[Free] 2017(Oct) EnsurePass Examcollection Cisco 400-251 Dumps with VCE and PDF 131-140

EnsurePass
2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 131 – (Topic 2)

According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?

  1. Allow only POST requests.

  2. Mark all cookies as HTTP only.

  3. Use per-session challenge tokens in links within your web application.

  4. Always use the quot;securequot; attribute for cookies.

  5. Require strong passwords.

Answer: C

Question No: 132 DRAG DROP – (Topic 2)

Drag each Management Frame Protection feature on the Left to the function it performs on the right?

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation: Client MFP: Enables access points to drop spoofed management frames. Event reporting: Enables the WLC to aggregate anomaly reports.

Infrastructure Frame validation: Enables and disables MFP protection and validation on selective basis.

Management frame protection: Enables an access point to report management frames with invalid MICs to the WLC.

Management frame validation: Enables an access point to verify that management frame from other access points include a valid MIC IE from the sending access point’s BSSID.

Question No: 133 – (Topic 2)

Which two statements about the DH group are true? (Choose two.)

  1. The DH group is used to provide data authentication.

  2. The DH group is negotiated in IPsec phase-1.

  3. The DH group is used to provide data confidentiality.

  4. The DH group is used to establish a shared key over an unsecured medium.

  5. The DH group is negotiated in IPsec phase-2.

Answer: B,D

Question No: 134 – (Topic 2)

A server with Ip address 209.165.202.150 is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface .User on the internet need to access the server at any time but the firewall

administrator does not want to apply NAT to the address of the server because it is currently a public address which three of the following command can be used to accomplish this? (Choose three)

A. static (inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.2quot;

B. nat (inside) 1 209.165.202.150 255.255.255.255

C. no nat-control

D. nat (inside) 0 209.16S.202.150 255.255.255.255

E. static (outside.insid) 209.165.202.150 209.165.202.150 netmask 255.255.255.255

F. access-tist no-nat permit ip host 209.165.202.150 any nat (inside) 0 access-list no-nat

Answer: A,D,F

Question No: 135 – (Topic 2)

Which category to protocol mapping for NBAR is correct?

  1. Category:internet Protocol:FTP,HTTP,TFTP

  2. )Category:Network management Protocol:ICMP,SNMP,SSH,telent

  3. Category:network mail services Protocol:mapi,pop3,smtp

  4. Category:Enterprise applications Protocal:citrixICA,PCAnywhere,SAP,IMAP

Answer: A

Question No: 136 – (Topic 2)

Refer to the exhibit.

Ensurepass 2017 PDF and VCE

Routers R1, R2, and R3 have IPv6 reachability, and R1 and R3 are able to ping each other with the IPv6 global unicast address. However, R1 and R3 are unable to ping each other with their

link-local addresses. What is a possible reason for the problem?

  1. Link-local addresses can communicate with neighboring interfaces.

  2. Link-local addresses are forwarded by IPv6 routers using loopback interfaces.

  3. Link-local addresses can be used only with a physical interface#39;s local network.

  4. Multicast must be enabled to allow link-local addresses to traverse multiple hops.

Answer: C

Question No: 137 – (Topic 2)

The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA, What command can you use to block all current and future connections from the infected host?

A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4

B. shun 10.10.10.4 168.65.201.120 6000 80

  1. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120

  2. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4

E. shun 168.65.201.120 10.10.10.4 6000 80

Answer: C

Question No: 138 – (Topic 2)

Ensurepass 2017 PDF and VCE

Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)

  1. It is an inbound policy.

  2. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.

  3. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.

  4. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.

  5. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.

  6. It is an outbound policy.

Answer: A,C

Question No: 139 – (Topic 2)

Which two u.s government entities are authorized to execute and enforce the penalties for violations of the

Sarbanes-oxley(SOX)act?(choose two)

  1. Federal trade commission (FTC.

  2. internal Revenue service (IRS)

  3. Office of Civil Rights (OCR)

  4. federal reserve board

  5. Securities and exchange commission (SEC.

  6. United states Citizenship and immigration services (USCIS)

Answer: D,E

Question No: 140 – (Topic 2)

Which two statements about role-based access control are true?(Choose two)

  1. Server profile administrators have read and write access to all system logs by default.

  2. If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.

  3. A view is created on the Cisco IOS device to leverage role-based access controls.

  4. Network administrators have read and write access to all system logs by default.

  5. The user profile on an AAA server is configured with the roles that grant user privileges.

Answer: D,E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 400-251 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com