algorithm is faster than DES due to the shorter key length.

Answer: C

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 400-251 Full Exam PDF and VCE
Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com