Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
CCIE Security Written Exam (v5.0)
Question No: 151 – (Topic 2)
-
Modify the tunnel keys to match on the hub and spoke
-
Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
-
Modify the NHRP hold times to match on the hub and spoke
-
Modify the NHRP network IDs to match on the hub and spoke
Answer: A
Question No: 152 DRAG DROP – (Topic 2)
Drag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?
Answer:
Explanation:
1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.
Question No: 153 – (Topic 2)
Which two statements about RFC 2827 are true? (Choose two.)
-
RFC 2827 defines egress packet filtering to safeguard against IP spoofing.
-
A corresponding practice is documented by the IEFT in BCP 38.
-
RFC 2827 defines ingress packet filtering for the multihomed network.
-
RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.
-
A corresponding practice is documented by the IEFT in BCP 84.
Answer: B,D
Question No: 154 – (Topic 2)
A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?
-
LDP
-
VXLAN
-
VRF
-
Extended VLAN ranges
Answer: B
Question No: 155 – (Topic 2)
Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?
-
extKeyUsage
-
nameConstrainsts
-
id-pe-ipAddrBlocks
-
Id-pe-autonomousSysldsE. Ia-ad-calssuers
-
keyUsage
Answer: B
Question No: 156 – (Topic 2)
Refer to the exhibit. Which effect of this Cisco ASA policy map is true?
-
The Cisco ASA is unable to examine the TLS session.
-
The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.
-
it prevents a STARTTLS session from being established.
-
The Cisco ASA logs SMTP sessions in clear text.
Answer: B
Question No: 157 – (Topic 2)
Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)
-
Loose mode requires the source address to be present in the routing table.
-
Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.
-
Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.
-
Strict mode requires a default route to be associated with the uplink network interface.
-
Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.
-
Both loose and strict modes are configured globally on the router.
Answer: A,C,E
Question No: 158 – (Topic 2)
Refer to the exhibit, which effect of this configuration is true?
-
The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes
-
SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes
-
The maximum size of TCP SYN ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
-
The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
-
The minimum size of TCP SYN ACL packets passing the router is set to 1452 bytes
and the IP MTU of the interface is set to 1492 bytes
Answer: D
Question No: 159 – (Topic 2)
Which two value must you configure on the cisco ASA firewall to support FQDN ACL ? (Choose two)
-
A DNS server
-
A Service policy
-
An FQDN object
-
A Class map
-
A services object
-
A policy map
Answer: A,C
Question No: 160 – (Topic 2)
Which three IP resources is the IANA responsible? (Choose three.)
-
IP address allocation
-
detection of spoofed address
-
criminal prosecution of hackers
-
autonomous system number allocation
-
root zone management in DNS
-
BGP protocol vulnerabilities
Answer: A,D,E
100% Ensurepass Free Download!
–400-251 PDF
100% Ensurepass Free Guaranteed!
–400-251 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |