[2017-New]Cisco 400-251 Exam Dumps VCE PDF Free Download in Braindump2go[Q116-Q130]

2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now!

2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!

1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Written Exam Questions & Answers:
http://www.braindump2go.com/400-251.html

 

QUESTION 116
A server with Ip address 209.165.202.150 is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface.
User on the internet need to access the server at any time but the firewall administrator does not want to apply NAT to the address of the server because it is currently a public address, which three of the following command can be used to accomplish this? (Choose three)

A.    static (inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.2″
B.    nat (inside) 1 209.165.202.150 255.255.255.255
C.    no nat-control
D.    nat (inside) 0 209.16S.202.150 255.255.255.255
E.    static (outside.insid) 209.165.202.150 209.165.202.150 netmask 255.255.255.255
F.    access-tist no-nat permit ip host 209.165.202.150 any nat (inside) 0 access-list no-nat

Answer: ADF

QUESTION 117
Which three statements about RLDP are true? (Choose three)

A.    It can detect rogue Aps that use WPA encryption
B.    It detects rogue access points that are connected to the wired network
C.    The AP is unable to serve clients while the RLDP process is active
D.    It can detect rogue APs operating only on 5 GHz
E.    Active Rogue Containment can be initiated manually against rogue devices detected on the wired network
F.    It can detect rogue APs that use WEP encryption

Answer: ABD

QUESTION 118
Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

A.    Network translation mode
B.    Single-context routed mode
C.    Multiple-context mode
D.    Transparent mode

Answer: B

QUESTION 119
Refer to the exhibit. A signature failed to compile and returned the given error messages.
What is a possible reason for the problem?
 

A.    The signature belongs to the IOS IPS Basic category.
B.    The signature belongs to the IOS IPS Advanced category.
C.    There is insufficient memory to compile the signature.
D.    The signature is retired.
E.    Additional signature must be complied during the compiling process.

Answer: C

QUESTION 120
Which command sequence can you enter to enable IP multicast for WCCPv2?

A.    Router(config)#ip wccp web-cache service-list
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
B.    Router(config)#ip wccp web-cache group-list
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
C.    Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache redirect in
D.    Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
E.    Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache redirect out

Answer: D

QUESTION 121
The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA.
What command can you use to block all current and future connections from the infected host?

A.    ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4
B.    shun 10.10.10.4 168.65.201.120 6000 80
C.    ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120
D.    ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4
E.    shun 168.65.201.120 10.10.10.4 6000 80

Answer: C

QUESTION 122
IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)

A.    with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.
B.    Ikev2 perform TCP intercept on all secure connections
C.    IKEv2 only allows symmetric keys for peer authentication
D.    IKEv2 interoperates with IKEv1 to increase security in IKEv1
E.    IKEv2 only allows certificates for peer authentication
F.    An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie

Answer: AF

QUESTION 123
Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN controller? (Choose five)

A.    MAC address range
B.    MAC address range number of clients it has
C.    open authentication
D.    whether it matches a user-configured SSID
E.    whether it operates on an authorized channel
F.    minimum RSSI
G.    time of day the rogue operates
H.    Whether it matches a managed AP SSID

Answer: BCDFH

QUESTION 124
Which two statement about the DES algorithm are true?(Choose two)

A.    It uses a 64-bit key block size and its effective key length is 65 bits
B.    It uses a 64-bits key block size and its effective key length is 56 bits
C.    It is a stream cripher that can be used with any size input
D.    It is more efficient in software implements than hardware implementations.
E.    It is vulnerable to differential and linear cryptanalysis
F.    It is resistant to square attacks

Answer: BE

QUESTION 125
Which three types of addresses can the Botnet Traffic Filter feature of the Cisco ASA monitor? (Choose three)
 
 

A.    Ambiguous addresses
B.    Known malware addresses
C.    Listed addresses
D.    Dynamic addresses
E.    Internal addresses
F.    Known allowed addresses

Answer: ABF

QUESTION 126
Which Three statement about cisco IPS manager express are true? (Choose three)

A.    It provides a customizable view of events statistics.
B.    It Can provision policies based on risk rating.
C.    It Can provision policies based on signatures.
D.    It Can provision policies based on IP addresses and ports.
E.    It uses vulnerability-focused signature to protect against zero-day attacks.
F.    It supports up to 10 sensors.

Answer: ABF

QUESTION 127
In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?

A.    On MAC Filter Failure
B.    Pass through
C.    Splash Page Web Redirect
D.    Conditional Web Redirect
E.    Authentication

Answer: A

QUESTION 128
Drag and Drop Question
Drag and drop each syslog facility code on the left onto its description on the right.
 
Answer:
 

QUESTION 129
Refer to the exhibit. What is the effect of the given configuration?
 

A.    It reset and logs FTP connection to all sites except cisco.com and hp.com.
B.    FTP connections are unaffected.
C.    It resets FTP connection to all sites except cisco.com and hp.com.
D.    It resets and logs FTP connection to cisco.com and hp.com only.
E.    It resets FPT connection to cisco.com and hp.com only

Answer: A

QUESTION 130
What port has IANA assigned to the GDOI protocol ?

A.    UDP 4500
B.    UDP 1812a
C.    UDP 500
D.    UDP 848

Answer: D


!!! RECOMMEND!!!

1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Study Guide Video:

https://youtu.be/GSXnXKIh834

         

Categories 400-251 Dumps/400-251 Exam Questions/400-251 PDF Dumps/400-251 VCE Dumps/Cisco Exam

Post Author: mavis

Categories

Archives

Cisco Exam Dumps Download

200-301 PDF and VCE Dumps

200-901 PDF and VCE Dumps

350-901 PDF and VCE Dumps

300-910 PDF and VCE Dumps

300-915 PDF and VCE Dumps

300-920 PDF and VCE Dumps

350-401 PDF and VCE Dumps

300-410 PDF and VCE Dumps

300-415 PDF and VCE Dumps

300-420 PDF and VCE Dumps

300-425 PDF and VCE Dumps

300-430 PDF and VCE Dumps

300-435 PDF and VCE Dumps

350-401 PDF and VCE Dumps

350-401 PDF and VCE Dumps

350-801 PDF and VCE Dumps

300-810 PDF and VCE Dumps

300-815 PDF and VCE Dumps

300-820 PDF and VCE Dumps

300-835 PDF and VCE Dumps

350-801 PDF and VCE Dumps

200-201 PDF and VCE Dumps

350-601 PDF and VCE Dumps

300-610 PDF and VCE Dumps

300-615 PDF and VCE Dumps

300-620 PDF and VCE Dumps

300-625 PDF and VCE Dumps

300-635 PDF and VCE Dumps

600-660 PDF and VCE Dumps

350-601 PDF and VCE Dumps

352-001 PDF and VCE Dumps

350-701 PDF and VCE Dumps

300-710 PDF and VCE Dumps

300-715 PDF and VCE Dumps

300-720 PDF and VCE Dumps

300-725 PDF and VCE Dumps

300-730 PDF and VCE Dumps

300-735 PDF and VCE Dumps

350-701 PDF and VCE Dumps

350-501 PDF and VCE Dumps

300-510 PDF and VCE Dumps

300-515 PDF and VCE Dumps

300-535 PDF and VCE Dumps

350-501 PDF and VCE Dumps

010-151 PDF and VCE Dumps

100-490 PDF and VCE Dumps

810-440 PDF and VCE Dumps

820-445 PDF and VCE Dumps

840-450 PDF and VCE Dumps

820-605 PDF and VCE Dumps

700-805 PDF and VCE Dumps

700-070 PDF and VCE Dumps

600-455 PDF and VCE Dumps

600-460 PDF and VCE Dumps

500-173 PDF and VCE Dumps

500-174 PDF and VCE Dumps

200-401 PDF and VCE Dumps

644-906 PDF and VCE Dumps

600-211 PDF and VCE Dumps

600-212 PDF and VCE Dumps

600-210 PDF and VCE Dumps

600-212 PDF and VCE Dumps

700-680 PDF and VCE Dumps

500-275 PDF and VCE Dumps

500-285 PDF and VCE Dumps

600-455 PDF and VCE Dumps

600-460 PDF and VCE Dumps

Microsoft Exams Will Be Retired

AZ-103(retiring August 31, 2020)

AZ-203(retiring August 31, 2020)

AZ-300(retiring August 31, 2020)

AZ-301(retiring August 31, 2020)

77-419(retiring June 30, 2020)

70-333(retiring January 31, 2021)

70-334(retiring January 31, 2021)

70-339(retiring January 31, 2021)

70-345(retiring January 31, 2021)

70-357(retiring January 31, 2021)

70-410(retiring January 31, 2021)

70-411(retiring January 31, 2021)

70-412(retiring January 31, 2021)

70-413(retiring January 31, 2021)

70-414(retiring January 31, 2021)

70-417(retiring January 31, 2021)

70-461(retiring January 31, 2021)

70-462(retiring January 31, 2021)

70-463(retiring January 31, 2021)

70-464(retiring January 31, 2021)

70-465(retiring January 31, 2021)

70-466(retiring January 31, 2021)

70-467(retiring January 31, 2021)

70-480(retiring January 31, 2021)

70-483(retiring January 31, 2021)

70-486(retiring January 31, 2021)

70-487(retiring January 31, 2021)

70-537(retiring January 31, 2021)

70-705(retiring January 31, 2021)

70-740(retiring January 31, 2021)

70-741(retiring January 31, 2021)

70-742(retiring January 31, 2021)

70-743(retiring January 31, 2021)

70-744(retiring January 31, 2021)

70-745(retiring January 31, 2021)

70-761(retiring January 31, 2021)

70-762(retiring January 31, 2021)

70-764(retiring January 31, 2021)

70-765(retiring January 31, 2021)

70-767(retiring January 31, 2021)

70-768(retiring January 31, 2021)

70-777(retiring January 31, 2021)

70-778(retiring January 31, 2021)

70-779(retiring January 31, 2021)

MB2-716(retiring January 31, 2021)

MB6-894(retiring January 31, 2021)

MB6-897(retiring January 31, 2021)

MB6-898(retiring January 31, 2021)