This page was exported from Easily Pass By Training Lead2pass Latest Dumps [ https://www.freebraindump.com ] Export date:Fri Mar 29 13:12:16 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Free Download 400-251 Exam Dumps VCE From Lead2pass (151-175) --------------------------------------------------- 2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Thank you so much Lead2pass. You helped me passing my 400-251 exam easily, 90% of the exam questions from the dump appeared in my exam. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html QUESTION 151Which two statements about the SHA-1 algorithm are true? (Choose two) A.    The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.B.    The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.C.    The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.D.    The purpose of the SHA-1 algorithm is to provide data confidentiality.E.    The purpose of the SHA-1 algorithm is to provide data authenticity.Answer: BE QUESTION 152Refer to the exhibit. What is the meaning of the given error massage?   A.    Ike is disable on the remote peerB.    The mirrored crypto ACLs are mismatchedC.    The pre-shared keys are mismatchedD.    The PFS group are mismatched Answer: C QUESTION 153Event Store is a component of which IPS application? A.    SensorAppB.    InterfaceAppC.    MainAppD.    NotificationAppE.    AuthenticationApp Answer: C QUESTION 154Refer to the exhibit. What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two)   A.    Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the clientB.    Apply an intermediate CA certificate from a trusted authority on the inspection appliance.C.    Download a copy of the private key from the content provider,D.    Update your organizational procedures to instruct users to click "I Understand the Risks" to accept the error and continueE.    Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance Answer: AB QUESTION 155Drag and Drop QuestionDrag each IPv6 extension header on the left into the recommended order for more than one extension header in the same IPv6 packet on the right.   Answer:   QUESTION 156What are two action you can take to protect against DDOS attacks on cisco router and switches?(Choose two) A.    Rate limit SYN packetsB.    Filter the RFC-1918 address spaceC.    configuration IP snoopingD.    implement MAC address filteringE.    Configuration PIM-SM Answer: AB QUESTION 157Which two statements about SOX are true? (Choose two.) A.    SOX is an IEFT compliance procedure for computer systems security.B.    SOX is a US law.C.    SOX is an IEEE compliance procedure for IT management to produce audit reports.D.    SOX is a private organization that provides best practices for financial institution computer systems.E.    Section 404 of SOX is related to IT compliance. Answer: BE QUESTION 158Which two options are disadvantages of MPLS layers 3 VPN services? (Choose two) A.    They requires cooperation with the service provider to implement transport of non-IP traffic.B.    SLAs are not supported by the service provider.C.    It requires customers to implement QoS to manage congestion in the network.D.    Integration between Layers 2 and 3 peering services is not supported.E.    They may be limited by the technology offered by the service provider.F.    They can transport only IPv6 routing traffic. Answer: DE QUESTION 159Which RFC outlines BCP 84? A.    RFC 3704B.    RFC 2827C.    RFC 3030D.    RFC 2267E.    RFC 1918 Answer: A QUESTION 160Which option is a benefit of implementing RFC 2827? A.    prevents DoS from legitimate, non-hostile end systemsB.    prevents disruption of special services such as Mobile IPC.    defeats DoS attacks which employ IP source address spoofingD.    restricts directed broadcasts at the ingress routerE.    allows DHCP or BOOTP packets to reach the relay agents as appropriate Answer: C QUESTION 161Refer to the exhibit. After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?   A.    R2 received a packet with an incorrect area form the loopback1 interfaceB.    OSPFv3 area authentication is missingC.    R1 received a packet with an incorrect area from the FastEthernet0/0 interfaceD.    The SPI and the authentication key are unencryptedE.    The SPI value and the key are the same on both R1 and R2 Answer: C QUESTION 162Which statement about ICMPv6 filtering is true? A.     B.     C.     D.     E.     F.     Answer: B QUESTION 163Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three) A.    Loose mode requires the source address to be present in the routing table.B.    Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.C.    Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.D.    Strict mode requires a default route to be associated with the uplink network interface.E.    Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.F.    Both loose and strict modes are configured globally on the router. Answer: ADEExplanation:http://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html QUESTION 164What protocol does IPv6 Router Advertisement use for its messages? A.    TCPB.    ICMPv6C.    ARPD.    UDP Answer: B QUESTION 165Drag and Drop QuestionDrag each ESP header field on the left into the corresponding field-length category on the right   Answer:   QUESTION 166When TCP intercept is enabled in its default mode, how does it react to a SYN request? A.    It intercepts the SYN before it reaches the server and responds with a SYN-ACKB.    It drops the connectionC.    It monitors the attempted connection and drops it if it fails to establish within 30 secondsD.    It allows the connection without inspectionE.    It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established Answer: AExplanation:The default mode of TCP intercept is active intercept modehttp://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfdenl.html QUESTION 167Refer to the exhibit. What are the two effects of the given configuration? (Choose two)   A.    It permits Time Exceeded messages that indicate the fragment assembly time was exceededB.    It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filteringC.    It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagramD.    It permits Parameter Problem messages that indicate an unrecognized value in the Next Header FiledE.    It permits Parameter Problem messages that indicate an error in the headerF.    It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram Answer: CFExplanation:icmp type 1 code 3 is for address unreachable, icmp 1 code 4 is for port unreachable.http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/22974-icmpv6codes.html QUESTION 168According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4) A.    ISMS PolicyB.    Corrective Action ProcedureC.    IS ProceduresD.    Risk Assessment ReportsE.    Complete Inventory of all information assets Answer: ACDEExplanation:Corrective action report is a required document but not the procedurehttps://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ QUESTION 169Which two statements about ICMP redirect messages are true? (Choose two) A.    By default, configuring HSRP on the interface disables ICMP redirect functionality.B.    They are generated when a packet enters and exits the same router interface.C.    The messages contain an ICMP Type 3 and ICMP code 7.D.    They are generated by the host to inform the router of an alternate route to the destination.E.    Redirects are only punted to the CPU if the packets are also source-routed. Answer: AB QUESTION 170Which two statements about NAT-PT with IPv6 are true? (Choose two) A.    It can be configured as dynamic, static, or PAT.B.    It provides end-to-end security.C.    It supports IPv6 BVI configurations.D.    It provides support for Cisco Express Forwarding.E.    It provides ALG support for ICMP and DNS.F.    The router can be a single point of failure on the network. Answer: AE QUESTION 171Which of the following Cisco IPS signature engine has relatively high memory usage ? A.    The STRING-TCP engineB.    The STRING-UDP engineC.    The NORMALIZER engineD.    The STRING-ICMP engine Answer: AExplanation:String-TCP engine has the highest number of signatures and has higher memory utilizationhttp://www.ndm.net/ips/pdf/cisco/IOS-IPS/white_paper_c11_549300.pdf QUESTION 172Which of the following two options can you configure to avoid iBGP full mesh?(Choose two) A.    BGP NHTB.    route reflectorC.    local preferenceD.    confederationsE.    Virtual peering Answer: BD QUESTION 173Refer to the exhibit, if R1 is acting as a DHCP server, what action can you take to enable the pc to receive an ip address assignment from the DHCP server ?   A.    Configure the IP local pool command on R2B.    Configure DHCP option 150 on R2C.    Configure the IP helper-address command on R2 to use R1's ip addressD.    Configure the IP helper-address command on R1 to use R2's ip addressE.    Configuration DHCP option 82 on R1F.    Configure the ip local pool command on R1 Answer: C QUESTION 174Which two statements about LEAP are true? (Choose two) A.    It is compatible with the PAP and MS-CHAP protocolsB.    It is an ideal protocol for campus networksC.    A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keysD.    It is an open standard based on IETF and IEEE standardsE.    It is compatible with the RADIUS authentication protocolF.    Each encrypted session is authentication by the AD server Answer: EF QUESTION 175Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two) A.    Destination Unreachable-protocol UnreachableB.    Destination Unreachable-port UnreachableC.    Time Exceeded-Time to Live exceeded in TransitD.    Redirect-Redirect Datagram for the HostE.    Time Exceeded-Fragment Reassembly Time ExceededF.    Redirect-Redirect Datagram for the Type of service and Host Answer: BC Suggestion, read 400-251 questions carefully try to understand or guess what they're asking for. Hope everyone passes. 400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDMERESjlYcVlZNWs 2017 Cisco 400-251 exam dumps (All 470 Q&As) from Lead2pass: https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-08-09 09:02:29 Post date GMT: 2017-08-09 09:02:29 Post modified date: 2017-08-09 09:02:29 Post modified date GMT: 2017-08-09 09:02:29 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com