admin

[Free] 2018(Aug) Ensurepass Cisco 400-251 Dumps with VCE and PDF 11-20

400-251 Latest Exam (Aug 2018)

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 11 – (Topic 1)

A new computer is not getting its IPv6 address assigned by the router. While running wire Shark to try to troubleshoot the problem , you find a lot of data that is not helpful to nail down the problem. What two filters would you apply to Wire Shark to the data that you are looking for?(Choose two)

  1. Icmpv6.type==135

  2. Icmpv6type==136

  3. Icmpv6.type==136

  4. Icmp5type==135

  5. Icmp6type==135

Answer: A,B

Question No: 12 – (Topic 1)

Which effect of the crypto pki authenticate commend is true?

  1. It sets the certificate enrollment method.

  2. It retrievers and authentication a CA certificate.

  3. It configures a CA trustpoint.

  4. It displays the current CA certificate.

Answer: B

Question No: 13 – (Topic 1)

Which two characteristics of DTLS are true?(Choose two )

  1. It is used mostly by applications that use application layer object-protocols

  2. It includes a congestion control mechanism

  3. It completes key negotiation and bulk data transfer over a single channel.

  4. It supports long data transfers and connectionless data transfers.

  5. It cannot be used if NAT exists along the path.

  6. It concludes a retransmission method because it uses an unreliable datagram transport

Answer: C,D

Question No: 14 – (Topic 1)

Which three statements about PKI on Cisco IOS Software are true?(Choose three)

  1. OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.

  2. The match certificate and allow expired-certificate commands are ignored unless the router clock is set

  3. If a certificate-based ACL specifies more than one filed, any one successful field-to- value test is treated as a match.

  4. OCSP enables a PKI to use a CRL without time limitations.

  5. Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.

  6. Different OCSP servers can be configured for different groups of client certificates.

Answer: A,E,F

Question No: 15 – (Topic 1)

In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router?

  1. Clustering

  2. PIM multicast routing

  3. Stub multicast routing

  4. Multicast group concept

Answer: C

Question No: 16 – (Topic 1)

A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server application. What TCP dump filter would best to verify that traffic is reaching the Linux Server eth0 interface?

A. Tcpdump-ieth0 host 10.10.7.4 and host 11.0.1.9 and port 8080.

B. Tcpump-ieth0 host 10.10.7.4 and 11.0.1.9.

  1. Tcpdump-ieth0 dst 11.0.1.9 and dst port 8080.

  2. Tcpdump-ieth0 src 10.10.7.4 and dst 11.0.1.9 and dst port 8080.

Answer: D

Question No: 17 – (Topic 1)

Which feature does Cisco VSG use to redirecttraffic in a Cisco Nexus 1000V Series Switch?

  1. VEM

  2. Vpath

  3. VDC

  4. VPC

Answer: B

Question No: 18 – (Topic 1)

Refer to the exhibit,

Ensurepass 2018 PDF and VCE

Which three additional configuration elements must you apply to complete a functional Flex VPN deployment?(Choose three)

  1. Interface Loopback0 Tunnel mode ipsec ipv6

    Tunnel protection ipsec profile default

  2. Aaa authorization network ccie local

  3. Crypto ikev2 keyring default Peer PEER-ROUTER

    Address 2001 101/64

    Interface Virtual-Template5 type tunnel Ip nhrp network-id 10

    Ip nhrp shortcut Loopack0

  4. Crypto ikev2 keyring KEYS Peer PEER-ROUTER

    Address 2001 101/64 Crypto ikev2 profile default

    Aaa authorization group pak list ccie default

  5. Interface Tunnelo

    Bfdinterval 50 min-rx 50 multiplier 3 No bfd echo

  6. Interface Virtual-Template5 type tunnel Ip nhrp network-id 10

Ipv6 enable Interface Lookback0 Ipv6 eigrp 10

Answer: B,D,F

Question No: 19 – (Topic 1)

Which description of SaaS is true?

  1. A server offering that allowing developers to bulid their own applications.

  2. A server offering on-demand software downloads.

  3. A server offering a software environment in which applications can be build and deployed.

  4. A server offering on-demand licensed applications for end users.

Answer: D

Question No: 20 – (Topic 1)

Which two events can cause a failover event on an active/standby setup? (Choose two)

  1. The active unit experiences interface failure above the threshold.

  2. The unit that was previously active recovers.

  3. The stateful failover link fails.

  4. The failover link fails

  5. The active unit fails.

Answer: A,E

100% Ensurepass Free Download!
400-251 PDF
100% Ensurepass Free Guaranteed!
400-251 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Related Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.