This page was exported from All The Latest MCTS Exam Questions And Answers For Free Share [ https://www.mctsdump.com ] Export date:Thu Nov 21 12:16:39 2024 / +0000 GMT ___________________________________________________ Title: [Feb-2017 Dumps] Free PassLeader 400-251 VCE and PDF Dumps With New Update Exam Questions --------------------------------------------------- New Updated 400-251 Exam Questions from PassLeader 400-251 PDF dumps! Welcome to download the newest PassLeader 400-251 VCE dumps: http://www.passleader.com/400-251.html (1106 Q&As) Keywords: 400-251 exam dumps, 400-251 exam questions, 400-251 VCE dumps, 400-251 PDF dumps, 400-251 practice tests, 400-251 study guide, 400-251 braindumps, CCIE Security Exam P.S. Free 400-251 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms NEW QUESTION 1Drag and drop the step in the Cisco ASA packet processing flow on the left into the correct order of operations on the right. Answer: NEW QUESTION 2What is the effect of the following command on Cisco IOS router?ip dns spoofing 1.1.1.1 A.    The router will respond to the DNS query with its highest loopback address configuredB.    The router will respond to the DNS query with 1.1.1.1 if the query id for its own hostnameC.    The router will respond to the DNS query with the IP address of its incoming interface for any hostname queryD.    The router will respond to the DNS query with the IP address of its incoming interface for its own hostname Answer: D NEW QUESTION 3You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these? A.    Configure the ipnhrp cache non-authoritative command on the hub's tunnel interfaceB.    Modify the NHRP hold times to match on the hub and spokeC.    Modify the NHRP network IDs to match on the hub and spokeD.    Modify the tunnel keys to match on the hub and spoke Answer: D NEW QUESTION 4…… NEW QUESTION 5Which two options are unicast address types for IPv6 addressing? (Choose two.) A.    EstablishedB.    StaticC.    GlobalD.    DynamicE.    Link-local Answer: CE NEW QUESTION 6Refer to the exhibit. Which two effects of this configuration are true? (Choose two.) A.    The BGP neighbor session tears down after R1 receives 100 prefixes from the neighbor 1.1.1.1B.    The BGP neighbor session between R1 and R2 re-establishes after 50 minutesC.    A warning message is displayed on R2 after it receives 50 prefixesD.    A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1E.    The BGP neighbor session tears down after R1 receives 200 prefixes from neighbor 2.2.2.2F.    The BGP neighbor session between R1 and R2 re-establishes after 100 minutes Answer: DE NEW QUESTION 7From the list below, which one is the major benefit of AMP Threat GRID? A.    AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with virusesB.    AMP Threat Grid learns ONLY from data you pass on your network and not from anything else to monitor for suspicious behavior. This makes the system much faster and efficientC.    AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one combined solutionD.    AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral indicators Answer: C NEW QUESTION 8Which two characteristics of DTLS are true? (Choose two.) A.    It includes a congestion control mechanismB.    It supports long data transfers and connections data transfersC.    It completes key negotiation and bulk data transfer over a single channelD.    It is used mostly by applications that use application layer object-security protocolsE.    It includes a retransmission method because it uses an unreliable datagram transportF.    It cannot be used if NAT exists along the path Answer: AE NEW QUESTION 9Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two.) A.    Destination Unreachable-protocol UnreachableB.    Destination Unreachable-port UnreachableC.    Time Exceeded-Time to Live exceeded in TransitD.    Redirect-Redirect Datagram for the HostE.    Time Exceeded-Fragment Reassembly Time ExceededF.    Redirect-Redirect Datagram for the Type of service and Host Answer: BC NEW QUESTION 10Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three.) A.    L2TP-EncryptionB.    Web-VPN-ACL-FiltersC.    IPsec-Client-Firewall-Filter-NameD.    Authenticated-User-Idle-TimeoutE.    IPsec-Default-DomainF.    Authorization-Type Answer: BDE NEW QUESTION 11Which two statements about global ACLs are true? (Choose two.) A.    They support an implicit denyB.    They are applied globally instead of being replicated on each interfaceC.    They override individual interface access rulesD.    They require an explicit denyE.    They can filer different packet types than extended ACLsF.    They require class-map configuration Answer: AB NEW QUESTION 12When TCP intercept is enabled in its default mode, how does it react to a SYN request? A.    It intercepts the SYN before it reaches the server and responds with a SYN-ACKB.    It drops the connectionC.    It monitors the attempted connection and drops it if it fails to establish within 30 secondsD.    It allows the connection without inspectionE.    It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established Answer: E NEW QUESTION 13Which two statements about IPsec in a NAT-enabled environment are true? (Choose two.) A.    The hashes of each peer's IP address and port number are compared to determine whether NAT-T is requiredB.    NAT-T is not supported when IPsec Phase 1 is set to Aggressive ModeC.    The first two messages of IPsec Phase 2 are used to determine whether the remote host supports NAT-TD.    IPsec packets are encapsulated in UDP 500 or UDP 10000 packetsE.    To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers Answer: AD NEW QUESTION 14…… Download the newest PassLeader 400-251 dumps from passleader.com now! 100% Pass Guarantee! 400-251 PDF dumps & 400-251 VCE dumps: http://www.passleader.com/400-251.html (1106 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) P.S. Free 400-251 Exam Dumps Collection On Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpd3JLalNVS0VWbms --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-02-08 07:52:35 Post date GMT: 2017-02-08 07:52:35 Post modified date: 2017-02-08 07:52:35 Post modified date GMT: 2017-02-08 07:52:35 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com