It is impossible to pass Cisco 400-251 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Cisco 400-251 practice questions. You will get a surprising result by our Refresh CCIE Security Written Exam practice guides.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q31. Which of the following Cisco IPS signature engine has relatively high memory usage ?
A. The STRING-TCP engine
B. The STRING-UDP engine
C. The NORMALIZER engine
D. The STRING-ICMP engine
Answer: C
Q32. Which Statement about remote procedure calls is true?
A. They support synchronous and asynchronous requests.
B. They can emulate different hardware specifications on a single platform.
C. They support optimized data replication among multiple machines.
D. They use a special assembly instruction set to process remote code without conflicting with other remote processes.
E. They can be invoked by the client and the server.
Answer: D
Q33. Which three statements about the IANA are true? (Choose three.)
A. IANA is a department that is operated by the IETF
B. IANA oversees global IP address allocation.
C. IANA managed the root zone in the DNS.
D. IANA is administered by the ICANN.
E. IANA defines URI schemes for use on the Internet.
Answer: B,C,D
Q34. Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
Answer: A,C,D
Q35. Which statement about the cisco anyconnect web security module is true ?
A. It is VPN client software that works over the SSl protocol.
B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.
C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.
D. It is deployed on endpoints to route HTTP traffic to SCANsafe
Answer: D
Q36. DRAG DROP
Drag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?
Answer:
Explanation:
1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.
Q37. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?
A. The finger service
B. A BOOTp server
C. A TCP small server
D. The PAD service
Answer: C
Q38. What ASA feature can do use to restrict a user to a specific VPN group?
A. A webtypeACL
B. MPF
C. A VPN filter
D. Group-lock
Answer: D
Q39. Which two statements about ICMP redirect messages are true? (choose two)
A. By default, configuring HSRP on the interface disables ICMP redirect functionality.
B. They are generated when a packet enters and exits the same router interface.
C. The messages contain an ICMP Type 3 and ICMP code 7.
D. They are generated by the host to inform the router of an alternate route to the destination.
E. Redirects are only punted to the CPU if the packets are also source-routed.
Answer: A,B
Q40. DRAG DROP
Drag each EAP variant in the 802.1x framework to the matching statement on the right?
Answer:
Explanation: EAP-FAST: An encapsulated EAP variant that can travel through TLS tunnel EAP-MD5: When used, EAP servers provide authentication to EAP peers only EAP-OTP: Authenticates using a single-use token
EAP-PEAP: Performs secure tunnel authentication
EAP-SIM: Enables GSM users to access both voice and data services with unified authentication. EAP-TLS: Provides EAP message fragmentation.
EAP-TTLS: An early EAP variant that uses certificates based authentication of both client and server
LEAP: A simplified EAP variant that uses password as shared service.
