400-251 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 400-251 Dumps with VCE and PDF 141-150

August 12, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 141 – (Topic 2)

What are two method of preventing DoS attacks on your network? (Choose two)

  1. Increase the ICMP Unreachable massage rate limit interval.

  2. Implement shaping on the perimeter router.

  3. Disable the ICMP Unreachable response on the loopback and Null0 interfaces

  4. Decrees the ICMP Unreachable massage interval

  5. Implement CWBQ on the perimeter router

Answer: A,E

Question No: 142 – (Topic 2)

Which feature can prevent IP spoofing attacks?

  1. CoPP

  2. CBAC

  3. ARP spoofing

  4. TCP Intercept

  5. Unicast RPF

  6. CAR

Answer: E

Question No: 143 – (Topic 2)

Ensurepass 2018 PDF and VCE

Refer to the exhibit Flexible NetFlow is failing to export flow records from RouterA to your

flow collector. What action can you take to allow the IPv6 flow records to be sent to the colle

  1. Set the NetFlow export protocol to v5

  2. Configure the output-features command for the IPV4-EXPORTER

  3. Add the ipv6 cef command to the configuration

  4. Remove the ip cef command from the configuration

  5. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor

Answer: D

Question No: 144 – (Topic 2)

Which three statements are true regarding Security Group Tags? (Choose three.)

  1. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.

  2. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.

  3. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.

  4. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and

    WebAuth methods of authentication.

  5. A Security Group Tag is a variable length string that is returned as an authorization result.

Answer: A,C,D

Question No: 145 – (Topic 2)

Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)

  1. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any

    interface FastEthernet0/0

    ipv6 traffic-filter Deny_Loose_Source_Routing in

  2. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility -type bind-refresh Permit ipv6 any any

    Interface FastEthernet/0 Ipv6 tr

    Affic-filter Deny_Loose_Source_Routing in

  3. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0

    Permit ipv6 any any Interface FastEthernet0/0

    Ipv6 traffic -filter Deny_Loose_Routing in

  4. Ipv6 access -list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing -type 0

    Deny ipv6 any any routing -type 0 Permit ipv6 any any

    Interface FastEthernet t0/0

    Ipv6 traffic -filter Deny_Loose_Source_Routing in

  5. Ipv6 access -list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing -type 0 log-input

Sequence 2 permit ipv6 any any flow -label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in

Answer: C,D

Question No: 146 – (Topic 2)

What IOS feature can prevent header attacks by using packet-header information to classify traffic?

  1. CAR

  2. FPM

  3. TOS

  4. LLQ

  5. TTL

Answer: B

Question No: 147 – (Topic 2)

Which two statement about PVLAN port types are true? (Choose two)

  1. A community port can send traffic to community port in other communities on its broadcast domain.

  2. An isolated port can send and receive traffic only to and from promiscuous ports.

  3. An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.

  4. A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.

  5. A community port can send traffic to promiscuous port in other communities on its broadcast domain.

  6. A Promiscuous port can send traffic to all ports within a broadcast domain.

Answer: B,F

Question No: 148 – (Topic 2)

What command can you use to protect a router from TCP SYN-flooding attacks?

  1. ip igmp snooping

  2. rate-limit input lt;bpsgt;lt;burst-normalgt;lt;Burst-maxgt;

  3. ip tcp intercept list lt;access-listgt;

  4. ip dns spoofing lt;ip-addressgt;

  5. police lt;bpsgt;

Answer: C

Question No: 149 – (Topic 2)

Which two certificate enrollment methods can be completed without an RA and require no direct connection to a CA by the end entity? (Choose two.)

  1. SCEP

  2. TFTP

  3. manual cut and paste

  4. enrollment profile with direct HTTP

  5. PKCS#12 import/export

Answer: C,E

Question No: 150 – (Topic 2)

Which two statements about SGT Exchange Protocol are true? (Choose two)

  1. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform

    SGT tagging at Layer 2 to devices that support it

  2. SXP runs on UDP port 64999

  3. A connection is established between a “listener” and a “speaker”

  4. SXP is only supported across two hops

  5. SXPv2 introduces connection security via TLS

Answer: A,C

100% Ensurepass Free Download!
400-251 PDF
100% Ensurepass Free Guaranteed!
400-251 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No