2017 July Cisco Official New Released 400-251 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
400-251 exam questions and answers provided by Lead2pass will guarantee you pass 400-251 exam, because Lead2pass is the top IT Certification study training materials vendor. Many candidates have passed exam with the help of Lead2pass. We offer the latest 400-251 PDF and VCE dumps with new version VCE player for free download, you can pass the exam beyond any doubt.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html
QUESTION 26
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB
(B) Allocate interfaces G0/0 and G0/1 to contextA
(C) Allocate interfaces G0/0 and G0/2 to contextB
(D) The physical interface name for G0/1 within contextA should be “inside”.
(E) All other context interfaces must be viewable via their physical interface names.
If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?
A. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
B. context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
C. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/2 invisible
D. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/2
E. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible
allocate-interface GigabitEthernet0/2 visible
Answer: A
QUESTION 27
Which statement about the cisco anyconnect web security module is true ?
A. It is VPN client software that works over the SSl protocol.
B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.
C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.
D. It is deployed on endpoints to route HTTP traffic to SCANsafe
Answer: D
QUESTION 28
Which two statements about the SeND protocol are true? (Choose two)
A. It uses IPsec as a baseline mechanism
B. It supports an autoconfiguration mechanism
C. It must be enabled before you can configure IPv6 addresses
D. It supports numerous custom neighbor discovery messages
E. It counters neighbor discovery threats
F. It logs IPv6-related threats to an external log server
Answer: BE
QUESTION 29
Drag and Drop Question
Drag each attack type on the left to the matching attack category on the right.
Answer:
Explanation:
https://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477
In a nutshell, these are types of attacks belonging to “Reconnaissance and scanning” category:
– ICMP sweep
– traceroute
– inverse mapping
– OS fingerprinting
– firewalk
And here are types of attacks used in the “Exploits” category:
– ICMP route redirect
– ICMP informational messages
– ICMP router discovery messages
– ICMP floods
QUESTION 30
Refer to the exhibit. You executed the show crypto key mypubkey rsa command to verify that the RSA key is protected and it generated the given output.
What command must you have entered to protect the key?
A. crypto key decrypt rsa name pki.cisco.com passphrase CiscoPKI
B. crypto key zeroize rsa CiscoPKI
C. crypto key export ras pki.cisco.com pem url flash: 3des CiscoPKI
D. crypto key lock rsa name pki.cisco.com passphrase CiscoPKI
E. crypto key import rsa pki.cisco.com pem url nvram: CiscoPKI
Answer: D
QUESTION 31
Refer to the exhibit. What is the effect of the given command sequence?
A. The HTTP server and client will negotiate the cipher suite encryption parameters.
B. The server will accept secure HTTP connections from clients with signed security certificates.
C. The client profile will match the authorization profile defined in the AAA server.
D. The clients are added to the cipher suite’s profile.
E. The server will accept secure HTTP connections form clients defined in the AAA server.
Answer: B
QUESTION 32
In ISO 27002, access control code of practice for information Security Management servers which of the following objective?
A. Implement protocol control of user, network and application access
B. Optimize the audit process
C. Prevent the physical damage of the resources
D. Educating employees on security requirements and issues
Answer: A
QUESTION 33
Which two options are differences between a automation and orchestration? (Choose two)
A. Automation is an IT workflow composed of tasks, and orchestration is a technical task.
B. Orchestration is focused on multiple technologies to be integrated together.
C. Orchestration is focused on an end-to-end process or workflow
D. Automation is to be used to replace human intervention.
E. Automation is focused on automating a single or multiple tasks.
Answer: CE
QUESTION 34
What is the first step in performing a risk assessment?
A. Identifying critical services and network vulnerabilities and determining the potential impact of their compromise or failure.
B. Investigating reports of data theft or security breaches and assigning responsibility.
C. Terminating any employee believed to be responsible for compromising security.
D. Evaluating the effectiveness and appropriateness of the organization’s current risk-management activities.
E. Establishing a security team to perform forensic examinations of previous known attacks.
Answer: A
QUESTION 35
Which description of a virtual private cloud is true?
A. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation
B. An on-demand configurable pool of shared data resources allocated within a private cloud environment, which provides assigned DMZ zones
C. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation
D. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation
Answer: D
QUESTION 36
On which two protocols is VNC based? (Choose two)
A. Rdesktop
B. UDP
C. RFB
D. Terminal Services Client
E. CoRD
F. TCP
Answer: CF
QUESTION 37
How can the tail drop algorithem support traffic when the queue is filled?
A. It drop older packet with a size of 64 byts or more until queue has more traffic
B. It drop older packet with a size of less than 64 byts until queue has more traffic
C. It drops all new packets until the queue has room for more traffic
D. It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic.
Answer: C
QUESTION 38
Drag and Drop Question
Drag each step in the cisco PRIST response to incidents and vulnerability involving cisco product on the left into the correct order on the right.
Answer:
QUESTION 39
Which two statements about the 3DES encryption protocol are true? (Choose two)
A. It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.
B. Its effective key length is 168 bits.
C. It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.
D. The algorithm is most efficient when it is implemented in software instead of hardware.
E. It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.
F. Its effective key length is 112 bits.
Answer: BC
QUESTION 40
You want to enable users in your company’s branch offices to deploy their own access points using WAN link from the central office, but you are unable to a deploy a controller in the branch offices. What lightweight access point wireless mode should you choose?
A. TLS mode
B. H-REAP mode
C. Monitor mode
D. REAP mode
E. Local mode
Answer: B
QUESTION 41
Refer to the exhibit. Which two effect of this configuration are true ? (Choose two)
A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.
B. The Cisco ASA use the cisco directory as the starting point for the user search.
C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.
D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.
E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.
F. The admin user is authenticated against the members of the security.cisco.com group.
Answer: AE
QUESTION 42
Which object table contains information about the clients know to the server in Cisco NHRP MIB implementation?
A. NHRP Cache Table
B. NHRP Client Statistics Table
C. NHRP Purge Request Table
D. NHRP Server NHC Table
Answer: D
QUESTION 43
What is the default communication port used by RSA SDI and ASA ?
A. UDP 500
B. UDP 848
C. UDP 4500
D. UDP 5500
Answer: D
QUESTION 44
when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?
A. Authentication
B. Passthrough
C. Conditional Web Redirect
D. Splash Page Web Redirect
E. On MAC Filter Failure
Answer: E
QUESTION 45
Refer the exhibit. Which of the following is the correct output of the above executed command?
A.
B.
C.
D.
Answer: C
QUESTION 46
Which two statement about IPv6 path MTU discovery are true? (Choose two)
A. The discover packets are dropped if there is congestion on the link.
B. the initial path MTU is the same as the MTU of the original node’s link layer interface
C. It can allow fragmentation when the minimum MTU is blow a configured value
D. During the discover process the DF bit is set to 1
E. If the source host receiver an ICMPv6 packet too BIG message from a router it reduces its path MTU
F. IF the destination host receives and ICMPv6 packet too Big message from a router it reduces its path MTU
Answer: BE
QUESTION 47
Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true? (Choose two)
A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.
B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.
C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.
D. It disables PMTUD discovery for tunnel interfaces.
E. The DF bit are copied to the GRE IP header.
F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.
Answer: BE
QUESTION 48
Which option describes the purpose of the RADIUS VAP-ID attribute?
A. It specifies the ACL ID to be matched against the client
B. It specifies the WLAN ID of the wireless LAN to which the client belongs
C. It sets the minimum bandwidth for the connection
D. It sets the maximum bandwidth for the connection
E. It specifies the priority of the client
F. It identifies the VLAN interface to which the client will be associated
Answer: B
QUESTION 49
You are developing an application to manage the traffic flow of a switch using an OpenDaylight controller.
Knowing you use a Northbound REST API ,which statement is true?
A. Different applications, even in different languages, cannot use the same functions in a REST API at same time.
B. The server retains client state records
C. We must teach our applications about the Southbound protocol(s) used
D. The applications are considered to be the clients, and the controller is considered to be the server
Answer: D
QUESTION 50
Which option describes the purpose of Fog architecture in loT?
A. To provide compute services at the network edge
B. To provide intersensor traffic routing
C. To provide centralized compute resources
D. To provide highly available environmentally hardened network access
Answer: A
Lead2pass is the leader in supplying candidates with current and up-to-date training materials for Cisco certification and exam preparation. Comparing with others, our 400-251 exam questions are more authoritative and complete. We offer the latest 400-251 PDF and VCE dumps with new version VCE player for free download, and the new 400-251 dump ensures your exam 100% pass.
400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM
2017 Cisco 400-251 exam dumps (All 449 Q&As) from Lead2pass:
https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]