Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!
CCIE Security Written Exam (v5.0)
Question No: 11 – (Topic 1)
A new computer is not getting its IPv6 address assigned by the router. While running wire Shark to try to troubleshoot the problem , you find a lot of data that is not helpful to nail down the problem. What two filters would you apply to Wire Shark to the data that you are looking for?(Choose two)
-
Icmpv6.type==135
-
Icmpv6type==136
-
Icmpv6.type==136
-
Icmp5type==135
-
Icmp6type==135
Answer: A,B
Question No: 12 – (Topic 1)
Which effect of the crypto pki authenticate commend is true?
-
It sets the certificate enrollment method.
-
It retrievers and authentication a CA certificate.
-
It configures a CA trustpoint.
-
It displays the current CA certificate.
Answer: B
Question No: 13 – (Topic 1)
Which two characteristics of DTLS are true?(Choose two )
-
It is used mostly by applications that use application layer object-protocols
-
It includes a congestion control mechanism
-
It completes key negotiation and bulk data transfer over a single channel.
-
It supports long data transfers and connectionless data transfers.
-
It cannot be used if NAT exists along the path.
-
It concludes a retransmission method because it uses an unreliable datagram transport
Answer: C,D
Question No: 14 – (Topic 1)
Which three statements about PKI on Cisco IOS Software are true?(Choose three)
-
OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.
-
The match certificate and allow expired-certificate commands are ignored unless the router clock is set
-
If a certificate-based ACL specifies more than one filed, any one successful field-to- value test is treated as a match.
-
OCSP enables a PKI to use a CRL without time limitations.
-
Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.
-
Different OCSP servers can be configured for different groups of client certificates.
Answer: A,E,F
Question No: 15 – (Topic 1)
In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router?
-
Clustering
-
PIM multicast routing
-
Stub multicast routing
-
Multicast group concept
Answer: C
Question No: 16 – (Topic 1)
A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server application. What TCP dump filter would best to verify that traffic is reaching the Linux Server eth0 interface?
A. Tcpdump-ieth0 host 10.10.7.4 and host 11.0.1.9 and port 8080.
B. Tcpump-ieth0 host 10.10.7.4 and 11.0.1.9.
-
Tcpdump-ieth0 dst 11.0.1.9 and dst port 8080.
-
Tcpdump-ieth0 src 10.10.7.4 and dst 11.0.1.9 and dst port 8080.
Answer: D
Question No: 17 – (Topic 1)
Which feature does Cisco VSG use to redirecttraffic in a Cisco Nexus 1000V Series Switch?
-
VEM
-
Vpath
-
VDC
-
VPC
Answer: B
Question No: 18 – (Topic 1)
Refer to the exhibit,
Which three additional configuration elements must you apply to complete a functional Flex VPN deployment?(Choose three)
-
Interface Loopback0 Tunnel mode ipsec ipv6
Tunnel protection ipsec profile default
-
Aaa authorization network ccie local
-
Crypto ikev2 keyring default Peer PEER-ROUTER
Address 2001 101/64
Interface Virtual-Template5 type tunnel Ip nhrp network-id 10
Ip nhrp shortcut Loopack0
-
Crypto ikev2 keyring KEYS Peer PEER-ROUTER
Address 2001 101/64 Crypto ikev2 profile default
Aaa authorization group pak list ccie default
-
Interface Tunnelo
Bfdinterval 50 min-rx 50 multiplier 3 No bfd echo
-
Interface Virtual-Template5 type tunnel Ip nhrp network-id 10
Ipv6 enable Interface Lookback0 Ipv6 eigrp 10
Answer: B,D,F
Question No: 19 – (Topic 1)
Which description of SaaS is true?
-
A server offering that allowing developers to bulid their own applications.
-
A server offering on-demand software downloads.
-
A server offering a software environment in which applications can be build and deployed.
-
A server offering on-demand licensed applications for end users.
Answer: D
Question No: 20 – (Topic 1)
Which two events can cause a failover event on an active/standby setup? (Choose two)
-
The active unit experiences interface failure above the threshold.
-
The unit that was previously active recovers.
-
The stateful failover link fails.
-
The failover link fails
-
The active unit fails.
Answer: A,E
100% Ensurepass Free Download!
–400-251 PDF
100% Ensurepass Free Guaranteed!
–400-251 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |