[Full Version] Free 400-251 Exam Dumps With PDF And VCE Download (161-180)
2017 February Cisco Official New Released 400-251 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass provides 100% pass 400-251 exam questions and answers for your Cisco 400-251 exam. We provide Cisco 400-251 exam questions from Lead2pass dumps and answers for the training of 400-251 practice test.
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/400-251.html
QUESTION 161
Refer to the exhibit. After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish.
What is a possible reason for the problem?
A. R2 received a packet with an incorrect area form the loopback1 interface
B. OSPFv3 area authentication is missing
C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface
D. The SPI and the authentication key are unencrypted
E. The SPI value and the key are the same on both R1 and R2
Answer: C
QUESTION 162
Which statement about ICMPv6 filtering is true?
Answer: B
QUESTION 163
Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)
A. Loose mode requires the source address to be present in the routing table.
B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.
C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.
D. Strict mode requires a default route to be associated with the uplink network interface.
E. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.
F. Both loose and strict modes are configured globally on the router.
Answer: ACE
QUESTION 164
What protocol does IPv6 Router Advertisement use for its messages?
A. TCP
B. ICMPv6
C. ARP
D. UDP
Answer: B
QUESTION 165
Drag and Drop Question
Drag each ESP header field on the left into the corresponding field-length category on the right
Answer:
QUESTION 166
When TCP intercept is enabled in its default mode, how does it react to a SYN request?
A. It intercepts the SYN before it reaches the server and responds with a SYN-ACK
B. It drops the connection
C. It monitors the attempted connection and drops it if it fails to establish within 30 seconds
D. It allows the connection without inspection
E. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established
Answer: E
QUESTION 167
Refer to the exhibit. What are the two effects of the given configuration? (Choose two)
A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded
B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering
C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagram
D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed
E. It permits Parameter Problem messages that indicate an error in the header
F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram
Answer:
QUESTION 168
According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Answer: ABCD
QUESTION 169
Which two statements about ICMP redirect messages are true? (Choose two)
A. By default, configuring HSRP on the interface disables ICMP redirect functionality.
B. They are generated when a packet enters and exits the same router interface.
C. The messages contain an ICMP Type 3 and ICMP code 7.
D. They are generated by the host to inform the router of an alternate route to the destination.
E. Redirects are only punted to the CPU if the packets are also source-routed.
Answer: AB
QUESTION 170
Which two statements about NAT-PT with IPv6 are true? (Choose two)
A. It can be configured as dynamic, static, or PAT.
B. It provides end-to-end security.
C. It supports IPv6 BVI configurations.
D. It provides support for Cisco Express Forwarding.
E. It provides ALG support for ICMP and DNS.
F. The router can be a single point of failure on the network.
Answer: AE
QUESTION 171
Which of the following Cisco IPS signature engine has relatively high memory usage ?
A. The STRING-TCP engine
B. The STRING-UDP engine
C. The NORMALIZER engine
D. The STRING-ICMP engine
Answer: C
QUESTION 172
Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)
A. BGP NHT
B. route reflector
C. local preference
D. confederations
E. Virtual peering
Answer: BD
QUESTION 173
Refer to the exhibit, if R1 is acting as a DHCP server, what action can you take to enable the pc to receive an ip address assignment from the DHCP server ?
A. Configure the IP local pool command on R2
B. Configure DHCP option 150 on R2
C. Configure the IP helper-address command on R2 to use R1’s ip address
D. Configure the IP helper-address command on R1 to use R2’s ip address
E. Configuration DHCP option 82 on R1
F. Configure the ip local pool command on R1
Answer: C
QUESTION 174
Which two statements about LEAP are true? (Choose two)
A. It is compatible with the PAP and MS-CHAP protocols
B. It is an ideal protocol for campus networks
C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys
D. It is an open standard based on IETF and IEEE standards
E. It is compatible with the RADIUS authentication protocol
F. Each encrypted session is authentication by the AD server
Answer: EF
QUESTION 175
Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: BC
QUESTION 176
What are the three response types for SCEP enrollment requests? (Choose three.)
A. PKCS#7
B. Reject
C. Pending
D. PKCS#10
E. Success
F. Renewal
Answer: BCE
QUESTION 177
Refer to the exhibit. What is the configuration design to prevent?
A. Man in the Middle Attacks
B. Dynamic payload inspection
C. Backdoor control channels for infected hosts
D. DNS Inspection
Answer: D
QUESTION 178
Which three statements about the Cisco IPS sensor are true? (Choose three.)
A. You cannot pair a VLAN with itself.
B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.
C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
D. The order in which you specify the VLANs in a inline pair is significant.
E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.
Answer: ACE
Explanation:
Inline VLAN Interface Pairs
You cannot pair a VLAN with itself.
For a given sensing interface, a VLAN can be a member of only one inline VLAN pair. However, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
The order in which you specify the VLANs in an inline VLAN pair is not significant. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.
QUESTION 179
Which command sets the Key-length for the IPv6 send protocol?
A. IPv6 nd ns-interval
B. Ipv6 ndra-interval
C. IPv6 nd prefix
D. IPv6 nd inspection
E. IPv6 nd secured
Answer: E
QUESTION 180
Which two statement about MSDP ate true? (Choose three)
A. It can connect to PIM-SM and PIM-DM domains
B. It announces multicast sources from a group
C. The DR sends source data to the rendezvous point only at the time the source becomes active
D. It can connect only to PIM-DM domains
E. It registers multicast sources with the rendezvous point of a domain
F. It allows domains to discover multicast sources in the same or different domains.
Answer: BEF
Lead2pass is the leader in 400-251 certification test questions with training materials for Cisco 400-251 exam dumps. Lead2pass Cisco training tools are constantly being revised and updated. We 100% guarantee Cisco 400-251 exam questions with quality and reliability which will help you pass Cisco 400-251 exam.
400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM
2017 Cisco 400-251 exam dumps (All 336 Q&As) from Lead2pass:
http://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]