2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
After purchasing the dumps for the 400-251 Exam from Lead2pass, I had no doubt that I’d easily pass the exam. Bundle of thanks to Lead2pass for helping me pass the exam without any troubles.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html
QUESTION 376
Which two statements about 802.1X components are true? (Choose two.)
A. The access layer switch is the policy enforcement point.
B. The certificates that are used in the client-server authentication process are stored on the access switch
C. The RADIUS server is the policy enforcement point.
D. The RADIUS server is the policy information point
E. The RADIUS server is the policy decision point.
F. An LDAP server can serve as the policy enforcement point.
Answer: AE
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01.html
http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-35/101-aaa-part1.html
QUESTION 377
A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server application. What TCP dump filter would be best to verify that traffic is reaching the Linux Server eth0 interface?
A. tcpdump -i eth0host 10.10 7.4 and host 11.0.1 9 and port 8080
B. tcpdump -i eth0host 10.10.7.4 and 11.0.1.9
C. tcpdump -i eth0 dst 110 1.9 and dst port 8080
D. tcpdump -i eth0 src 10 10 7.4 and dst 11.0.1.9 and dst port 8080
Answer: D
QUESTION 378
Within Platform as a Service, which two components are managed by the customer? (Choose two.)
A. Data
B. networking
C. middleware
D. applications
E. operating system
Answer: AD
QUESTION 379
Which two options are important considerations when you use NetFlow to obtain the full picture of network traffic? (Choose two.)
A. It monitors only TCP connections.
B. It monitors only routed traffic.
C. It monitors only ingress traffic on the interface on which it is deployed.
D. It is unable to monitor over time.
E. It monitors all traffic on the interface on which it is deployed.
Answer: BE
QUESTION 380
Which option is a data modeling language use to model configuration and state data of network elements?
A. RESTCONF
B. YANG
C. SNAMPv4
D. NETCONF
Answer: B
QUESTION 381
Which encryption type is used by WSA for implementing the Email Encryption?
A. PKI
B. S/MMIE Encryption
C. Identity Based Encryption (IBE)
D. TLS
E. SSL Encryption
Answer: B
QUESTION 382
Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)
A. User five can execute the show run command.
B. User five can view usernames and passwords.
C. User superuser can change usernames and passwords
D. User superuser can view the configuration
E. User superuser can view usernames and passwords
F. User Cisco can view usernames and passwords
Answer: AD
QUESTION 383
Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three.)
A. sysopt connection tcpmss
B. nve-only
C. default-mcast-group
D. segment-id
E. inspect vxlan
F. set ip next-hop verify-availability
Answer: BCD
QUESTION 384
Which description of SaaS is true?
A. a service offering that allowing developers to build their own applications
B. a service offering on-demand software downloads
C. a service offering a software environment in which applications can be build and deployed
D. a service offering on-demand licensed applications for end users
Answer: D
QUESTION 385
AMP for Endpoints is supported on which of these platforms?
A. Windows , MAC , ANDROID
B. Windows , MAC , LINUX (SuSE , UBUNTU) , , ANDROID
C. Windows , ANDROID , LINUX (SuSE . REDHAT)
D. Windows , ANDROID , LINUX (REDHAT, CentOS) , MAC
Answer: D
QUESTION 386
Which of the following is AMP Endpoints offline engine for windows?
A. ClamAV
B. ClamAMP
C. TETRAAMP
D. TETRA
Answer: D
QUESTION 387
Which two options are unicast address types for IPv6 addressing? (Choose two.)
A. link-local
B. established
C. global
D. dynamic
E. static
Answer: AC
QUESTION 388
Which two statements about MAB are true? (Choose two)
A. It requires the administrator to create and maintain an accurate database of MAC addresses
B. It serves at the primary authentication mechanism when deployed in conjunction with 802.1x.
C. It Operates at Layer 2 and Layer 3 of the OSI protocol stack.
D. It can be used to authenticate network devices and users.
E. MAC addresses stored in the MAB database can be spoofed.
F. It is a strong authentication method.
Answer: AE
QUESTION 389
Which option best describes RPL?
A. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two border routes
B. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves 3nd the root border router.
C. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two toot border routers
D. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the router.
Answer: B
QUESTION 390
Which three statements about 802.1x multiauthentication mode are true? (Choose three )
A. It requires each connected client to authenticate individually
B. Each multi authentication port can support only one voice VI AN
C. It can be deployed in conjunction with MDA functionality on voice VLANs.
D. It is recommended for auth fail VLANs.
E. It is recommended for guest VLANs
F. On non-802.1x devices, it can support only one authentication method on a single port
Answer: ABC
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_2_e/security/configuration_guide/b_sec_1522e_2960x_cg/b_sec_1522e_2960x_cg_chapter_010000.html#ID398
QUESTION 391
In which two situations is web authentication appropriate? (Choose two.)
A. When secure connections to the network are unnecessary.
B. When a fallback authentication method is necessary
C. When devices outside the control of the organization’s IT department are permitted to connect to the network.
D. When WEP encryption must be deployed on a large scale.
E. When 802.1x authentication is required.
Answer: BC
QUESTION 392
Which three EAP protocols are supported in WPA and WPA2? (Choose three.)
A. EAP-PSK
B. EAP-EKE
C. EAP-FAST
D. EAP-AKA
E. EAP-SIM
F. EAP-EEE
Answer: CDE
QUESTION 393
In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router?
A. clustering
B. PIM multicast routing
C. stub multicast routing
D. multicast group concept
Answer: C
QUESTION 394
Which two statements about NetFlow Secure Event Logging on a Cisco ASA are (rue? (Choose two)
A. It tracks configured collectors over TCP.
B. It is supported only in single-context mode.
C. It can export templates through NetFlow.
D. It can be used without collectors.
E. It supports one event type per collector.
F. It can log different event types on the same device to different collectors
Answer: CF
QUESTION 395
Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up. Which reason for the problem is most likely?
A. The lacp system-priority and lacp port-priority values are the same.
B. The Ether Channel requires three ports, and only two are configured.
C. The Ether Channel is disabled.
D. The channel-group modes are mismatched
Answer: D
QUESTION 396
Refer to the exhibit. Which effect of this configuration is true?
A. The downloadable ACL and AV pair ACL are merged after three connection attempts are made to the RADIUS server.
B. The downloadable ACL and AV pair ACL are merged immediately when the RADIUS server is activated.
C. For all users, entries in a downloadable ACL are given priority over entries in an AV pair ACL.
D. The downloadable ACL and the AV pair ACL entries are merged together, one ACE at a time.
E. A downloadable ACL is applied after an AV pair ACL.
Answer: E
QUESTION 397
Which two options are benefits of global ACLs? (Choose two)
A. They only operate on logical interfaces.
B. They are more efficient because they are processed before interface access rules
C. They save memory because they work without being replicated on each interface
D. They can be applied to multiple interfaces.
E. They are flexible because they match source and destination IP addresses for packets that arrive on any interface
Answer: CE
QUESTION 398
Which type of attack uses a large number of spoofed MAC addresses to emulate wireless clients?
A. chopchop attack
B. DoS against an access point
C. authentication-failure attack
D. Airsnarf attack
E. DoS against a client station
F. device-probing attack
Answer: B
QUESTION 399
Which two options are normal functionalities for ICMP? (Choose two.)
A. host detection
B. packet filtering
C. relaying traffic statistics to applications
D. path MTU discovery
E. port scanning
F. router discovery
Answer: AD
QUESTION 400
Which three statements about PKI on Cisco IOS Software are true? (Choose three.)
A. OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.
B. The match certificate and allow expired-certificate commands are ignored unless the router clock is set.
C. If a certificate-based ACL specifies more than one field, any one successful field-to-value fest is treated as a match.
D. OCSP enables a PKI to use a CRL without time limitations.
E. Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.
F. Different OCSP servers can be configured for different groups of client certificates .
Answer: AEF
I understood all of the 400-251 questions very easily. I scored 96% on my first try. I am definitely going to spread the dump among friends and colleagues. Keep up the great work.
400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8
2017 Cisco 400-251 exam dumps (All 636 Q&As) from Lead2pass:
https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]