This page was exported from 100% Valid Exam Dumps on Lead2pass [ ] Export date:Fri Mar 22 2:05:17 2019 / +0000 GMT ___________________________________________________ Title: [2017 New] Easily Pass 400-251 Exam With Lead2pass New 400-251 VCE And PDF Dumps (51-75) --------------------------------------------------- 2017 July Cisco Official New Released 400-251 Dumps in! 100% Free Download! 100% Pass Guaranteed! Are you worring about the 400-251 exam? With the complete collection of 400-251 exam questions and answers, Lead2pass has assembled to take you through your 400-251 exam preparation. Each Q & A set will test your existing knowledge of 400-251 fundamentals, and offer you the latest training products that guarantee you passing 400-251 exam easily. Following questions and answers are all new published by Cisco Official Exam Center: QUESTION 51What are feature that can stop man-in-the-middle attacks? (Choose two) A.    ARP sniffing on specific portsB.    ARP spoofingC.    Dynamic ARP inspectionD.    DHCP snoopingE.    destination MAC ACLs Answer: CD QUESTION 52Which two statements about CoPP are true? (Choose two) A.    When a deny rule in an access list is used for MQC is matched, classification continues on the next classB.    It allows all traffic to be rate limited and discardedC.    Access lists that are used with MQC policies for CoPP should omit the log and log-input keywordsD.    The mls qos command disables hardware acceleration so that CoPP handles all QoSE.    Access lists that use the log keyword can provide information about the device's CPU usageF.    The policy-map command defines the traffic class Answer: AC QUESTION 53Refer to the exhibit. Which effect of this configuration is true? A.    The WLC accepts self-signed certificates from the RADIUS server to authorize APs.B.    The WLC adds the MAC addresses listed in the ssc ap-policy to its internal authorization list.C.    The WLC adds the ssc access point to the auth-list internal authorization list.D.    The WLC accepts the manufacture-installed certificate from the local access point.E.    The WLC accepts self-signed certificates from devices added to itsa internal authorization list. Answer: D QUESTION 54Drag and Drop QuestionDrag each ip transmission and Fragmentation term on the left to the matching statement on right Answer: QUESTION 55Which two network protocols can operate on the Application Layer?(Choose two) A.    DNSB.    UDPC.    TCPD.    NetBIOSE.    DCCPF.    SMB Answer: AF QUESTION 56Refer to the exhibit, which effect of this configuration is true? A.    The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytesB.    SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytesC.    The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytesD.    The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytesE.    The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes Answer: D QUESTION 57Which of the following statement is true about the ARP spoofing attack? A.    Attacker sends the ARP request with the MAC address and IP address of the legitimate resource in the network.B.    Attacker of ends the ARP request with MAC address and IP address of its own.C.    ARP spoofing does not facilitate man in-the-middle attack for the attacker.D.    Attacker sends the ARP request with its own MAC address and IP address of legitimate resource in the network. Answer: D QUESTION 58Which command can you enter to cause the locally-originated Multicast Source Discovery Protocol Source-Active to be prevented from going to specific peers? A.    ip msdp mesh-group mesh-name {<peer-address>|<peer-name>}B.    ip msdp redistribute [list <acl>][asn as-access-list][route-map <map>]C.    ip msdp sa-filter out <peer> [list<acl>] [route-map<map>]D.    ip msdp default-peer {<peer-address> | <peer-name>}[prefix-list<list>]E.    ip msdp sa-filter in <peer> [list<acl>][route-map <map>] Answer: C QUESTION 59CCMP (CCM mode Protocol) is based on which algorithm? A.    3DESB.    BlowfishC.    RC5D.    AESE.    IDEA Answer: D QUESTION 60Drag and Drop QuestionDrag and drop each step in the SCEP process on the left into the correct order of operations on the right. Answer: QUESTION 61Which command can you enter on the Cisco ASA to disable SSH? A.    Crypto key generate ecdsa labelB.    Crypto key generate rsa usage-keys noconfirmC.    Crypto keys generate rsa general-keys modulus 768D.    Crypto keys generate ecdsa noconfirmE.    Crypto keys zeroize rsa noconfirm Answer: E QUESTION 62Which one of the foiling Cisco ASA adapts security appliance rule samples will send HTTP data to the AIP-SSM module to evaluate and stop HTTP attacks? A.    B.    C.    D.      Answer: D QUESTION 63Why is the IPv6 type 0 routing header vulnerable to attack? A.    It allows the receiver of a packet to control its flow.B.    It allows the sender to generate multiple NDP requests for each packet.C.    It allows the sender of a packet to control its flow.D.    It allows the sender to generate multiple ARP requests for each packet.E.    It allows the receiver of a packet to modify the source IP address. Answer: C QUESTION 64What context-based access control (CBAC. command sets the maximum time that a router running Cisco IOS Will wait for a new TCP session to reach the established state? A.    IP inspect max-incompleteB.    IP inspect tcp finwait-timeC.    Ip inspect udp idle-timeD.    Ip inspect tcpsynwait-timeE.    Ip inspect tcp idle-time Answer: D QUESTION 65Which three statements about Cisco Flexible NetFlow are true? (Choose three.) A.    The packet information used to create flows is not configurable by the user.B.    It supports IPv4 and IPv6 packet fields.C.    It tracks all fields of an IPv4 header as well as sections of the data payload.D.    It uses two types of flow cache, normal and permanent.E.    It can be a useful tool in monitoring the network for attacks. Answer: BCE QUESTION 66Which best practice can limit inbound TTL expiry attacks? A.    Setting the TTL value to more than the longest path in the networkB.    Setting the TTL value to zeroC.    Setting the TTL value to less than the longest path in the networkD.    Setting the TTL value equal to the longest path in the network Answer: C QUESTION 67On Which encryption algorithm is CCMP based? A.    IDEAB.    BLOWFISHC.    RCSD.    3DESE.    AES Answer: E QUESTION 68By defaults which amount of time does the ASA add to the TTL value of a DNS entry to determine the amount of time a DNS entry is valid? A.    60 secondsB.    30 secondsC.    0 secondD.    180 secondsE.    120 secondsF.    100 seconds Answer: A QUESTION 69Drag and Drop QuestionDrag and drop the desktop-security terms from the left onto their right definitions on the right. Answer: QUESTION 70What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies? A.    merge rule toolB.    policy simplification toolC.    rule grouping toolD.    object group toolE.    combine rule tool Answer: E QUESTION 71Refer to the exhibit. Which statement about the effect of this configuration is true? A.    reply protection is disableB.    It prevent man-in-the-middle attacksC.    The replay window size is set to infinityD.    Out-of-order frames are dropped Answer: D QUESTION 72when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail? A.    0 to 65535B.    1 to 1024C.    0 to 4,294,967,295D.    1 to 65535E.    1 to 4,294,967,295F.    0 to 1024 Answer: C QUESTION 73What port has IANA assigned to the GDOI protocol? A.    UDP 4500B.    UDP 500C.    UDP 1812D.    UDP 848 Answer: D QUESTION 74Drag and Drop QuestionDrag each Cisco TrustSec feature on the left to its description on the right. Answer: QUESTION 75Which statement is true about SYN cookies? A.    The state is kept on the server machine TCP stackB.    A system has to check every incoming ACK against state tablesC.    NO state is kept on the server machine state but is embedded in the initial sequence numberD.    SYN cookies do not help to protect against SYN flood attacks Answer: C At Lead2pass, we are positive that our Cisco 400-251 dumps with questions and answers PDF provide most in-depth solutions for individuals that are preparing for the Cisco 400-251 exam. Our updated 400-251 braindumps will allow you the opportunity to know exactly what to expect on the exam day and ensure that you can pass the exam beyond any doubt. 400-251 new questions on Google Drive: 2017 Cisco 400-251 exam dumps (All 449 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-21 01:45:41 Post date GMT: 2017-07-21 01:45:41 Post modified date: 2017-07-21 01:45:41 Post modified date GMT: 2017-07-21 01:45:41 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from