This page was exported from 100% Pass IT Exam By Training Lead2pass New VCE And PDF Dumps [ http://www.passit4suredumps.com ] Export date:Thu Oct 17 1:30:18 2019 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Free Lead2pass Cisco 400-251 Dumps VCE Download (301-325) --------------------------------------------------- 2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! As a professional IT exam study material provider, Lead2pass gives you more than just 400-251 exam questions and answers. We provide our customers with the most accurate study material about the 400-251 exam and the guarantee of pass. We assist you to prepare for 400-251 certification which is regarded valuable the IT sector. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html QUESTION 301Which of the following two statements apply to EAP-FAST? (Choose two.) A.    EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.B.    EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.C.    EAP-FAST provides protection from authentication forging and packet forgery (replay attack).D.    EAP-FAST is a client/client security architecture.Answer: AC QUESTION 302On an ASA firewall in multiple context mode running version8.X.What is the default number of VPN site-to site tunnels per context? A.    0 sessionsB.    2 sessionsC.    1 sessionsD.    4 sessions Answer: AExplanation:VPN support fpr multiple contexts came with ASA software version 9.x QUESTION 303Which two statements about WPA 2 in enterprise mode are true? (Choose two) A.    TKIP generates a MCI to provide data integrity for the wireless frame.B.    The PMK is generated dynamically by the servers and passed to the access point.C.    802.1x authentication is performed in the second of two authentication phases.D.    It is commonly used in home environments as well as enterprises.E.    802.1x authentication is performed in the first of two authentication phases.F.    Session keys can be shared with multiple clients. Answer: BE QUESTION 304Drag and Drop QuestionDrag and drop the description on the left onto the associated items on the right.   Answer:   QUESTION 305Which two statement about the Cisco ASA in a transparent-mode deployment are true? (Choose two) A.    It block all ARP packets by default.B.    It supports QoS.C.    It supports iBGP.D.    It can act as a DHCP server.E.    It performs a MAC address look to forward traffic f) It performs a route lookup to forward traffic. Answer: DE QUESTION 306What functionality does SXP provide to enhance security? A.    It supports secure communication between cisco ironport Cisco and Microsoft Exchange.B.    It supports Cisco's trustsec solution by transporting information over network that are unable to support SGT propagation.C.    It support secure communications between cisco ironport and cloud-based email servers.D.    It support cisco's trustsec implementation on virtual machines. Answer: B QUESTION 307Drag each IPSec term on the left to the definition on the right.   Answer:   QUESTION 308Which two statements about the RC4 algorithm are true? (Choose two.) A.    The RC4 algorithm is an asymmetric key algorithm.B.    The RC4 algorithm is a symmetric key algorithm.C.    The RC4 algorithm is slower in computation than DES.D.    The RC4 algorithm is used with wireless encryption protocols.E.    The RC4 algorithm uses fixed-length keys. Answer: BD QUESTION 309Which two statement about PVLAN port types are true? (Choose two) A.    A community port can send traffic to community port in other communities on its broadcast domain.B.    An isolated port can send and receive traffic only to and from promiscuous ports.C.    An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.D.    A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.E.    A community port can send traffic to promiscuous port in other communities on its broadcast domain.F.    A Promiscuous port can send traffic to all ports within a broadcast domain. Answer: BF QUESTION 310Which three of these are security properties that TLS v1.2 provides?(Choose three)? A.    AvailabilityB.    integrityC.    non-repudiationD.    authenticationE.    authorizationF.    confidentiality Answer: BDF QUESTION 311Refer to the exhibit. Which statement about this debug output is true?   A.    It was generated by a LAN controller when it responded to a join request from an access pointB.    It was generated by a LAN controller when it generated a join request to an access pointC.    It was generated by an access point when it sent a join reply message to a LAN controllerD.    It was generated by an access point when it received a join request message from a LAN controller Answer: A QUESTION 312Drag and Drop QuestionDrag each ISE probe on the left to the matching statement on the right.   Answer:   QUESTION 313What is an example of a WEP cracking attack ? A.    SQL injection attackB.    Cafe latte attackC.    directory traversal attackD.    Reflected XSS attack Answer: B QUESTION 314Which three options are methods of load-balancing data in an ASA cluster environment?(Choose three) A.    HSRPB.    spanned EtherChannelC.    distance-vector routingD.    PBRE.    floating static routesF.    ECMP Answer: BDF QUESTION 315You have configured a DMVPN hub and spoke a follows (assume the IPsec profile "dmvpnprofile" is configured correctly):   With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these? A.    Modify the tunnel keys to match on the hub and spokeB.    Configure the ipnhrp cache non-authoritative command on the hub's tunnel interfaceC.    Modify the NHRP hold times to match on the hub and spokeD.    Modify the NHRP network IDs to match on the hub and spoke Answer: AExplanation:http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nhrp/configuration/xe-16/nhrp-xe-16-book/config-nhrp.html QUESTION 316Which two types of DNS attacks are associated with DoS and DDoS attacks?(Choose Two) A.    DNS reflection attacksB.    Resource utilization attacksC.    DNS open resolver attackD.    DNS cache poisoning attacksE.    DNS amplification attacks Answer: DEExplanation:http://www.cisco.com/c/en/us/about/security-center/guide-ddos-defense.html#13The question itself is confusing and ambiguous though as normally whatever is DoS that can be easily DDoS (distributed DoS). According to this Cisco guide “Resource utilization attack” is still on the list of possible attacks on DNShttp://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html QUESTION 317What are three features that are enabled by generating Change of Authorization (CoA) requests in a push model? (Choose three.) A.    session terminationB.    host reauthenticationC.    session identificationD.    MAC identificationE.    session reauthenticationF.    host termination Answer: ABCExplanation:http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html QUESTION 318Which of the following are OSPFv3 authentication options? (choose two) A.    AHB.    ESPC.    MD5D.    SHAE.    IPF.    GRE Answer: AB QUESTION 319Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.) A.    mismatch area typesB.    mismatch of subnet masksC.    mismatch of network typesD.    mismatch of authentication typesE.    mismatch of instance IDs Answer: CDExplanation:https://supportforums.cisco.com/document/98581/troubleshooting-ospfv3-neighbor-adjacencies QUESTION 320Which of the following are true regarding same security level interface inter-traffic communication on a Cisco ASA? (Choose three) A.    ASA support 101 security levels and more than 101 interfaces (include sub-interface)B.    ASA canassign different interfaces to the same security levelC.    by default, same security level port inter-traffic is not allowedD.    ASA should activate inter-interface communication by default Answer: ABC QUESTION 321Which three statements about RLDP are true? (Choose three) A.    It can detect rogue Aps that use WPA encryptionB.    It detects rogue access points that are connected to the wired networkC.    The AP is unable to s^jrve clients while the RLDP process is activeD.    Active Rogue Containment can be initiated manually against rogue devices detected the wired networkE.     It can detect rogue APs that use WEP encryption Answer: BCD QUESTION 322Refer to the exhibit. Which statement about the effect of this configuration is true?   A.    It prevents man-in-the-middle attacks.B.    Replay protection is disabled.C.    Out-of-order frames are dropped.D.    The replay window size is set to infinity. Answer: C QUESTION 323All of these are available from cisco IPS Manager (cisco IDM) except which one? A.    Top SignaturesB.    Sensor InformationC.    Interface StatusD.    Global Correlation ReportsE.    CPU Memory and Load Answer: A QUESTION 324Which statement regarding the routing function of the Cisco ASA is true? A.    the ASA supports policy-based routing with route mapsB.    The translation table can override the routing table for new connectionsC.    In a failover paire of ASAs, thestanby firewall establishes a peer relationship with OSPF neighborsD.    Routes to the Null0 interface can be configured to black-hole traffic Answer: B QUESTION 325What is an RFC 2827 recommendation for protecting your network against Dos attack with IP address spoofing? A.    Browser based application should be filtered on the source to protect your network from known advertised prefixesB.    Advertiseonly assigned global IP address to the internetC.    Use ingress filtering to limit traffic from downstream network to known advertised prefixesD.    Use the TLS protocol to secure the network against eavesdropping Answer: C Lead2pass.com has been the world leader in providing online training solutions for 400-251 Certification. You use our training materials that have been rigorously tested by international experts. 400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8 2017 Cisco 400-251 exam dumps (All 636 Q&As) from Lead2pass: https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-10-25 03:31:17 Post date GMT: 2017-10-25 03:31:17 Post modified date: 2017-10-25 03:31:17 Post modified date GMT: 2017-10-25 03:31:17 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com