Pass CCNA CCNP CCIE Exams Free Real Practice Questions and Answers

Uncategorized

[Free] 2018(Aug) Ensurepass Cisco 400-251 Dumps with VCE and PDF 151-160

August 12, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 151 – (Topic 2)

Ensurepass 2018 PDF and VCE

  1. Modify the tunnel keys to match on the hub and spoke

  2. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

  3. Modify the NHRP hold times to match on the hub and spoke

  4. Modify the NHRP network IDs to match on the hub and spoke

Answer: A

Question No: 152 DRAG DROP – (Topic 2)

Drag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.

Question No: 153 – (Topic 2)

Which two statements about RFC 2827 are true? (Choose two.)

  1. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.

  2. A corresponding practice is documented by the IEFT in BCP 38.

  3. RFC 2827 defines ingress packet filtering for the multihomed network.

  4. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.

  5. A corresponding practice is documented by the IEFT in BCP 84.

Answer: B,D

Question No: 154 – (Topic 2)

A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?

  1. LDP

  2. VXLAN

  3. VRF

  4. Extended VLAN ranges

Answer: B

Question No: 155 – (Topic 2)

Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?

  1. extKeyUsage

  2. nameConstrainsts

  3. id-pe-ipAddrBlocks

  4. Id-pe-autonomousSysldsE. Ia-ad-calssuers

  5. keyUsage

Answer: B

Question No: 156 – (Topic 2)

Ensurepass 2018 PDF and VCE

Refer to the exhibit. Which effect of this Cisco ASA policy map is true?

  1. The Cisco ASA is unable to examine the TLS session.

  2. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.

  3. it prevents a STARTTLS session from being established.

  4. The Cisco ASA logs SMTP sessions in clear text.

Answer: B

Question No: 157 – (Topic 2)

Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)

  1. Loose mode requires the source address to be present in the routing table.

  2. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.

  3. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.

  4. Strict mode requires a default route to be associated with the uplink network interface.

  5. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.

  6. Both loose and strict modes are configured globally on the router.

Answer: A,C,E

Question No: 158 – (Topic 2)

Ensurepass 2018 PDF and VCE

Refer to the exhibit, which effect of this configuration is true?

  1. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes

  2. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes

  3. The maximum size of TCP SYN ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

  4. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

  5. The minimum size of TCP SYN ACL packets passing the router is set to 1452 bytes

and the IP MTU of the interface is set to 1492 bytes

Answer: D

Question No: 159 – (Topic 2)

Which two value must you configure on the cisco ASA firewall to support FQDN ACL ? (Choose two)

  1. A DNS server

  2. A Service policy

  3. An FQDN object

  4. A Class map

  5. A services object

  6. A policy map

Answer: A,C

Question No: 160 – (Topic 2)

Which three IP resources is the IANA responsible? (Choose three.)

  1. IP address allocation

  2. detection of spoofed address

  3. criminal prosecution of hackers

  4. autonomous system number allocation

  5. root zone management in DNS

  6. BGP protocol vulnerabilities

Answer: A,D,E

100% Ensurepass Free Download!
400-251 PDF
100% Ensurepass Free Guaranteed!
400-251 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

braindumps Cisco 400-251 PDF Cisco 400-251 Practice Test Cisco 400-251 Testing software Cisco 400-251 VCE dumpsleader examcollection Latest Cisco 400-251 Dumps Latest Cisco 400-251 Real Exam Latest Cisco 400-251 Real Test New Updated 400-251 Actual Tests pass4sure passguide testinsides testking
Comments Off