This page was exported from PassLeader Microsoft MCTS Premium Exam Dumps For Free
[
https://www.mctsbible.com
]
Export date: Fri Mar 29 5:22:33 2024 / +0000 GMT
New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms QUESTION 151 A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message. Answer: BE QUESTION 152 A. Ike is disable on the remote peer Answer: C QUESTION 153 A. SensorApp Answer: C QUESTION 154 A. Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the client. Answer: AB QUESTION 155 Answer: QUESTION 156 A. Rate limit SYN packets Answer: AB QUESTION 157 A. SOX is an IEFT compliance procedure for computer systems security. Answer: BE QUESTION 158 A. They requires cooperation with the service provider to implement transport of non-IP traffic. Answer: DE QUESTION 159 A. RFC 3704 Answer: A QUESTION 160 A. prevents DoS from legitimate, non-hostile end systems Answer: C QUESTION 161 A. R2 received a packet with an incorrect area form the loopback1 interface Answer: C QUESTION 162 Answer: B QUESTION 163 A. Loose mode requires the source address to be present in the routing table. Answer: ACE QUESTION 164 A. TCP Answer: B QUESTION 165 Answer: QUESTION 166 A. It intercepts the SYN before it reaches the server and responds with a SYN-ACK Answer: E QUESTION 167 A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded Answer: QUESTION 168 A. ISMS Policy Answer: ABCD QUESTION 169 A. By default, configuring HSRP on the interface disables ICMP redirect functionality. Answer: AB QUESTION 170 A. It can be configured as dynamic, static, or PAT. Answer: AE QUESTION 171 A. The STRING-TCP engine Answer: C QUESTION 172 A. BGP NHT Answer: BD QUESTION 173 A. Configure the IP local pool command on R2 Answer: C QUESTION 174 A. It is compatible with the PAP and MS-CHAP protocols Answer: EF QUESTION 175 A. Destination Unreachable-protocol Unreachable Answer: BC QUESTION 176 A. PKCS#7 Answer: BCE QUESTION 177 A. Man in the Middle Attacks Answer: D QUESTION 178 A. You cannot pair a VLAN with itself. Answer: ACE QUESTION 179 A. IPv6 nd ns-interval Answer: E QUESTION 180 A. It can connect to PIM-SM and PIM-DM domains Answer: BEF Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (366 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) p.s. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms
Which two statements about the SHA-1 algorithm are true? (Choose two.)
B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.
C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.
D. The purpose of the SHA-1 algorithm is to provide data confidentiality.
E. The purpose of the SHA-1 algorithm is to provide data authenticity.
Refer to the exhibit. What is the meaning of the given error massage?
B. The mirrored crypto ACLs are mismatched
C. The pre-shared keys are mismatched
D. The PFS group are mismatched
Event Store is a component of which IPS application?
B. InterfaceApp
C. MainApp
D. NotificationApp
E. AuthenticationApp
Refer to the exhibit. What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two.)
B. Apply an intermediate CA certificate from a trusted authority on the inspection appliance.
C. Download a copy of the private key from the content provider.
D. Update your organizational procedures to instruct users to click "I Understand the Risks" to accept the error and continue.
E. Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance.
Drag and Drop Question
Drag each IPv6 extension header on the left into the recommended order for more than one extension header in the same IPv6 packet on the right.
What are two action you can take to protect against DDOS attacks on cisco router and switches? (Choose two.)
B. Filter the RFC-1918 address space
C. configuration IP snooping
D. implement MAC address filtering
E. Configuration PIM-SM
Which two statements about SOX are true? (Choose two.)
B. SOX is a US law.
C. SOX is an IEEE compliance procedure for IT management to produce audit reports.
D. SOX is a private organization that provides best practices for financial institution computer systems.
E. Section 404 of SOX is related to IT compliance.
Which two options are disadvantages of MPLS layers 3 VPN services? (Choose two.)
B. SLAs are not supported by the service provider.
C. It requires customers to implement QoS to manage congestion in the network.
D. Integration between Layers 2 and 3 peering services is not supported.
E. They may be limited by the technology offered by the service provider.
F. They can transport only IPv6 routing traffic.
Which RFC outlines BCP 84?
B. RFC 2827
C. RFC 3030
D. RFC 2267
E. RFC 1918
Which option is a benefit of implementing RFC 2827?
B. prevents disruption of special services such as Mobile IP
C. defeats DoS attacks which employ IP source address spoofing
D. restricts directed broadcasts at the ingress router
E. allows DHCP or BOOTP packets to reach the relay agents as appropriate
Refer to the exhibit. After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?
B. OSPFv3 area authentication is missing
C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface
D. The SPI and the authentication key are unencrypted
E. The SPI value and the key are the same on both R1 and R2
Which statement about ICMPv6 filtering is true?
Which three statements about the Unicast RPF in strict mode and loose mode are true? (Choose three.)
B. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.
C. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.
D. Strict mode requires a default route to be associated with the uplink network interface.
E. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.
F. Both loose and strict modes are configured globally on the router.
What protocol does IPv6 Router Advertisement use for its messages?
B. ICMPv6
C. ARP
D. UDP
Drag and Drop Question
Drag each ESP header field on the left into the corresponding field-length category on the right.
When TCP intercept is enabled in its default mode, how does it react to a SYN request?
B. It drops the connection
C. It monitors the attempted connection and drops it if it fails to establish within 30 seconds
D. It allows the connection without inspection
E. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established
Refer to the exhibit. What are the two effects of the given configuration? (Choose two.)
B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering
C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagram
D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed
E. It permits Parameter Problem messages that indicate an error in the header
F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram
According ISO27001 ISMS, which of the following are mandatory documents? (Choose four.)
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Which two statements about ICMP redirect messages are true? (Choose two.)
B. They are generated when a packet enters and exits the same router interface.
C. The messages contain an ICMP Type 3 and ICMP code 7.
D. They are generated by the host to inform the router of an alternate route to the destination.
E. Redirects are only punted to the CPU if the packets are also source-routed.
Which two statements about NAT-PT with IPv6 are true? (Choose two.)
B. It provides end-to-end security.
C. It supports IPv6 BVI configurations.
D. It provides support for Cisco Express Forwarding.
E. It provides ALG support for ICMP and DNS.
F. The router can be a single point of failure on the network.
Which of the following Cisco IPS signature engine has relatively high memory usage?
B. The STRING-UDP engine
C. The NORMALIZER engine
D. The STRING-ICMP engine
Which of the following two options can you configure to avoid iBGP full mesh? (Choose two.)
B. route reflector
C. local preference
D. confederations
E. Virtual peering
Refer to the exhibit, if R1 is acting as a DHCP server, what action can you take to enable the pc to receive an ip address assignment from the DHCP server?
B. Configure DHCP option 150 on R2
C. Configure the IP helper-address command on R2 to use R1's ip address
D. Configure the IP helper-address command on R1 to use R2's ip address
E. Configuration DHCP option 82 on R1
F. Configure the ip local pool command on R1
Which two statements about LEAP are true? (Choose two.)
B. It is an ideal protocol for campus networks
C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys
D. It is an open standard based on IETF and IEEE standards
E. It is compatible with the RADIUS authentication protocol
F. Each encrypted session is authentication by the AD server
Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two.)
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
What are the three response types for SCEP enrollment requests? (Choose three.)
B. Reject
C. Pending
D. PKCS#10
E. Success
F. Renewal
Refer to the exhibit. What is the configuration design to prevent?
B. Dynamic payload inspection
C. Backdoor control channels for infected hosts
D. DNS Inspection
Which three statements about the Cisco IPS sensor are true? (Choose three.)
B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.
C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.
D. The order in which you specify the VLANs in a inline pair is significant.
E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.
Explanation:
Inline VLAN Interface Pairs
You cannot pair a VLAN with itself. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair. However, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface. The order in which you specify the VLANs in an inline VLAN pair is not significant. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.
Which command sets the Key-length for the IPv6 send protocol?
B. Ipv6 ndra-interval
C. IPv6 nd prefix
D. IPv6 nd inspection
E. IPv6 nd secured
Which two statement about MSDP ate true? (Choose three.)
B. It announces multicast sources from a group
C. The DR sends source data to the rendezvous point only at the time the source becomes active
D. It can connect only to PIM-DM domains
E. It registers multicast sources with the rendezvous point of a domain
F. It allows domains to discover multicast sources in the same or different domains.
Post date: 2017-02-14 04:27:55
Post date GMT: 2017-02-14 04:27:55
Post modified date: 2017-02-14 04:27:55
Post modified date GMT: 2017-02-14 04:27:55
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com