This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Fri Nov 22 0:05:21 2024 / +0000 GMT ___________________________________________________ Title: [2017-Feb-New]400-251 CCIE PDF and VCE Exam Dumps Provided for Free Download By Braindump2go[Question1-Question13] --------------------------------------------------- 2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now! 2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com! 1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download:http://www.braindump2go.com/400-251.html 2.|2017 NEW 400-251 Written Exam Questions & Answers:http://www.braindump2go.com/400-251.html   QUESTION 1Drag and drop the step in the Cisco ASA packet processing flow on the left into the correct order of operations on the right. Answer:   QUESTION 2What is the effect of the following command on Cisco IOS router?ip dns spoofing 1.1.1.1 A.    The router will respond to the DNS query with its highest loopback address configuredB.    The router will respond to the DNS query with 1.1.1.1 if the query id for its own hostnameC.    The router will respond to the DNS query with the IP address of its incoming interface for any hostname queryD.    The router will respond to the DNS query with the IP address of its incoming interface for its own hostname Answer: D QUESTION 3You have configured a DMVPN hub and spoke a follows (assume the IPsec profile "dmvpnprofile" is configured correctly): With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these? A.    Configure the ipnhrp cache non-authoritative command on the hub's tunnel interfaceB.    Modify the NHRP hold times to match on the hub and spokeC.    Modify the NHRP network IDs to match on the hub and spokeD.    Modify the tunnel keys to match on the hub and spoke Answer: D QUESTION 5Which two options are unicast address types for IPv6 addressing? (Choose two) A.    EstablishedB.    StaticC.    GlobalD.    DynamicE.    Link-local Answer: CE QUESTION 6Refer to the exhibit. Which two effects of this configuration are true? (Choose two)  A.    The BGP neighbor session tears down after R1 receives 100 prefixes from the neighbor 1.1.1.1B.    The BGP neighbor session between R1 and R2 re-establishes after 50 minutesC.    A warning message is displayed on R2 after it receives 50 prefixesD.    A warning message is displayed on R2 after it receives 100 prefixes from neighbor 1.1.1.1E.    The BGP neighbor session tears down after R1 receives 200 prefixes from neighbor 2.2.2.2F.    The BGP neighbor session between R1 and R2 re-establishes after 100 minutes Answer: DE QUESTION 7From the list below, which one is the major benefit of AMP Threat GRID? A.    AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with virusesB.    AMP Threat Grid learns ONLY from data you pass on your network and not from anything else to monitor for suspicious behavior. This makes the system much faster and efficientC.    AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one combined solutionD.    AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral indicators Answer: C QUESTION 8Which two characteristics of DTLS are true? (Choose two) A.    It includes a congestion control mechanismB.    It supports long data transfers and connections data transfersC.    It completes key negotiation and bulk data transfer over a single channelD.    It is used mostly by applications that use application layer object-security protocolsE.    It includes a retransmission method because it uses an unreliable datagram transportF.    It cannot be used if NAT exists along the path Answer: AE QUESTION 9Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two) A.    Destination Unreachable-protocol UnreachableB.    Destination Unreachable-port UnreachableC.    Time Exceeded-Time to Live exceeded in TransitD.    Redirect-Redirect Datagram for the HostE.    Time Exceeded-Fragment Reassembly Time ExceededF.    Redirect-Redirect Datagram for the Type of service and Host Answer: BC QUESTION 10Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three) A.    L2TP-EncryptionB.    Web-VPN-ACL-FiltersC.    IPsec-Client-Firewall-Filter-NameD.    Authenticated-User-Idle-TimeoutE.    IPsec-Default-DomainF.    Authorization-Type Answer: BDE QUESTION 11Which two statements about global ACLs are true? (Choose two) A.    They support an implicit denyB.    They are applied globally instead of being replicated on each interfaceC.    They override individual interface access rulesD.    They require an explicit denyE.    They can filer different packet types than extended ACLsF.    They require class-map configuration Answer: AB QUESTION 12When TCP intercept is enabled in its default mode, how does it react to a SYN request? A.    It intercepts the SYN before it reaches the server and responds with a SYN-ACKB.    It drops the connectionC.    It monitors the attempted connection and drops it if it fails to establish within 30 secondsD.    It allows the connection without inspectionE.    It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established Answer: E QUESTION 13Which two statements about IPsec in a NAT-enabled environment are true? (Choose two) A.    The hashes of each peer's IP address and port number are compared to determine whether NAT-T is requiredB.    NAT-T is not supported when IPsec Phase 1 is set to Aggressive ModeC.    The first two messages of IPsec Phase 2 are used to determine whether the remote host supports NAT-TD.    IPsec packets are encapsulated in UDP 500 or UDP 10000 packetsE.    To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers Answer: AD !!! RECOMMEND!!! 1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download:http://www.braindump2go.com/400-251.html 2.|2017 NEW 400-251 Study Guide Video: YouTube Video: YouTube.com/watch?v=C4Esxyyp-0Q --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-02-08 03:31:58 Post date GMT: 2017-02-08 03:31:58 Post modified date: 2017-02-08 03:31:58 Post modified date GMT: 2017-02-08 03:31:58 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com