[Full Version] 2017 New 400-251 Exam PDF Ensure 400-251 Certification Exam Pass 100% (221-240)

2017 February Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Our PDF dumps of 400-251 exam is designed to ensure everything which you need to pass your exam successfully. At Lead2pass, we have a completely customer oriented policy. We invite the professionals who have rich experience and expert knowledge of the IT certification industry to guarantee the PDF details precisely and logically. Our customers’ time is a precious concern for us. This requires us to provide you the products that can be utilized most efficiently.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/400-251.html

QUESTION 221
Which two statements about header attacks are true?(Choose two)

A.    An attacker can use IPv6 Next Header attacks to steal user data and launch phishing attacks.
B.    An attacker can use HTTP Header attacks to launch a DoS attack.
C.    An attacker can execute a spoofing attack by populating the RH0 routing header subtype with multiple destination addresses.
D.    An attacker can leverage an HTTP response header to write malicious cookies.
E.    An attacker can leverage an HTTP response header to inject malicious code into an application layer.
F.    An attacker can use vulnerabilities in the IPv6 routing header to launch attacks at the application layer.

Answer: BC

QUESTION 222
Refer to the exhibit. Routers R1, R2, and R3 have IPv6 reachability, and R1 and R3 are able to ping each other with the IPv6 global unicast address.
However, R1 and R3 are unable to ping each other with their link-local addresses.
What is a possible reason for the problem?

2221

A.    Link-local addresses can communicate with neighboring interfaces.
B.    Link-local addresses are forwarded by IPv6 routers using loopback interfaces.
C.    Link-local addresses can be used only with a physical interface’s local network.
D.    Multicast must be enabled to allow link-local addresses to traverse multiple hops.

Answer: C

QUESTION 223
What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?

A.    It configures the interface to fragment packets on connections with MTUs of 1024 or greater
B.    It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets
C.    It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes
D.    It configures the interface to fragment packets on connections with MTUs of 1024 or less
E.    It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes

Answer: E

QUESTION 224
Which Two statement about the PCoIP protocol are true? (Choose two)

A.    It support both loss and lossless compression
B.    It is a client-rendered, multicast-codec protocol.
C.    It is available in both software and hardware.
D.    It is a TCP-based protocol.
E.    It uses a variety of codec to support different operating system.

Answer: AC

QUESTION 225
Drag and Drop Question
Drag the step in the SCEP workflow on the left into the correct order of operation on the right.

2251

Answer:

2252

QUESTION 226
What are the two technologies that support AFT? (Choose two)

A.    NAT-PT
B.    SNAT
C.    NAT64
D.    DNAT
E.    NAT-PMP
F.    NAT-6to4

Answer: AC

QUESTION 227
According to RFC 2577, Which two options describe drawbacks of the FTP protocol? (Choose two)

A.    If access to the FTP server is restricted by network address, the server still is susceptible to spoofing attacks.
B.    Servers that apply connection limits to protect against brute force attacks are vulnerable to DoS attacks
C.    It is susceptible to man-m-the-middle attacks
D.    An attacker can validate user names if the 331 response is in use.
E.    It is susceptible to bounce attacks on port 1024

Answer: DE

QUESTION 228
Refer to the exhibit. Which two effects of this configuration are true? (Choose two)

2281

A.    The BGP neighbor session tears down after R1 receives 100 prefixes from the neighbor 1.1.1.1
B.    The BGP neighbor session between R1 and R2 re-establishes after 50 minutes
C.    A warning message is displayed on R2 after it receives 50 prefixes
D.    A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1
E.    The BGP neighbor session tears down after R1 receives 200 prefixes from neighbor 2.2.2.2
F.    The BGP neighbor session between R1 and R2 re-establishes after 100 minutes

Answer: DE

QUESTION 229
Drag and Drop Question
Drag and drop the DNS record types from the left to the matching descriptions to the right

2291

Answer:

2292

QUESTION 230
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A.    The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B.    The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C.    The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D.    The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.

Answer: CD

QUESTION 231
Which two statement about DTLS are true ? (Choose two)

A.    Unlike TLS,DTLS support VPN connection with ASA.
B.    It is more secure that TLS.
C.    When DPD is enabled DTLS connection can automatically fall back to TLS.
D.    It overcomes the latency and bandwidth problem that can with SSL.
E.    IT come reduce packet delays and improve application performance.
F.    It support SSL VPNs without requiring an SSL tunnel.

Answer: CD

QUESTION 232
NWhich two statements about the ISO are true? (Choose two.

A.    The ISO is a government-based organization.
B.    The ISO has three membership categories: Member, Correspondent, and Subscribers.
C.    Subscriber members are individual organizations.
D.    Only member bodies have voting rights.
E.    Correspondent bodies are small countries with their own standards organization.

Answer: BD
Explanation:
Member bodies are national bodies considered the most representative standards body in each country. These are the only members of ISO that have voting rights.

QUESTION 233
Drag and Drop Question
Drag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the right.

2331

Answer:

2332

QUESTION 234
Drag and Drop Question
Drag and drop the role on the left onto their responsibility in the change-management process on the right

2341

Answer:

2342

QUESTION 235
Refer to the exhibit, which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?

2351

A.    _65509.?$
B.    _65503$
C.    ^65503.*
D.    ^65503$
E.    _65503_
F.    65503

Answer: C

QUESTION 236
Which two commands would enable secure logging on Cisco ASA to a syslog server at 10.0.0.1? (Choose two)

A.    logging host inside 10.0.0.1 TCP/1500 secure
B.    logging host inside 10.0.0.1 UDP/514 secure
C.    logging host inside 10.0.0.1 TCP/1470 secure
D.    logging host inside 10.0.0.1 UDP/500 secure
E.    logging host inside 10.0.0.1 UDP/447 secure

Answer: AC

QUESTION 237
What feature enables extended secure access from non-secure physical location?

A.    Port security
B.    Strom control
C.    NEAT
D.    CBAC
E.    802 1x pot-based authentication

Answer: C

QUESTION 238
Which of the following best describes Chain of Evidence in the context of security forensics?

A.    Evidence is locked down, but not necessarily authenticated.
B.    Evidence is controlled and accounted for to maintain its authenticity and integrity.
C.    The general whereabouts of evidence is known.
D.    Someone knows where the evidence is and can say who had it if it is not logged.

Answer: B

QUESTION 239
What are three ways you can enforce a BCP38 policy on an internet edge policy?(choose three)

A.    Avoid RFC1918 internet addressing.
B.    Implement Cisco Express Forwarding.
C.    Implement Unicast RPF.
D.    Apply ingress filters for RFC1918 addresses.
E.    Apply ingress ACL filters for BOGON routes.
F.    Implement source NAT.

Answer: BCE

QUESTION 240
Which three addresses are special uses as defined in RFC 5735? (Choose three.)

A.    171.10.0.0/24
B.    0.0.0.0/8
C.    203.0.113.0/24
D.    192.80.90.0/24
E.    172.16.0.0/12
F.    198.50.100.0/24

Answer: BCE

If you want to get more 400-251 exam preparation material, you can download the free 400-251 braindumps in PDF files on Lead2pass. It would be great helpful for your exam. All the 400-251 dumps are updated and cover every aspect of the examination. Welcome to choose.

400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM

2017 Cisco 400-251 exam dumps (All 336 Q&As) from Lead2pass:

http://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]

You may also like