[2017 New] Lead2pass 2017 100% Real 400-251 Exam Questions (226-250)
2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
I have studied the 400-251 study guide and all questions were very authentic. I passed my 400-251 exam with good grades. I am very happy now. I will definitely back for more exams dumps. I settled well in my career with the help of Lead2pass.com. Thank also guys Hurry!!!!
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html
QUESTION 226
What are the two technologies that support AFT? (Choose two)
A. NAT-PT
B. SNAT
C. NAT64
D. DNAT
E. NAT-PMP
F. NAT-6to4
Answer: AC
QUESTION 227
According to RFC 2577, Which two options describe drawbacks of the FTP protocol? (Choose two)
A. If access to the FTP server is restricted by network address, the server still is susceptible to spoofing attacks.
B. Servers that apply connection limits to protect against brute force attacks are vulnerable to DoS attacks
C. It is susceptible to man-m-the-middle attacks
D. An attacker can validate user names if the 331 response is in use.
E. It is susceptible to bounce attacks on port 1024
Answer: BD
Explanation:
According to this RFC:
To avoid such bounce attacks, it is suggested that servers not open data connections to TCP ports less than 1024. If a server receives a PORT command containing a TCP port number less than 1024, the suggested response is 504 (defined as “Command not implemented for that parameter” by [PR85]).
http://www.jscape.com/blog/bid/95157/Protecting-FTP-Passwords-from-Brute-Force-Attacks
QUESTION 228
Refer to the exhibit. Which two effects of this configuration are true? (Choose two)
A. The BGP neighbor session tears down after R1 receives 100 prefixes from the neighbor 1.1.1.1
B. The BGP neighbor session between R1 and R2 re-establishes after 50 minutes
C. A warning message is displayed on R2 after it receives 50 prefixes
D. A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1
E. The BGP neighbor session tears down after R1 receives 200 prefixes from neighbor 2.2.2.2
F. The BGP neighbor session between R1 and R2 re-establishes after 100 minutes
Answer: DE
QUESTION 229
Drag and Drop Question
Drag and drop the DNS record types from the left to the matching descriptions to the right
Answer:
QUESTION 230
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)
A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.
Answer: CD
QUESTION 231
Which two statement about DTLS are true ? (Choose two)
A. Unlike TLS,DTLS support VPN connection with ASA.
B. It is more secure that TLS.
C. When DPD is enabled DTLS connection can automatically fall back to TLS.
D. It overcomes the latency and bandwidth problem that can with SSL.
E. IT come reduce packet delays and improve application performance.
F. It support SSL VPNs without requiring an SSL tunnel.
Answer: CD
Explanation:
There’s something wrong with the question itself because out of 6 options given three are correct, namely C,D and E.
Check out this Cisco document
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html
“Configuring DTLS” section states:
– Using DTLS avoids latency and bandwidth problems associated with SSL connections
– improves the performance of real-time applications that are sensitive to packet delays
– In order for DTLS to fall back to a TLS connection, Dead Peer Detection (DPD) must be enabled
QUESTION 232
NWhich two statements about the ISO are true? (Choose two.
A. The ISO is a government-based organization.
B. The ISO has three membership categories: Member, Correspondent, and Subscribers.
C. Subscriber members are individual organizations.
D. Only member bodies have voting rights.
E. Correspondent bodies are small countries with their own standards organization.
Answer: BD
Explanation:
Member bodies are national bodies considered the most representative standards body in each country. These are the only members of ISO that have voting rights.
QUESTION 233
Drag and Drop Question
Drag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the right.
Answer:
QUESTION 234
Drag and Drop Question
Drag and drop the role on the left onto their responsibility in the change-management process on the right
Answer:
QUESTION 235
Refer to the exhibit, which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?
A. _65509.?$
B. _65503$
C. ^65503.*
D. ^65503$
E. _65503_
F. 65503
Answer: D
Explanation:
The regex is formed with starting ^ and trailing $ to filter only one specific AS number.
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13754-26.html
QUESTION 236
Which two commands would enable secure logging on Cisco ASA to a syslog server at 10.0.0.1? (Choose two)
A. logging host inside 10.0.0.1 TCP/1500 secure
B. logging host inside 10.0.0.1 UDP/514 secure
C. logging host inside 10.0.0.1 TCP/1470 secure
D. logging host inside 10.0.0.1 UDP/500 secure
E. logging host inside 10.0.0.1 UDP/447 secure
Answer: AC
QUESTION 237
What feature enables extended secure access from non-secure physical location?
A. Port security
B. Strom control
C. NEAT
D. CBAC
E. 802 1x pot-based authentication
Answer: C
QUESTION 238
Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Answer: B
QUESTION 239
What are three ways you can enforce a BCP38 policy on an internet edge policy?(choose three)
A. Avoid RFC1918 internet addressing.
B. Implement Cisco Express Forwarding.
C. Implement Unicast RPF.
D. Apply ingress filters for RFC1918 addresses.
E. Apply ingress ACL filters for BOGON routes.
F. Implement source NAT.
Answer: CDE
Explanation:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap6.html
QUESTION 240
Which three addresses are special uses as defined in RFC 5735? (Choose three.)
A. 171.10.0.0/24
B. 0.0.0.0/8
C. 203.0.113.0/24
D. 192.80.90.0/24
E. 172.16.0.0/12
F. 198.50.100.0/24
Answer: BCE
QUESTION 241
Which Cisco product solution is designed for workload mobility between public-public and private-public clouds?
A. Cisco Cloud Orchestrator
B. Cisco Unified Cloud
C. Cisco Intercloud Fabric
D. Cisco Metapod
Answer: C
QUESTION 242
Refer to the exhibit. What protocol format is illustrated?
A. GR
B. AH
C. ESP
D. IP
Answer: B
QUESTION 243
What are two features that help to mitigate man-in-the-middle attacks?(Choose two)
A. dynamic ARP inspection
B. ARP sniffing on specific ports
C. destination MAC ACLs
D. ARP spoofing
E. DHCP snooping
Answer: AE
QUESTION 244
What is the purpose of the vulnerability risk method for assessing risk?
A. It directs the actions an organization can take in response to a reported vulnerability
B. It evaluates the effectiveness and appropriateness of an organization’s current risk management activities
C. It directs the actions an organization can take to ensure perimeter security
D. It prevents and protects against security vulnerabilities in an organization
E. It establishes a security team to perform forensic examinations of known attacks
Answer: A
Explanation:
http://www.cisco.com/c/en/us/about/security-center/vulnerability-risk-triage.html
QUESTION 245
Which three IP resources is the IANA responsible? (Choose three.)
A. IP address allocation
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Answer: ADE
QUESTION 246
Which Statement about remote procedure calls is true?
A. They support synchronous and asynchronous requests.
B. They can emulate different hardware specifications on a single platform.
C. They support optimized data replication among multiple machines.
D. They use a special assembly instruction set to process remote code without conflicting with other remote processes.
E. They can be invoked by the client and the server.
Answer: D
QUESTION 247
You have configured an authenticator switch in access mode on a network configured with NEAT.
What RADIUS attribute must the ISE sever return to change the switch’s port mode to trunk?
A. device-traffic-class=switch
B. device-traffic-class=trunk
C. Framed-protocol=1
D. EAP-message=switch
E. Acct-Authentic=RADIUS
F. Authenticate=Administrative
Answer: A
QUESTION 248
Which statement about ISO/IEC 27001 is true?
A. ISO/IEC 27001 is only intended to report security breaches to the management authority.
B. ISO/IEC 27001 was reviewed by the International Organization for Standardization.
C. ISO/IEC 27001 is intend to bring information security under management control.
D. ISO/IEC 27001 was reviewed by the International Electrotechnical Commission.
E. ISO/IEC 27001 was published by ISO/IEC
Answer: C
QUESTION 249
Drag and Drop Question
Drag and drop ESP header field on the left to the appropriate field length on the right.
Answer:
QUESTION 250
Which object table contains information about the clients know to the server in Cisco NHRP MIB implementaion?
A. NHRP Server NHC Table
B. NHRP Client Statistics Table
C. NHRP Cache Table
D. NHRP Purge Request Table
Answer: A
All the 400-251 exam questions are 100% verified by their experts team. So there is no chances of errors. So you can prepare your 400-251 exam without any hesitation.
400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDMERESjlYcVlZNWs
2017 Cisco 400-251 exam dumps (All 470 Q&As) from Lead2pass:
https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]