Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
CCIE Security Written Exam (v5.0)
Question No: 191 – (Topic 2)
Which two options are open-source SDN controllers? (Choose two)
-
OpenContrail
-
OpenDaylight
-
Big Cloud Fabric
-
Virtual Application Networks SDN Controller
-
Application Policy Infrastructure Controller
Answer: A,B
Question No: 192 – (Topic 2)
Which two statements about WPA 2 with AES CCMP encryption are true? (Choose two)
-
AES CCMP is a block cipher
-
It is compatible with TACACS servers running LEAP authentication
-
Every wireless packet sent to the host is tagged with CCMP frames
-
It uses a 256-bit hashing key
-
The MIC prevents modifications of wireless frames and replay attacks
-
It uses a 128-bit hashing key
Answer: A,F
Question No: 193 – (Topic 2)
Which command sets the Key-length for the IPv6 send protocol?
-
IPv6 nd ns-interval
-
Ipv6 ndra-interval
-
IPv6 nd prefix
-
IPv6 nd inspection
-
IPv6 nd secured
Answer: E
Question No: 194 – (Topic 2)
What technique can an attacker use to obfuscate a malware application payload, allowing it to bypass standard security mechanisms?
-
Teredo tunnelling
-
Decryption
-
A PE32 header
-
Steganography
-
BASE64
Answer: E
Question No: 195 – (Topic 2)
Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)
-
It provides backward compability with legacy IPv6 inspection
-
It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.
-
It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.
-
It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.
-
It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.
-
It provide backward compatibility with legacy IPv4 inseption.
Answer: A,B
Question No: 196 – (Topic 2)
What are three pieces of data you should review in response to a suspected SSL MITM attack? (Choose three)
-
The IP address of the SSL server
-
The X.509 certificate of the SSL server
-
The MAC address of the attacker
-
The MAC address of the SSL server
-
The X.509 certificate of the attacker
-
The DNS name off the SSL server
Answer: A,B,F
Question No: 197 – (Topic 2)
When you are configuring QoS on the Cisco ASA appliance Which four are valid traffic selection criteria? (Choose four)
-
default-inspection-traffic
-
qos-group
-
DSCP
-
VPN group
-
tunnel group
-
IP precedence
Answer: A,C,E,F
Question No: 198 – (Topic 2)
Which two statements about the ISO are true? (Choose two)
-
The ISO is a government-based organization.
-
The ISO has three membership categories: member, correspondent, and subscribers.
-
Only member bodies have voting rights.
-
Correspondent bodies are small countries with their own standards organization.
-
Subscriber members are individual organizations.
Answer: B,C
Question No: 199 – (Topic 2)
What context-based access control (CBAC. command sets the maximum time that a router running Cisco IOS Will wait for a new TCP session to reach the established state?
-
IP inspect max-incomplete
-
IP inspect tcp finwait-time
-
Ip inspect udp idle-time
-
Ip inspect tcpsynwait-time
-
Ip inspect tcp idle-time
Answer: D
Question No: 200 – (Topic 2)
Refer to the exhibit. Which statement about this debug output is true ?
-
It was generated by a LAN controller when it responded to a join request from an access point
-
It was generated by a LAN controller when it generated a join request to an access point
-
It was generated by an access point when it sent a join reply message to a LAN controller
-
It was generated by an access point when it received a join request message from a LAN controller
Answer: A
100% Ensurepass Free Download!
–400-251 PDF
100% Ensurepass Free Guaranteed!
–400-251 Dumps
| EnsurePass | ExamCollection | Testking | |
|---|---|---|---|
| Lowest Price Guarantee | Yes | No | No |
| Up-to-Dated | Yes | No | No |
| Real Questions | Yes | No | No |
| Explanation | Yes | No | No |
| PDF VCE | Yes | No | No |
| Free VCE Simulator | Yes | No | No |
| Instant Download | Yes | No | No |
