[Lead2pass New] Free Download Of Lead2pass 400-251 Real Exam Questions (351-375)
2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass is now offering Lead2pass 400-251 dumps PDF and Test Engine with 100% passing guarantee. Buy Lead2pass 400-251 PDF and pass your exam easily. If you want real exam simulation then buy test engine and install on your pc for preparation.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html
QUESTION 351
Which effect of the ip nhrp map multicast dynamic command is true?
A. It configures a hub router to automatically add spoke routers to the multicast replication list of the hub
B. It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs.
C. it enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel
D. It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface
Answer: A
QUESTION 352
Which statement about VRF-aware GDOI group members is true?
A. IPsec is used only to secure data traffic.
B. The GM cannot route control traffic through the same VRF as data traffic
C. Multiple VRFs are used to separate control traffic and data traffic
D. Registration traffic and rekey traffic must operate on different VRFs
Answer: C
QUESTION 353
Refer to the exhibit. Which data format is used in this script?
A. API
B. JavaScript
C. JSON
D. YANG
E. XML
Answer: E
QUESTION 354
Which two statements about Cisco URL Filtering on Cisco IOS Software are true? (Choose two )
A. It supports Websense and N2H2 filtering at the same time.
B. It supports local URL lists and third-party URL filtering servers,
C. By default, it uses ports 80 and 22.
D. It supports HTTP and HTTPS traffic.
E. By default, it allows all URLs when the connection to the filtering server is down.
F. It requires minimal CPU time
Answer: BD
QUESTION 355
Which two options are benefits of the Cisco ASA transparent firewall mode? (Choose two )
A. It can establish routing adjacencies.
B. It can perform dynamic routing.
C. It can be added to an existing network without significant reconfiguration
D. It supports extended ACLs to allow Layer 3 traffic to pass from higher to lower security interfaces
E. It provides SSL VPN support.
Answer: CD
QUESTION 356
How does Scavenger-class QoS mitigate DoS and worm attacks?
A. It monitors normal traffic flow and drops burst traffic above the normal rate for a single host
B. It matches traffic; from individual hosts against the specific network characteristics of known attack types
C. It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is detected
D. It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from multiple hosts
Answer: D
QUESTION 357
Refer to the exhibit. What are two effects of the given configuration? (Choose two)
A. TCP connections will be completed only to TCP ports from 1 to 1024
B. FTP clients will be able to determine the server’s system type
C. The client must always send the PASV reply
D. The connection will remain open if the size of the STOR command is greater than a fixed constant
E. The connection will remain open if the PASV reply command includes 5 commas
Answer: BE
QUESTION 358
Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three.)
A. DTLS can fall back to TLS without enabling dead peer detection.
B. By default, the VPN connection connects with DTLS.
C. Real-time application performance improves if DTLS is implemented.
D. Cisco AnyConnect connections use IKEv2 by default when it is configured as the primary protocol on the client
E. By default, the ASA uses the Cisco AnyConnect Essentials license.
F. The ASA will verify the remote HTTPS certificate
Answer: CDE
QUESTION 359
Which two statements about the Cisco AnyConnect VPN Client are true? (Choose two.)
A. To improve security, keepalives are disabled by default.
B. It can be configured to download automatically without prompting the user
C. It can use an SSL tunnel and a DTLS tunnel simultaneously
D. By default, DTLS connections can fall back to TLS.
E. It enables users to manage their own profiles.
Answer: BC
QUESTION 360
What are the two different modes in which Private AMP cloud can be deployed? (Choose two)
A. Air Gap Mode
B. External Mode
C. Internal Mode
D. Public Mode
E. Cloud Mode
F. Proxy Mode
Answer: AE
QUESTION 361
Refer to the exhibit. What are two functionalities of this configuration (Choose two.)
A. Traffic will not be able to pass on gigabitEthernet 0/1
B. The ingress command is used for an IDS to send a reset on vlan 3 only
C. The source interface should always be a VLAN
D. The encapsulation command is used to do deep scan on dot1q encapsulated traffic
E. Traffic will only be sent to gigabitEthernet 0/20
Answer: BE
QUESTION 362
You are considering using RSPAN to capture traffic between several switches.
Which two configuration aspects do you need to consider? (Choose two.)
A. The RSPAN VLAN need to be blocked on all trunk interfaces leading to the destination RSPAN switch
B. Not all switches need to support RSPAN for it to work
C. The RSPAN VLAN need to be allow on all trunk interfaces leading to the destination RSPAN switch
D. All distribution switches need to support RSPAN
E. All switches need to be running the same IOS version
Answer: CD
QUESTION 363
Which two statements about the TTL value in an IPv4 header are true? (Choose two )
A. It is a 4-bit value.
B. It can be used for traceroute operations.
C. When it reaches 0, the router sends an ICMP Type 11 message to the originator.
D. Its maximum value is 128.
E. It is a 16-bit value.
Answer: BC
QUESTION 364
Which three ESMTP extensions are supported by the Cisco ASA (Choose three.)
A. NOOP
B. PIPELINING
C. SAML
D. 8BITMIME
E. STARTTLS
F. ATRN
Answer: ACE
Explanation:
http://www.cisco.com/c/en/us/about/security-center/intelligence/asa-esmtp-starttls.html
ESMTP application inspection adds support for extended SMTP commands, including AUTH, EHLO, ETRN, HELP, SAML, SEND, SOML, STARTTLS, and VRFY. Along with the support for seven RFC 821 commands (DATA, HELO, MAIL, NOOP, QUIT, RCPT, and RSET), the ASA supports a total of 15 SMTP commands. Other extended SMTP commands, such as ATRN, ONEX, VERB, and CHUNKING, and private extensions are not supported.
QUESTION 365
Refer to the exhibit. For which type of user is this downloadable ACL appropriate?
A. management
B. employees
C. guest users
D. network administrators
E. onsite contractors
Answer: C
QUESTION 366
Refer to the exhibit Which effect of this configuration is true?
A. If the RADIUS server is unreachable, SSH users cannot authenticate.
B. All commands are validated by the RADIUS server before the device executes them.
C. Only SSH users are authenticated against the RADIUS server.
D. Users must be in the RADIUS server to access the serial console
E. Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS server
Answer: E
QUESTION 367
Refer to the exhibit Which two effects of this configuration are true? (Choose two)
A. If the TACACS+ server is unreachable, the switch places hosts on critical ports in VLAN 50
B. If the authentication priority is changed, the order in which authentication is performed also changes.
C. If multiple hosts have authenticated to the same port, each can be in their own assigned VLAN
D. The port attempts 802.1x authentication first, and then falls back to MAC authentication bypass
E. The device allows multiple authenticated sessions for a single MAC address in the voice domain.
F. The switch periodically sends an EAP-ldentity-Request to the endpoint supplicant
Answer: AD
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html
QUESTION 368
In OpenStack, which two statements about the NOVA component are true? (Choose two.)
A. It launches virtual machine instances.
B. It provides the authentication and authorization services
C. It tracks cloud usage statistics for billing purposes.
D. It is considered the cloud computing fabric controller.
E. It provides persistent block storage to running instances of virtual machines.
Answer: AD
QUESTION 369
Which three authorization technologies does Cisco TrustSec Support? (Choose Three.)
A. 802.1x
B. SGACL
C. DACL
D. MAB
E. MAB
F. SGT
G. VLAN
Answer: CFG
QUESTION 370
Refer to the exhibit. What is the maximum number site-to-site VPNs allow by this configuration?
A. 0
B. 1
C. 10
D. 5
E. 15
F. unlimited
Answer: E
QUESTION 371
Which three messages are part of the SSL protocol? (Choose three.)
A. Alert
B. Handshake
C. Record
D. CipherSpec
E. Message Authentication
F. Change CipherSpec
Answer: ABF
QUESTION 372
Which two statements about SPAN sessions are true? (Choose two.)
A. Local SPAN and RSPAN can be mixed in the same session.
B. They can monitor sent and received packets in the same session
C. Source ports and source VLANs can be mixed in the same session
D. They can be configured on ports in the disabled state before enabling the port
E. A single switch stack can support up to 32 source and RSPAN destination sessions
F. Multiple SPAN sessions can use the same destination port.
Answer: BD
QUESTION 373
When TCP Intercept is enabled in its default mode, how does it react to a SYN request?
A. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established.
B. It drops the connection.
C. It monitors the attempted connection and drops it if it fails to establish within 30 seconds
D. It allows the connection without inspection
E. It intercepts the SYN before it reaches the server and responds with a SYN-ACK
Answer: E
QUESTION 374
Which OpenStack project has orchestration capabilities?
A. Cinder
B. Heat
C. Horizon
D. Sahara
Answer: B
QUESTION 375
Which three options are fields in CoA RequestResponse code packet? (Choose Three.)
A. state
B. acct-session-ID
C. length
D. authenticator
E. calling-station-ID
F. identifier
Answer: CDF
Explanation:
https://tools.ietf.org/html/rfc5176#page-6
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html#GUID-9213431A-2EF0-4750-888F-88116227182D
Now we are one step ahead in providing updated real exam dumps for 400-251. We provide 100% 400-251 exam passing guarantee as we will provide you same questions of 400-251 exam with their answers. Our Cisco 400-251 new questions are verified by experts.
400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8
2017 Cisco 400-251 exam dumps (All 636 Q&As) from Lead2pass:
https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]