[Free] 2017(Aug) EnsurePass Examcollection Cisco 400-251 Dumps with VCE and PDF 31-40

EnsurePass
2017 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 31 – (Topic 1)

Which option best describes RPL?

  1. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two border routes

  2. RPL stands for Routing over low-power Lossy Networks that use distance vector DOGAGA to determine the best route between leaves and the root border router.

  3. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.

  4. RPL stands for Routing over low-power Lossy Networks that use link-state LSAs to determine the best route between leaves 3nd the root border router.

Answer: B

Question No: 32 – (Topic 1)

Which two statements about SCEP are true? (Choose two)

  1. CA Servers must support GetCACaps response messages in order to implement extended functionality.

  2. The GetCRL exchange is signed and encrypted only in the response direction.

  3. It is vulnerable to downgrade attacks on its cryptographic capabilities.

  4. The GetCert exchange is signed and encrypted only in the response direction.

  5. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.

Answer: A,C

Question No: 33 – (Topic 1)

Which two statements about Cisco URL Filtering on Cisco IOS Software are true?(Choose two)

  1. It supports Websense and N2H2 filtering at the same time.

  2. It supports local URL lists and third-party URL filtering servers.

  3. By default, it uses ports 80 and 22.

  4. It supports HTTP and HTTP traffic.

  5. By default, it allows all URLs when the connection to the filtering server is down.

  6. It requires minimal CPU time.

Answer: A,B

Question No: 34 – (Topic 1)

Which two statements about Net Flow Secure Event Logging on a Cisco ASA are true?(Choose two)

  1. It tracks configured collectors over TCP.

  2. It is supported only in single-context mode.

  3. It can export templates through NetFlow.

  4. It can be used without collectors.

  5. It supports one event type per collector

  6. It can log different event types on the same device to different collectors.

Answer: C,F

Question No: 35 – (Topic 1)

Which two statements about 802.1x components are true?(Choose two)

  1. The access layer switchis the policy enforcement point.

  2. The certificates that are used in the client-server authentication process are stored on the access switch.

  3. The RADIUS server is the policy enforcement point.

  4. The RADIUS server is the policy informant point.

  5. The RADIUS server is the policy decision point.

  6. An LADP server can server as the policy enforcement point.

Answer: A,E

Question No: 36 – (Topic 1)

Which WEP configuration can be exploited by a weak IV attack?

  1. When the static WEP password has been stored without encryption.

  2. When a per-packet WEP key is in use.

  3. When a 64-bit key is in use.

  4. When the static WEP password has been given away.

  5. When a 40-bit key is in use.

  6. When the same WEP key is used to create every packet.

Answer: E

Question No: 37 – (Topic 1)

Which three statements about Cisco Any Connect SSL VPN with the ASA are true?(Choose three)

  1. DTLS can fail back to TLS without enabling dead peer detection.

  2. By default, the VPN connection connects with DTLS.

  3. Real-time application performance improves if DTLS is implemented.

  4. Cisco Any Connect connections use IKEv2 by default when it is configured as the primary protocol on the client.

  5. By default, the ASA uses the Cisco Any Connect Essentials license.

  6. The ASA will verify the remote HTTPS certificate.

Answer: B,C,D

Question No: 38 – (Topic 1)

How does Scavenger-class QOS mitigate DOS and worm attacks?

  1. It monitors normal traffic flow and drops burst traffic above the normal rate for a single host.

  2. It matches traffic from individual hosts against the specific network characteristics of known attack types.

  3. It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is detected.

  4. It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from multiple hosts.

Answer: D

Question No: 39 – (Topic 1)

Which three authorization technologies does Cisco Trust Sec support?(Choose three)

A. 802.1x.

  1. SGACL.

  2. DACL.

  3. MAB.

  4. SGT.

  5. VLAN.

Answer: A,D,F

Question No: 40 – (Topic 1)

Which two options are benefits of global ACLs?(Choose two)

  1. They only operate on logical interfaces.

  2. They are more efficient because they are processed before interface access rules.

  3. They server memory because they work without being replicated on each interface

  4. They can be applied to multiple interface

  5. They are flexible because they match source and destination IP addresses for packets that arrive on any interface

Answer: B,D

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 400-251 Full Exam PDF and VCE
Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com