Exambible offers free demo for 400-251 exam. "CCIE Security Written Exam", also known as 400-251 exam, is a Cisco Certification. This set of posts, Passing the Cisco 400-251 exam, will help you answer those questions. The 400-251 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 400-251 exams and revised by experts!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q1. Which two statement about router Advertisement message are true? (Choose two)
A. Local link prefixes are shared automatically.
B. Each prefix included in the advertisement carries lifetime information f Or that prefix.
C. Massage are sent to the miscast address FF02::1
D. It support a configurable number of retransmission attempts for neighbor solicitation massage.
E. Flag setting are shared in the massage and retransmitted on the link.
F. Router solicitation massage are sent in response to router advertisement massage
Answer: A,F
Q2. Refer to the exhibit. Which statement about the effect of this configuration is true?
A. reply protection is disable
B. It prevent man-in-the-middle attacks
C. The replay window size is set to infinity
D. Out-of-order frames are dropped
Answer: D
Q3. Which two statement about the multicast addresses query message are true?(choose two)
A. They are solicited when a node initialized the multicast process.
B. They are used to discover the multicast group to which listeners on a link are subscribed
C. They are used to discover whether a specified multicast address has listeners
D. They are send unsolicited when a node initializes the multicast process
E. They are usually sent only by a single router on a link
F. They are sent when a node discover a multicast group
Answer: B,C
Q4. Refer to the exhibit.
What are the two effects of the given configuration? (Choose two)
A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded
B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering
C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the
destination address specified in the datagram
D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed
E. It permits Parameter Problem messages that indicate an error in the header
F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram
Answer: C,F
Q5. Which of the following two statements apply to EAP-FAST? (Choose two.)
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.
B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.
C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
D. EAP-FAST is a client/client security architecture.
Answer: A,C
Q6. Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?
A. extKeyUsage
B. nameConstrainsts
C. id-pe-ipAddrBlocks
D. Id-pe-autonomousSysldsE. Ia-ad-calssuers
E. keyUsage
Answer: B
Q7. Which two network protocols can operate on the Application Layer?(Choose two)
A. DNS
B. UDP
C. TCP
D. NetBIOS
E. DCCP
F. SMB
Answer: A,F
Q8. Which two characteristics of DTLS are true? (Choose two)
A. It includes a congestion control mechanism
B. It supports long data transfers and connections data transfers
C. It completes key negotiation and bulk data transfer over a single channel
D. It is used mostly by applications that use application layer object-security protocols
E. It includes a retransmission method because it uses an unreliable datagram transport
F. It cannot be used if NAT exists along the path
Answer: A,E
Q9. Which two commands would enable secure logging on Cisco ASA to a syslog server at 10.0.0.1? (Choose two)
A. logging host inside 10.0.0.1 TCP/1500 secure
B. logging host inside 10.0.0.1 UDP/514 secure
C. logging host inside 10.0.0.1 TCP/1470 secure
D. logging host inside 10.0.0.1 UDP/500 secure
E. logging host inside 10.0.0.1 UDP/447 secure
Answer: A,C
Q10. Refer to the exhibit, which conclusion can be drawn from this output?
A. The license of the device supports multiple virtual firewalls
B. The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platform
C. The license of the device allows for it to be used in a failover set
D. The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher
Answer: A
