400-251 Dumps 400-251 Exam Questions 400-251 New Questions 400-251 PDF 400-251 VCE Cisco

[Full Version] 100% Valid Lead2pass Cisco 400-251 New Questions Free Version (61-80)

2017 February Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass 400-251 braindumps including the exam questions and the answer, completed by our senior IT lecturers and the Cisco product experts, include the current newest 400-251 exam questions.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/400-251.html

QUESTION 61
Which command can you enter on the Cisco ASA to disable SSH?

A.    Crypto key generate ecdsa label
B.    Crypto key generate rsa usage-keys noconfirm
C.    Crypto keys generate rsa general-keys modulus 768
D.    Crypto keys generate ecdsa noconfirm
E.    Crypto keys zeroize rsa noconfirm

Answer: E

QUESTION 62
Which one of the foiling Cisco ASA adapts security appliance rule samples will send HTTP data to the AIP-SSM module to evaluate and stop HTTP attacks?

A.621
B.622
C.623
D.624

Answer: D

QUESTION 63
Why is the IPv6 type 0 routing header vulnerable to attack?

A.    It allows the receiver of a packet to control its flow.
B.    It allows the sender to generate multiple NDP requests for each packet.
C.    It allows the sender of a packet to control its flow.
D.    It allows the sender to generate multiple ARP requests for each packet.
E.    It allows the receiver of a packet to modify the source IP address.

Answer: C

QUESTION 64
What context-based access control (CBAC. command sets the maximum time that a router running Cisco IOS Will wait for a new TCP session to reach the established state?

A.    IP inspect max-incomplete
B.    IP inspect tcp finwait-time
C.    Ip inspect udp idle-time
D.    Ip inspect tcpsynwait-time
E.    Ip inspect tcp idle-time

Answer: D

QUESTION 65
Which three statements about Cisco Flexible NetFlow are true? (Choose three.)

A.    The packet information used to create flows is not configurable by the user.
B.    It supports IPv4 and IPv6 packet fields.
C.    It tracks all fields of an IPv4 header as well as sections of the data payload.
D.    It uses two types of flow cache, normal and permanent.
E.    It can be a useful tool in monitoring the network for attacks.

Answer: BCE

QUESTION 66
What are the two most common methods that security auditors use to assess an organization’s security processes? (Choose two)

A.    social engineering attempts
B.    interviews
C.    policy assessment
D.    penetration testing
E.    document review
F.    physical observations

Answer: AE

QUESTION 67
On Which encryption algorithm is CCMP based?

A.    IDEA
B.    BLOWFISH
C.    RCS
D.    3DES
E.    AES

Answer: E

QUESTION 68
By defaults which amount of time does the ASA add to the TTL value of a DNS entry to determine the amount of time a DNS entry is valid?

A.    60 seconds
B.    30 seconds
C.    0 second
D.    180 seconds
E.    120 seconds
F.    100 seconds

Answer: A

QUESTION 69
Drag and Drop Question
Drag and drop the desktop-security terms from the left onto their right definitions on the right.

691

Answer:

692

QUESTION 70
What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?

A.    merge rule tool
B.    policy simplification tool
C.    rule grouping tool
D.    object group tool
E.    combine rule tool

Answer: E

QUESTION 71
Refer to the exhibit. Which statement about the effect of this configuration is true?

711

A.    reply protection is disable
B.    It prevent man-in-the-middle attacks
C.    The replay window size is set to infinity
D.    Out-of-order frames are dropped

Answer: D

QUESTION 72
when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?

A.    0 to 65535
B.    1 to 1024
C.    0 to 4,294,967,295
D.    1 to 65535
E.    1 to 4,294,967,295
F.    0 to 1024

Answer: C

QUESTION 73
What port has IANA assigned to the GDOI protocol?

A.    UDP 4500
B.    UDP 500
C.    UDP 1812
D.    UDP 848

Answer: D

QUESTION 74
Drag and Drop Question
Drag each Cisco TrustSec feature on the left to its description on the right.

741

Answer:

742

QUESTION 75
Which statement is true about SYN cookies?

A.    The state is kept on the server machine TCP stack
B.    A system has to check every incoming ACK against state tables
C.    NO state is kept on the server machine state but is embedded in the initial sequence number
D.    SYN cookies do not help to protect against SYN flood attacks

Answer: C

QUESTION 76
Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication.
Which statement about eBGP peering between the routers could be true?

761

A.    eBGP peering will fail because ASA is transit lacks BGP support.
B.    eBGP peering will be successful.
C.    eBGP peering will fail because the two routers must be directly connected to allow peering.
D.    eBGP peering will fail because of the TCP random sequence number feature.

Answer:

QUESTION 77
What is the maximum pattern length supported by FPM searches within a packet ?

A.    256 bytes
B.    1500 bytes
C.    512 bytes
D.    128 bytes

Answer: A

QUESTION 78
Refer to the exhibit. What are three effect of the given firewall configuration? (Choose three.)

781

A.    The firewall allows Echo Request packets from any source to pass server.
B.    The firewall allows time Exceeded error messages from any source to pass to the server.
C.    PCs outside the firewall are unable to communicate with the server over HTTP
D.    The firewall allows Echo Reply packets from any source to pass to the server.
E.    The firewall allows Destination Unreachable error messages from any source to pass to the server.
F.    The firewall allows Packet too big error messages from any source to pass to the server.

Answer: ADF

QUESTION 79
Refer to the exhibit Flexible NetFlow is failing to export flow records from RouterA to your flow collector.
What action can you take to allow the IPv6 flow records to be sent to the collect?

791

A.    Set the NetFlow export protocol to v5
B.    Configure the output-features command for the IPV4-EXPORTER
C.    Add the ipv6 cef command to the configuration
D.    Remove the ip cef command from the configuration
E.    Create a new flow exporter with an IPv6 destination and apply it to the flow monitor

Answer: D

QUESTION 80
Drag and Drop Question
Drag each type of spoofing attack on the left to an action you can take to prevent it on the right

801

Answer:

802

If you use Lead2pass braindump as your 400-251 exam prepare material, we guarantee your success in the first attempt. Lead2pass 400-251 dump provides you everything you will need to take your 400-251 Exam.

400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM

2017 Cisco 400-251 exam dumps (All 336 Q&As) from Lead2pass:

http://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]