[Free] 2017(Oct) EnsurePass Examcollection Cisco 400-251 Dumps with VCE and PDF 281-290

EnsurePass
2017 Oct Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/400-251.html

CCIE Security Written Exam (v5.0)

Question No: 281 – (Topic 2)

Ensurepass 2017 PDF and VCE

Refer to the exhibit. What is the effect of the given configuration?

  1. It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.

  2. It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to

    3600 milliseconds.

  3. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.

  4. It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.

  5. It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.

Answer: E

Question No: 282 – (Topic 2)

Ensurepass 2017 PDF and VCE

Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?

  1. Configure Unicast RPF Loose Mode on R2 and R3 only.

  2. Configure Unicast RPF Loose Mode on R1 only.

  3. Configure Unicast RPF Strict Mode on R1 only.

  4. Configure Unicast RPF Strict Mode on R1,R2 and R3.

  5. Configure Unicast RPF Strict Mode on R2 and R3 only.

Answer: E

Question No: 283 – (Topic 2)

Ensurepass 2017 PDF and VCE

Refer to the exhibit if R1 is acting as a DHCP server ,What action can you take to enable the pc to receive an ip address assignment from the DHCP server ?

  1. Configure the IP local pool command on R2

  2. Configure DHCP option 150 on R2

  3. Configure the IP helper-address command on R2 to use R1’s ip address

  4. Configure the IP helper-address command on R1 to use R2’s ip address

  5. Configuration DHCP option 82 on R1

  6. Configure the ip local pool command on R1

Answer: C

Question No: 284 – (Topic 2)

Ensurepass 2017 PDF and VCE

Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?

  1. The signature belongs to the IOS IPS Basic category.

  2. The signature belongs to the IOS IPS Advanced category.

  3. There is insufficient memory to compile the signature.

  4. The signature is retired.

  5. Additional signature must be complied during the compiling process.

Answer: C

Question No: 285 – (Topic 2)

Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)

  1. BGP NHT

  2. route reflector

  3. local preference

  4. confederations

  5. Virtual peering

Answer: B,D

Question No: 286 – (Topic 2)

IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)

  1. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.

  2. Ikev2 perform TCP intercept on all secure connections

  3. IKEv2 only allows symmetric keys for peer authentication

  4. IKEv2 interoperates with IKEv1 to increase security in IKEv1

  5. IKEv2 only allows certificates for peer authentication

  6. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie

Answer: A,F

Question No: 287 DRAG DROP – (Topic 2)

Drag each MACsec term on the left to the right matching statement on the right?

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange

SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco

Question No: 288 – (Topic 2)

Which of the following best describes Chain of Evidence in the context of security forensics?

  1. Evidence is locked down, but not necessarily authenticated.

  2. Evidence is controlled and accounted for to maintain its authenticity and integrity.

  3. The general whereabouts of evidence is known.

  4. Someone knows where the evidence is and can say who had it if it is not logged.

    Answer: B

    Question No: 289 DRAG DROP – (Topic 2)

    Drag each step in the configuration of a cisco ASA NSEL export to a NETFLOW collector on the left into the correct order of operations on the right?

    Ensurepass 2017 PDF and VCE

    Answer:

    Ensurepass 2017 PDF and VCE

    Explanation:

    1. Configure the NSEL collector.

    2. Create Class-map to identify the desired traffic.

    3. Call ACL under the class-map to match the desired traffic.

    4. Create policy-map

    5. Associate Class-map to policy map.

    6. Configure flow-export action.

    7. Associate Policy-map to service-policy.

      Question No: 290 – (Topic 2)

      What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?

      1. merge rule tool

      2. policy simplification tool

      3. rule grouping tool

      4. object group tool

      5. combine rule tool

Answer: E

100% Free Download!
Download Free Demo:400-251 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 400-251 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com