400-251 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 400-251 Dumps with VCE and PDF 301-310

August 12, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 301 – (Topic 2)

For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)

  1. BVI is required for the inspection of IP traffic.

  2. The firewall can perform routing on bridged interfaces.

  3. BVI is required if routing is disabled on the firewall.

  4. BVI is required if more than two interfaces are in a bridge group.

  5. BVI is required for the inspection of non-IP traffic.

  6. BVI can manage the device without having an interface that is configured for routing.

Answer: D,F

Question No: 302 – (Topic 2)

How does a wireless association flood attack create a DoS?

  1. It sends a high-power RF pulse that can damage the internals of the AP

  2. It spoofs disassociation frames from the access point.

  3. It uses a brute force attack to crack the encryption.

  4. It exhausts the access client association table.

Answer: D

Question No: 303 – (Topic 2)

What are the two technologies that support AFT? (Choose two)

  1. NAT-PT

  2. SNAT

  3. NAT64

  4. DNAT

  5. NAT-PMP

  6. NAT-6to4

Answer: A,C

Question No: 304 – (Topic 2)

NWhich two statements about the ISO are true? (Choose two.

  1. The ISO is a government-based organization.

  2. The ISO has three membership categories: Member, Correspondent, and Subscribers.

  3. Subscriber members are individual organizations.

  4. Only member bodies have voting rights.

  5. Correspondent bodies are small countries with their own standards organization.

Answer: B,D

Explanation: Member bodies are national bodies considered the most representative standards body in each country. These are the only members of ISO that have voting rights.

Question No: 305 – (Topic 2)

Refer to the exhibit . What is the meaning of the given error message?

  1. The PFS groups are mismatched.

  2. The pre-shared keys are mismatched.

  3. The mirrored crypto ACLs are mismatched.

  4. IKE is disabled on the remote peer.

Answer: B

Question No: 306 – (Topic 2)

Which two options are disadvantages of MPLS layers 3 VPN services? (choose two)

  1. They requires cooperation with the service provider to implement transport of non-IP traffic.

  2. SLAs are not supported by the service provider.

  3. It requires customers to implement QoS to manage congestion in the network.

  4. Integration between Layers 2 and 3 peering services is not supported.

  5. They may be limited by the technology offered by the service provider.

  6. They can transport only IPv6 routing traffic.

Answer: D,E

Question No: 307 – (Topic 2)

What security element must an organization have in place before it can implement a security audit and validate the audit results?

  1. firewall

  2. network access control

  3. an incident response team

  4. a security policy

  5. a security operation center

Answer: D

Question No: 308 – (Topic 2)

Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)

  1. confidentiality and integrity of customer records and credit card information

  2. accountability in the event of corporate fraud

  3. financial information handled by entities such as banks, and mortgage and insurance


  4. assurance of the accuracy of financial records

  5. US Federal government information

  6. security standards that protect healthcare patient data

Answer: B,D

Explanation: 826)A Cisco Easy VPN software client is unable to access its local LAN devices once the VPN tunnel is established. What is the best way to solve this issue?

  1. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.

  2. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client.

  3. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.

  4. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.

  5. The Cisco Easy VPN client machine needs to have multiple NICs to support this.

Answer: B

Question No: 309 – (Topic 2)

Which two statements about NAT-PT with IPv6 are true?(choose twp)

  1. It can be configured as dynamic, static, or PAT.

  2. It provides end-to-end security.

  3. It supports IPv6 BVI configurations.

  4. It provides support for Cisco Express Forwarding.

  5. It provides ALG support for ICMP and DNS.

  6. The router can be a single point of failure on the network.

Answer: A,E

Question No: 310 – (Topic 2)

what is the most commonly used technology to establish an encrypted HTTP connection?

  1. the HTTP/1.1 Upgrade header

  2. the HTTP/1.0 Upgrade header

  3. Secure Hypertext Transfer Protocol

  4. HTTPS

Answer: D

100% Ensurepass Free Download!
400-251 PDF
100% Ensurepass Free Guaranteed!
400-251 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No