Examcollection offers free demo for 400-251 exam. "CCIE Security Written Exam", also known as 400-251 exam, is a Cisco Certification. This set of posts, Passing the Cisco 400-251 exam, will help you answer those questions. The 400-251 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 400-251 exams and revised by experts!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q91. What command specifies the peer from which MSDP SA message are accepted?
A. IP msdpsa-filter in <peer>[list<acl>] [route-map <map> ]
B. Ipmsdp default-peer <peer>
C. Ipmsdp mesh-group
D. Ipmsdp originator-id <interface>
Answer: B
Q92. DRAG DROP
Drag each MACsec term on the left to the right matching statement on the right?
Answer:
Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange
SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco
Q93. DRAG DROP
Drag and drop the DNS record types from the left to the matching descriptions to the right
Answer:
Explanation:
DNSkEY: contains a public key for use by the resolver NSEC: Link to the zone's next record name
NSEC3 : contains a hashed link to the zone's next record name PRSIG: contains the record set's DNSSEC signature
NSEC3PARAM : used by authoritative DNS servers when responding to DNSSEC requests
DS : holds the delegated zone's name
Q94. Which two statements describe the Cisco TrustSec system correctly? (Choose two.)
A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.
Answer: C,D
Q95. Refer to the Exhibit. What is the effect of the given ACL policy ?
A. The policy will deny all IPv6 eBGP session.
B. The policy will disable IPv6 source routing.
C. The policy will deny all IPv6 routing packet.
D. The policy will deny all IPv6 routed packet.
Answer: B
Q96. Which configuration is the correct way to change VPN key Encryption key lifetime to 10800 seconds on the key server?
A)
B)
C)
D)
E)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Q97. Which two statements about the MD5 Hash are true? (Choose two.)
A. Length of the hash value varies with the length of the message that is being hashed.
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.
Answer: B,E
Q98. Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)
A. BGP NHT
B. route reflector
C. local preference
D. confederations
E. Virtual peering
Answer: B,D
Q99. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)
A. It is an inbound policy.
B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.
C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.
D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.
E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
F. It is an outbound policy.
Answer: A,C
Q100. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)
A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.
B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.
C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.
D. It disables PMTUD discovery for tunnel interfaces.
E. The DF bit are copied to the GRE IP header.
F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.
Answer: B,E
