Testking 400-251 Questions are updated and all 400-251 answers are verified by experts. Once you have completely prepared with our 400-251 exam prep kits you will be ready for the real 400-251 exam without a problem. We have Latest Cisco 400-251 dumps study guide. PASSED 400-251 First attempt! Here What I Did.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q121. Which two options are open-source SDN controllers? (Choose two)
A. OpenContrail
B. OpenDaylight
C. Big Cloud Fabric
D. Virtual Application Networks SDN Controller
E. Application Policy Infrastructure Controller
Answer: A,B
Q122. Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?
A. eBGP peering will fail because ASA is transit lacks BGP support.
B. eBGP peering will be successful.
C. eBGP peering will fail because the two routers must be directly connected to allow peering.
D. eBGP peering will fail because of the TCP random sequence number feature.
Answer: C
Q123. Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: A,B,F
Q124. DRAG DROP
Drag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the Right?
Answer:
Explanation: 3DES-sha1: 168 bit encryption with 160 bit hash DES-sha1: 56 bit encryption with 160 bit hash Null sha1: 160 bit hash without encryption
RC4-md5: 128 bit with 128 bit hash RC4-sha1: 128 bit with 160 bit hash.
Q125. Which two statements about DTLS are true?(Choose two)
A. It uses two simultaneous IPSec tunnels to carry traffic.
B. If DPD is enabled, DTLS can fall back to a TLS connection.
C. Because it requires two tunnels, it may experience more latency issues than SSL connections.
D. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
E. It is disabled by default if you enable SSL VPN on the interface.
Answer: B,C
Q126. How can the tail drop algorithem support traffic when the queue is filled?
A. It drop older packet with a size of 64 byts or more until queue has more traffic
B. It drop older packet with a size of less than 64 byts until queue has more traffic
C. It drops all new packets until the queue has room for more traffic
D. It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic.
Answer: C
Q127. Refer to the exhibit, which effect of this configuration is true?
A. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes
B. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes
C. The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
D. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
E. The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
Answer: D
Q128. In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource- limited by default when their context is a member of the default class?(choose three).
A. Telnet sessions
B. ASDM sessions
C. IPSec sessions
D. SSH sessions
E. TCP sessions
F. SSL VPN sessions
Answer: A,B,D
Q129. Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Answer: B
Q130. Refer to the exhibit
which two statement about the given IPV6 ZBF configuration are true? (Choose two)
A. It provides backward compability with legacy IPv6 inspection
B. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.
C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.
D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.
E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.
F. It provide backward compatibility with legacy IPv4 inseption.
Answer: A,B
