It is impossible to pass Cisco 400-251 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Cisco 400-251 practice questions. You will get a surprising result by our Most up-to-date CCIE Security Written Exam practice guides.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q11. Which statement about ICMPv6 filtering is true?
A)
B)
C)
D)
E)
F)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q12. Refer to the exhibit.
Which effect of this configuration is true?
A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes.
B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.
C. NUD retransmits Neighbor Solicitation messages every 4 seconds.
D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.
E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.
F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.
Answer: E
Q13. What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?
A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater
B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets
C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes
D. It configures the interface to fragment packets on connections with MTUs of 1024 or less
E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes
Answer: E
Q14. Which VPN technology is based on GDOI (RFC 3547)?
A. MPLS Layer 3 VPN
B. MPLS Layer 2 VPN
C. GET VPN
D. IPsec VPN
Answer: C
Q15. Which two options are differences between automation and orchestration? (Choose two)
A. Automation is to be used to replace human intervention
B. Automation is focused on automating a single or multiple tasks
C. Orchestration is focused on an end-to-end process or workflow
D. Orchestration is focused on multiple technologies to be integrated together
E. Automation is an IT workflow composed of tasks, and Orchestration is a technical task
Answer: B,C
Q16. According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)
A. Router Renumbering(Type 138)
B. Node Information Query(Type 139)
C. Router Solicitation(Type 133)
D. Node information Response(Type
E. Router Advertisement(Type 134)
F. Neighbor Solicitaion(Type 135)
Answer: A,B,D
Q17. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)
A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any
interface FastEthernet0/0
ipv6 traffic-filter Deny_Loose_Source_Routing in
B. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility –type bind-refresh Permit ipv6 any any
Interface FastEthernet/0 Ipv6 tr
Affic-filter Deny_Loose_Source_Routing in
C. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0
Permit ipv6 any any Interface FastEthernet0/0
Ipv6 traffic –filter Deny_Loose_Routing in
D. Ipv6 access –list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing –type 0
Deny ipv6 any any routing –type 0 Permit ipv6 any any
Interface FastEthernet t0/0
Ipv6 traffic –filter Deny_Loose_Source_Routing in
E. Ipv6 access –list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing –type 0 log-input
Sequence 2 permit ipv6 any any flow –label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in
Answer: C,D
Q18. What are feature that can stop man-in-the-middle attacks? (Choose two)
A. ARP sniffing on specific ports
B. ARP spoofing
C. Dynamic ARP inspection
D. DHCP snooping
E. destination MAC ACLs
Answer: C,D
Q19. Refer to the exhibit.
After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?
A. R2 received a packet with an incorrect area form the loopback1 interface
B. OSPFv3 area authentication is missing
C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface
D. The SPI and the authentication key are unencrypted
E. The SPI value and the key are the same on both R1 and R2
Answer: C
Q20. For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: D,F
