[Free] 2018(Aug) Ensurepass Cisco 400-251 Dumps with VCE and PDF 181-190

August 12, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 181 – (Topic 2)

Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

  1. Destination Unreachable-protocol Unreachable

  2. Destination Unreachable-port Unreachable

  3. Time Exceeded-Time to Live exceeded in Transit

  4. Redirect-Redirect Datagram for the Host

  5. Time Exceeded-Fragment Reassembly Time Exceeded

  6. Redirect-Redirect Datagram for the Type of service and Host

Answer: B,C

Question No: 182 – (Topic 2)

What port has IANA assigned to the GDOI protocol?

  1. UDP 4500

  2. UDP 500

  3. UDP 1812

  4. UDP 848

Answer: D

Question No: 183 – (Topic 2)

You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):

Ensurepass 2018 PDF and VCE

With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP

registration fails. Registration will continue to fail until you do which of these?

  1. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

  2. Modify the NHRP hold times to match on the hub and spoke

  3. Modify the NHRP network IDs to match on the hub and spoke

  4. Modify the tunnel keys to match on the hub and spoke

Answer: D

Question No: 184 – (Topic 2)

Ensurepass 2018 PDF and VCE

Refer to the exhibit. What are three effect of the given firewall configuration? (Choose three.)

  1. The firewall allows Echo Request packets from any source to pass server.

  2. The firewall allows time Exceeded error messages from any source to pass to the server.

  3. PCs outside the firewall are unable to communicate with the server over HTTP

  4. The firewall allows Echo Reply packets from any source to pass to the server.

  5. The firewall allows Destination Unreachable error messages from any source to pass to the server.

  6. The firewall allows Packet too big error messages from any source to pass to the server.

Answer: A,D,F

Question No: 185 – (Topic 2)

What are three IPv6 extension headers? (Choose three)

  1. TTL

  2. source option

  3. Destination options

  4. Authentication

  5. Segment

  6. Hop-by-Hop options

Answer: C,D,F

Question No: 186 – (Topic 2)

Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)

  1. The maximum path MTU across the GRE tunnel is set to 65534 bytes.

  2. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.

  3. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.

  4. It disables PMTUD discovery for tunnel interfaces.

  5. The DF bit are copied to the GRE IP header.

  6. The minimum path MTU across the GRE tunnel is set to 1476 bytes.

Answer: B,E

Question No: 187 – (Topic 2)

Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

  1. Network translation mode

  2. Single-context routed mode

  3. Multiple-context mode

  4. Transparent mode

Answer: B

Question No: 188 – (Topic 2)

Which two current RFCs discuss special use IP addresses that may be used as a checklist of invalid routing prefixes for IPv4 and IPv6 addresses? (Choose two.)

  1. RFC 5156

  2. RFC 5735

  3. RFC 3330

  4. RFC 1918

  5. RFC 2827

Answer: A,B

Question No: 189 – (Topic 2)

Given the IPv4 address, which two address are valid IPv4-compatible IPv6 addresses? (Choose two)

A. 0:0:0:0:0:10:10:100:16

B. 0:0:10:10:10:16:0:0:0

C. 0:0:10:10:100:16:0:0:0

D. ::10:10:100:16

E. :::A:A:64:10

Answer: A,D

Question No: 190 – (Topic 2)

What are two features that help to mitigate man-in-the-middle attacks?(Choose two)

  1. dynamic ARP inspection

  2. ARP sniffing on specific ports

  3. destination MAC ACLs

  4. ARP spoofing

  5. DHCP snooping

Answer: A,E

100% Ensurepass Free Download!
400-251 PDF
100% Ensurepass Free Guaranteed!
400-251 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No