This page was exported from Latest Dumps PDF Free Download In Lead2pass [ ] Export date:Thu Oct 29 2:08:22 2020 / +0000 GMT ___________________________________________________ Title: [2017 New] Lead2pass Cisco 400-251 VCE And PDF Instant Download (201-225) --------------------------------------------------- 2017 August Cisco Official New Released 400-251 Dumps in! 100% Free Download! 100% Pass Guaranteed! providing 100% 400-251 exam passing guarantee with real exam questions. We are providing here outstanding braindumps for your 400-251 exam. With the Help of our exam dumps you can get more than 95%. Following questions and answers are all new published by Cisco Official Exam Center: QUESTION 201Which two statements about DTLS are true?(Choose two) A.    It uses two simultaneous IPSec tunnels to carry traffic.B.    If DPD is enabled, DTLS can fall back to a TLS connection.C.    Because it requires two tunnels, it may experience more latency issues than SSL connections.D.    If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.E.    It is disabled by default if you enable SSL VPN on the interface.Answer: BDExplanation:Check the section “Configuring DTLS” in this document: QUESTION 202Refer to the exhibit, which two Statements about the given Configuration are true? (Choose two)   A.    It is an inbound policy.B.    It will allow to connect to on an IMAP port.C.    It will allow to connect to on an RDP port.D.    It will allow to connect to on an RDP port.E.    It will allow to connect to on a VNC port.F.    It is an outbound policy. Answer: AC QUESTION 203What command can you use to protect a router from TCP SYN-flooding attacks? A.    ip igmp snoopingB.    rate-limit input <bps><burst-normal><Burst-max>C.    ip tcp intercept list <access-list>D.    ip dns spoofing <ip-address>E.    police <bps> Answer: C QUESTION 204Refer to the exhibit, what is the effect of the given configuration?   A.    It will Drop all TTL packet with a value of 14 in the IP header field.B.    It will Drop all TTL packet with a TTL value less than 14.C.    It will Drop all TTL packet with a TTL value of 15 or more.D.    It will Drop all TTL packet with a TTL value of 14 or more. Answer: B QUESTION 205If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel? A.    standbyB.    activeC.    onD.    passive Answer: B QUESTION 206Which three statements about the SHA-2 algorithm are true? (Choose three) A.    It provides a variable-length output using a collision-resistant cryptographic hash.B.    It provides a fixed-length output using a collision-resistant cryptographic hash.C.    It is used for integrity verification.D.    It generates a 160-bit message digest.E.    It is the collective term for the SHA-224, SHA-256, SHA-384, and SHA-512 algorithms.F.    It generates a 512-bit message digest. Answer: BCE QUESTION 207Drag and Drop QuestionDrag and drop each RADIUS packet field on the left onto the matching decription on the right.   Answer:   QUESTION 208Which three of these situation warrant engagement of a security incident Response team?(Choose three) A.    damage to computer/network resourcesB.    pornographic biogs'websitesC.    computer or network misuse/abuseD.    denial of service (DoS)E.    loss of data confidentialitymtegrity Answer: CDE QUESTION 209What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three) A.    IMAPB.    RDPC.    MMED.    ICQE.    POP3F.    IKE Answer: ADE QUESTION 210You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch's port mode to trunk? A.    device-traffic-class=switchB.    device-traffic-class=trunkC.    framed-protocol=1D.    EAP-message-switchE.    Authenticate=AdministrativeF.    Acct-Authentic=radius Answer: A QUESTION 211Refer to the exhibit. Which statement about the router R1 is true?   A.    Its private-config is corrupt.B.    Its NVRAM contains public and private crypto keys.C.    Its running configuration is missing.D.    RMON is configured. Answer: B QUESTION 212Refer to the Exhibit. What is the effect of the given ACL policy ?   A.    The policy will deny all IPv6 eBGP session.B.    The policy will disable IPv6 source routing.C.    The policy will deny all IPv6 routing packet.D.    The policy will deny all IPv6 routed packet. Answer: B QUESTION 213Which three statements about the RSA algorithm are true? (Choose three.) A.    The RSA algorithm provides encryption but not authentication.B.    The RSA algorithm provides authentication but not encryption.C.    The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.D.    The private key is never sent across after it is generated.E.    The public key is used to decrypt the message that was encrypted by the private key.F.    The private key is used to decrypt the message that was encrypted by the public key. Answer: CDF QUESTION 214Which of these is a core function of the risk assessment process? (Choose one.) A.    performing regular network upgradesB.    performing network optimizationC.    performing network posture validationD.    establishing network baselinesE.    prioritizing network roll-outs Answer: C QUESTION 215Which two router configurations block packets with the Type 0 Routing header on the interface? (Choose two) A.    Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any interface FastEthernet0/0 ipv6 traffic-filter Deny_Loose_Source_Routing in B.    Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility -type bind-refresh Interface FastEthernet/0 Ipv6 tr Affic-filter Deny_Loose_Source_Routing in C.    Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0 Permit ipv6 any any Interface FastEthernet0/0 Ipv6 traffic -filter Deny_Loose_Routing in D.    Ipv6 access -list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing -type 0 Deny ipv6 any any routing -type 0 Permit ipv6 any any Interface FastEthernet t0/0 Ipv6 traffic -filter Deny_Loose_Source_Routing in E.    Ipv6 access -list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing -type 0 log-input Sequence 2 permit ipv6 any any flow -label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in Answer: CD QUESTION 216What protocol provides security for datagram protocols? A.    MABB.    DTLSC.    SCEPD.    GETE.    LDP Answer: B QUESTION 217Which two options are open-source SDN controllers? (Choose two) A.    OpenContrailB.    OpenDaylightC.    Big Cloud FabricD.    Virtual Application Networks SDN ControllerE.    Application Policy Infrastructure Controller Answer: AB QUESTION 218Which current RFC made RFCs 2409, 2407, and 2408 obsolete? A.    RFC 4306B.    RFC 2401C.    RFC 5996D.    RFC 4301E.    RFC 1825 Answer: A QUESTION 219Refer to the exhibit. Which effect of this configuration is true?   A.    It enables MLD query messages for all link-local groups.B.    It configures the node to generate a link-local group report when it joins the solicited- node multicast group.C.    It enables hosts to send MLD report messages for groups    it enables local group membership for MLDv1 and MLDv2.E.    It enables the host to send MLD report messages for nonlink local groups. Answer: C QUESTION 220Which technology builds on the vPathconcept and can be used in virtual and physical environments? A.    VXLANB.    ACIC.    NSHD.    SDN Answer: C QUESTION 221Which two statements about header attacks are true?(Choose two) A.    An attacker can use IPv6 Next Header attacks to steal user data and launch phishing attacks.B.    An attacker can use HTTP Header attacks to launch a DoS attack.C.    An attacker can execute a spoofing attack by populating the RH0 routing header subtype with multiple destination addresses.D.    An attacker can leverage an HTTP response header to write malicious cookies.E.    An attacker can leverage an HTTP response header to inject malicious code into an application layer.F.    An attacker can use vulnerabilities in the IPv6 routing header to launch attacks at the application layer. Answer: CEExplanation: QUESTION 222Refer to the exhibit. Routers R1, R2, and R3 have IPv6 reachability, and R1 and R3 are able to ping each other with the IPv6 global unicast address. However, R1 and R3 are unable to ping each other with their link-local addresses. What is a possible reason for the problem?   A.    Link-local addresses can communicate with neighboring interfaces.B.    Link-local addresses are forwarded by IPv6 routers using loopback interfaces.C.    Link-local addresses can be used only with a physical interface's local network.D.    Multicast must be enabled to allow link-local addresses to traverse multiple hops. Answer: C QUESTION 223What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ? A.    It configures the interface to fragment packets on connections with MTUs of 1024 or greaterB.    It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packetsC.    It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytesD.    It configures the interface to fragment packets on connections with MTUs of 1024 or lessE.    It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes Answer: E QUESTION 224Which Two statement about the PCoIP protocol are true? (Choose two) A.    It support both loss and lossless compressionB.    It is a client-rendered, multicast-codec protocol.C.    It is available in both software and hardware.D.    It is a TCP-based protocol.E.    It uses a variety of codec to support different operating system. Answer: AC QUESTION 225Drag and Drop QuestionDrag the step in the SCEP workflow on the left into the correct order of operation on the right.   Answer: is best place to prepare your 400-251 exam with 100% reliable study guide. We are providing free sample questions here so you can check our study guide quality. 400-251 new questions on Google Drive: 2017 Cisco 400-251 exam dumps (All 470 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-08-10 02:35:43 Post date GMT: 2017-08-10 02:35:43 Post modified date: 2017-08-10 02:35:43 Post modified date GMT: 2017-08-10 02:35:43 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from