This page was exported from 100% Free Lead2pass Exam Dumps Download [ http://www.pass4surevip.com ] Export date:Sat Aug 24 23:01:47 2019 / +0000 GMT ___________________________________________________ Title: [2017 New] Lead2pass 2017 New Cisco 400-251 Braindump Free Download (226-250) --------------------------------------------------- 2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! I have studied the 400-251 study guide and all questions were very authentic. I passed my 400-251 exam with good grades. I am very happy now. I will definitely back for more exams dumps. I settled well in my career with the help of Lead2pass.com. Thank also guys Hurry!!!! Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html QUESTION 226What are the two technologies that support AFT? (Choose two) A.    NAT-PTB.    SNATC.    NAT64D.    DNATE.    NAT-PMPF.    NAT-6to4 Answer: AC QUESTION 227According to RFC 2577, Which two options describe drawbacks of the FTP protocol? (Choose two) A.    If access to the FTP server is restricted by network address, the server still is susceptible to spoofing attacks.B.    Servers that apply connection limits to protect against brute force attacks are vulnerable to DoS attacksC.    It is susceptible to man-m-the-middle attacksD.    An attacker can validate user names if the 331 response is in use.E.    It is susceptible to bounce attacks on port 1024 Answer: BDExplanation:According to this RFC:To avoid such bounce attacks, it is suggested that servers not open data connections to TCP ports less than 1024.  If a server receives a PORT command containing a TCP port number less than 1024, the suggested response is 504 (defined as "Command not implemented for that parameter" by [PR85]).http://www.jscape.com/blog/bid/95157/Protecting-FTP-Passwords-from-Brute-Force-Attacks QUESTION 228Refer to the exhibit. Which two effects of this configuration are true? (Choose two) A.    The BGP neighbor session tears down after R1 receives 100 prefixes from the neighbor 1.1.1.1B.    The BGP neighbor session between R1 and R2 re-establishes after 50 minutesC.    A warning message is displayed on R2 after it receives 50 prefixesD.    A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1E.    The BGP neighbor session tears down after R1 receives 200 prefixes from neighbor 2.2.2.2F.    The BGP neighbor session between R1 and R2 re-establishes after 100 minutes Answer: DE QUESTION 229Drag and Drop QuestionDrag and drop the DNS record types from the left to the matching descriptions to the right Answer: QUESTION 230Which two statements describe the Cisco TrustSec system correctly? (Choose two.) A.    The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.B.    The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.C.    The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.D.    The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner. Answer: CD QUESTION 231Which two statement about DTLS are true ? (Choose two) A.    Unlike TLS,DTLS support VPN connection with ASA.B.    It is more secure that TLS.C.    When DPD is enabled DTLS connection can automatically fall back to TLS.D.    It overcomes the latency and bandwidth problem that can with SSL.E.    IT come reduce packet delays and improve application performance.F.    It support SSL VPNs without requiring an SSL tunnel. Answer: CDExplanation:There's something wrong with the question itself because out of 6 options given three are correct, namely C,D and E.Check out this Cisco documenthttp://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html“Configuring DTLS” section states:- Using DTLS avoids latency and bandwidth problems associated with SSL connections- improves the performance of real-time applications that are sensitive to packet delays- In order for DTLS to fall back to a TLS connection, Dead Peer Detection (DPD) must be enabled QUESTION 232NWhich two statements about the ISO are true? (Choose two. A.    The ISO is a government-based organization.B.    The ISO has three membership categories: Member, Correspondent, and Subscribers.C.    Subscriber members are individual organizations.D.    Only member bodies have voting rights.E.    Correspondent bodies are small countries with their own standards organization. Answer: BDExplanation:Member bodies are national bodies considered the most representative standards body in each country. These are the only members of ISO that have voting rights. QUESTION 233Drag and Drop QuestionDrag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the right. Answer: QUESTION 234Drag and Drop QuestionDrag and drop the role on the left onto their responsibility in the change-management process on the right Answer: QUESTION 235Refer to the exhibit, which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503? A.    _65509.?$B.    _65503$C.    ^65503.*D.    ^65503$E.    _65503_F.    65503 Answer: DExplanation:The regex is formed with starting ^ and trailing $ to filter only one specific AS number.http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13754-26.html QUESTION 236Which two commands would enable secure logging on Cisco ASA to a syslog server at 10.0.0.1? (Choose two) A.    logging host inside 10.0.0.1 TCP/1500 secureB.    logging host inside 10.0.0.1 UDP/514 secureC.    logging host inside 10.0.0.1 TCP/1470 secureD.    logging host inside 10.0.0.1 UDP/500 secureE.    logging host inside 10.0.0.1 UDP/447 secure Answer: AC QUESTION 237What feature enables extended secure access from non-secure physical location? A.    Port securityB.    Strom controlC.    NEATD.    CBACE.    802 1x pot-based authentication Answer: C QUESTION 238Which of the following best describes Chain of Evidence in the context of security forensics? A.    Evidence is locked down, but not necessarily authenticated.B.    Evidence is controlled and accounted for to maintain its authenticity and integrity.C.    The general whereabouts of evidence is known.D.    Someone knows where the evidence is and can say who had it if it is not logged. Answer: B QUESTION 239What are three ways you can enforce a BCP38 policy on an internet edge policy?(choose three) A.    Avoid RFC1918 internet addressing.B.    Implement Cisco Express Forwarding.C.    Implement Unicast RPF.D.    Apply ingress filters for RFC1918 addresses.E.    Apply ingress ACL filters for BOGON routes.F.    Implement source NAT. Answer: CDEExplanation:http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap6.html QUESTION 240Which three addresses are special uses as defined in RFC 5735? (Choose three.) A.    171.10.0.0/24B.    0.0.0.0/8C.    203.0.113.0/24D.    192.80.90.0/24E.    172.16.0.0/12F.    198.50.100.0/24 Answer: BCE QUESTION 241Which Cisco product solution is designed for workload mobility between public-public and private-public clouds? A.    Cisco Cloud OrchestratorB.    Cisco Unified CloudC.    Cisco Intercloud FabricD.    Cisco Metapod Answer: C QUESTION 242Refer to the exhibit. What protocol format is illustrated? A.    GRB.    AHC.    ESPD.    IP Answer: B QUESTION 243What are two features that help to mitigate man-in-the-middle attacks?(Choose two) A.    dynamic ARP inspectionB.    ARP sniffing on specific portsC.    destination MAC ACLsD.    ARP spoofingE.    DHCP snooping Answer: AE QUESTION 244What is the purpose of the vulnerability risk method for assessing risk? A.    It directs the actions an organization can take in response to a reported vulnerabilityB.    It evaluates the effectiveness and appropriateness of an organization's current risk management activitiesC.    It directs the actions an organization can take to ensure perimeter securityD.    It prevents and protects against security vulnerabilities in an organizationE.    It establishes a security team to perform forensic examinations of known attacks Answer: AExplanation:http://www.cisco.com/c/en/us/about/security-center/vulnerability-risk-triage.html QUESTION 245Which three IP resources is the IANA responsible? (Choose three.) A.    IP address allocationB.    detection of spoofed addressC.    criminal prosecution of hackersD.    autonomous system number allocationE.    root zone management in DNSF.    BGP protocol vulnerabilities Answer: ADE QUESTION 246Which Statement about remote procedure calls is true? A.    They support synchronous and asynchronous requests.B.    They can emulate different hardware specifications on a single platform.C.    They support optimized data replication among multiple machines.D.    They use a special assembly instruction set to process remote code without conflicting with other remote processes.E.    They can be invoked by the client and the server. Answer: D QUESTION 247You have configured an authenticator switch in access mode on a network configured with NEAT.What RADIUS attribute must the ISE sever return to change the switch's port mode to trunk? A.    device-traffic-class=switchB.    device-traffic-class=trunkC.    Framed-protocol=1D.    EAP-message=switchE.    Acct-Authentic=RADIUSF.    Authenticate=Administrative Answer: A QUESTION 248Which statement about ISO/IEC 27001 is true? A.    ISO/IEC 27001 is only intended to report security breaches to the management authority.B.    ISO/IEC 27001 was reviewed by the International Organization for Standardization.C.    ISO/IEC 27001 is intend to bring information security under management control.D.    ISO/IEC 27001 was reviewed by the International Electrotechnical Commission.E.    ISO/IEC 27001 was published by ISO/IEC Answer: C QUESTION 249Drag and Drop QuestionDrag and drop ESP header field on the left to the appropriate field length on the right. Answer: QUESTION 250Which object table contains information about the clients know to the server in Cisco NHRP MIB implementaion? A.    NHRP Server NHC TableB.    NHRP Client Statistics TableC.    NHRP Cache TableD.    NHRP Purge Request Table Answer: A All the 400-251 exam questions are 100% verified by their experts team. So there is no chances of errors. So you can prepare your 400-251 exam without any hesitation. 400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDMERESjlYcVlZNWs 2017 Cisco 400-251 exam dumps (All 470 Q&As) from Lead2pass: https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-08-10 03:27:52 Post date GMT: 2017-08-10 03:27:52 Post modified date: 2017-08-10 03:27:52 Post modified date GMT: 2017-08-10 03:27:52 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com