This page was exported from Lead2pass Dumps For Exam With New Updated Exam Questions [ http://www.passit4suredumps.net ] Export date:Sun Sep 15 15:03:23 2019 / +0000 GMT ___________________________________________________ Title: [2017 New] Free Share Of Lead2pass 400-251 VCE And PDF Dumps (26-50) --------------------------------------------------- 2017 July Cisco Official New Released 400-251 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! 400-251 exam questions and answers provided by Lead2pass will guarantee you pass 400-251 exam, because Lead2pass is the top IT Certification study training materials vendor. Many candidates have passed exam with the help of Lead2pass. We offer the latest 400-251 PDF and VCE dumps with new version VCE player for free download, you can pass the exam beyond any doubt. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html QUESTION 26You have been asked to configure a Cisco ASA appliance in multiple mode with these settings: (A) You need two customer contexts, named contextA and contextB(B) Allocate interfaces G0/0 and G0/1 to contextA(C) Allocate interfaces G0/0 and G0/2 to contextB (D) The physical interface name for G0/1 within contextA should be "inside".(E) All other context interfaces must be viewable via their physical interface names. If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?A.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visibleB.    context contextaconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextbconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visibleC.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisibleD.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/1 insidecontext contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2E.    context contextAconfig-url disk0:/contextA.cfgallocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextBconfig-url disk0:/contextB.cfgallocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible Answer: A QUESTION 27Which statement about the cisco anyconnect web security module is true ? A.    It is VPN client software that works over the SSl protocol.B.    It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.C.    It operates as an NAC agent when it is configured with the Anyconnect VPN client.D.    It is deployed on endpoints to route HTTP traffic to SCANsafe Answer: D QUESTION 28Which two statements about the SeND protocol are true? (Choose two) A.    It uses IPsec as a baseline mechanismB.    It supports an autoconfiguration mechanismC.    It must be enabled before you can configure IPv6 addressesD.    It supports numerous custom neighbor discovery messagesE.    It counters neighbor discovery threatsF.    It logs IPv6-related threats to an external log server Answer: BE QUESTION 29Drag and Drop QuestionDrag each attack type on the left to the matching attack category on the right.   Answer:  Explanation:https://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477In a nutshell, these are types of attacks belonging to "Reconnaissance and scanning" category:- ICMP sweep- traceroute- inverse mapping- OS fingerprinting- firewalk And here are types of attacks used in the "Exploits" category:- ICMP route redirect- ICMP informational messages- ICMP router discovery messages- ICMP floods QUESTION 30Refer to the exhibit. You executed the show crypto key mypubkey rsa command to verify that the RSA key is protected and it generated the given output. What command must you have entered to protect the key?   A.    crypto key decrypt rsa name pki.cisco.com passphrase CiscoPKIB.    crypto key zeroize rsa CiscoPKIC.    crypto key export ras pki.cisco.com pem url flash: 3des CiscoPKID.    crypto key lock rsa name pki.cisco.com passphrase CiscoPKIE.    crypto key import rsa pki.cisco.com pem url nvram: CiscoPKI Answer: D QUESTION 31Refer to the exhibit. What is the effect of the given command sequence?   A.    The HTTP server and client will negotiate the cipher suite encryption parameters.B.    The server will accept secure HTTP connections from clients with signed security certificates.C.    The client profile will match the authorization profile defined in the AAA server.D.    The clients are added to the cipher suite's profile.E.    The server will accept secure HTTP connections form clients defined in the AAA server. Answer: B QUESTION 32In ISO 27002, access control code of practice for information Security Management servers which of the following objective? A.    Implement protocol control of user, network and application accessB.    Optimize the audit processC.    Prevent the physical damage of the resourcesD.    Educating employees on security requirements and issues Answer: A QUESTION 33Which two options are differences between a automation and orchestration? (Choose two) A.    Automation is an IT workflow composed of tasks, and orchestration is a technical task.B.    Orchestration is focused on multiple technologies to be integrated together.C.    Orchestration is focused on an end-to-end process or workflowD.    Automation is to be used to replace human intervention.E.    Automation is focused on automating a single or multiple tasks. Answer: CE QUESTION 34What is the first step in performing a risk assessment? A.    Identifying critical services and network vulnerabilities and determining the potential impact of their compromise or failure.B.    Investigating reports of data theft or security breaches and assigning responsibility.C.    Terminating any employee believed to be responsible for compromising security.D.    Evaluating the effectiveness and appropriateness of the organization's current risk-management activities.E.    Establishing a security team to perform forensic examinations of previous known attacks. Answer: A QUESTION 35Which description of a virtual private cloud is true? A.    An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolationB.    An on-demand configurable pool of shared data resources allocated within a private cloud environment, which provides assigned DMZ zonesC.    An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolationD.    An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation Answer: D QUESTION 36On which two protocols is VNC based? (Choose two) A.    RdesktopB.    UDPC.    RFBD.    Terminal Services ClientE.    CoRDF.    TCP Answer: CF QUESTION 37How can the tail drop algorithem support traffic when the queue is filled? A.    It drop older packet with a size of 64 byts or more until queue has more trafficB.    It drop older packet with a size of less than 64 byts until queue has more trafficC.    It drops all new packets until the queue has room for more trafficD.    It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic. Answer: C QUESTION 38Drag and Drop QuestionDrag each step in the cisco PRIST response to incidents and vulnerability involving cisco product on the left into the correct order on the right.   Answer:   QUESTION 39Which two statements about the 3DES encryption protocol are true? (Choose two) A.    It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.B.    Its effective key length is 168 bits.C.    It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.D.    The algorithm is most efficient when it is implemented in software instead of hardware.E.    It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.F.    Its effective key length is 112 bits. Answer: BC QUESTION 40You want to enable users in your company's branch offices to deploy their own access points using WAN link from the central office, but you are unable to a deploy a controller in the branch offices. What lightweight access point wireless mode should you choose? A.    TLS modeB.    H-REAP modeC.    Monitor modeD.    REAP modeE.    Local mode Answer: B QUESTION 41Refer to the exhibit. Which two effect of this configuration are true ? (Choose two)   A.    The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.B.    The Cisco ASA use the cisco directory as the starting point for the user search.C.    The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.D.    The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.E.    The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.F.    The admin user is authenticated against the members of the security.cisco.com group. Answer: AE QUESTION 42Which object table contains information about the clients know to the server in Cisco NHRP MIB implementation? A.    NHRP Cache TableB.    NHRP Client Statistics TableC.    NHRP Purge Request TableD.    NHRP Server NHC Table Answer: D QUESTION 43What is the default communication port used by RSA SDI and ASA ? A.    UDP 500B.    UDP 848C.    UDP 4500D.    UDP 5500 Answer: D QUESTION 44when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ? A.    AuthenticationB.    PassthroughC.    Conditional Web RedirectD.    Splash Page Web RedirectE.    On MAC Filter Failure Answer: E QUESTION 45Refer the exhibit. Which of the following is the correct output of the above executed command?   A.     B.     C.     D.     Answer: C QUESTION 46Which two statement about IPv6 path MTU discovery are true? (Choose two) A.    The discover packets are dropped if there is congestion on the link.B.    the initial path MTU is the same as the MTU of the original node's link layer interfaceC.    It can allow fragmentation when the minimum MTU is blow a configured valueD.    During the discover process the DF bit is set to 1E.    If the source host receiver an ICMPv6 packet too BIG message from a router it reduces its path MTUF.    IF the destination host receives and ICMPv6 packet too Big message from a router it reduces its path MTU Answer: BE QUESTION 47Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true? (Choose two) A.    The maximum path MTU across the GRE tunnel is set to 65534 bytes.B.    If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.C.    The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.D.    It disables PMTUD discovery for tunnel interfaces.E.    The DF bit are copied to the GRE IP header.F.    The minimum path MTU across the GRE tunnel is set to 1476 bytes. Answer: BE QUESTION 48Which option describes the purpose of the RADIUS VAP-ID attribute? A.    It specifies the ACL ID to be matched against the clientB.    It specifies the WLAN ID of the wireless LAN to which the client belongsC.    It sets the minimum bandwidth for the connectionD.    It sets the maximum bandwidth for the connectionE.    It specifies the priority of the clientF.    It identifies the VLAN interface to which the client will be associated Answer: B QUESTION 49You are developing an application to manage the traffic flow of a switch using an OpenDaylight controller. Knowing you use a Northbound REST API ,which statement is true? A.    Different applications, even in different languages, cannot use the same functions in a REST API at same time.B.    The server retains client state recordsC.    We must teach our applications about the Southbound protocol(s) usedD.    The applications are considered to be the clients, and the controller is considered to be the server Answer: D QUESTION 50Which option describes the purpose of Fog architecture in loT? A.    To provide compute services at the network edgeB.    To provide intersensor traffic routingC.    To provide centralized compute resourcesD.    To provide highly available environmentally hardened network access Answer: A Lead2pass is the leader in supplying candidates with current and up-to-date training materials for Cisco certification and exam preparation. Comparing with others, our 400-251 exam questions are more authoritative and complete. We offer the latest 400-251 PDF and VCE dumps with new version VCE player for free download, and the new 400-251 dump ensures your exam 100% pass. 400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM 2017 Cisco 400-251 exam dumps (All 449 Q&As) from Lead2pass: https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-20 09:48:55 Post date GMT: 2017-07-20 09:48:55 Post modified date: 2017-07-20 09:48:55 Post modified date GMT: 2017-07-20 09:48:55 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com