2019/April Braindump2go 400-251 Exam Dumps with PDF and VCE New Updated Today! Following are some new 400-251 Real Exam Questions:
1.|2019 Latest 400-251 Exam Dumps (PDF & VCE) Instant Download:
https://www.braindump2go.com/400-251.html
2.|2019 Latest 400-251 Exam Questions & Answers Instant Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNcGJLWWtfdE96ZUU?usp=sharing
New Question
Which three statements about RLDP are true? (Choose three)
A. It can detect rogue Aps that use WPA encryption
B. It detects rogue access points that are connected to the wired network
C. The AP is unable to serve clients while the RLDP process is active
D. It can detect rogue APs operating only on 5 GHz
E. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network
F. It can detect rogue APs that use WEP encryption
Answer: BCE
Explanation:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/70987-rogue-detect.html
New Question
Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
A. Network translation mode
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Answer: B
New Question
Refer to the exhibit. A signature failed to compile and returned the given error messages.
What is a possible reason for the problem?
A. The signature belongs to the IOS IPS Basic category.
B. The signature belongs to the IOS IPS Advanced category.
C. There is insufficient memory to compile the signature.
D. The signature is retired.
E. Additional signature must be complied during the compiling process.
Answer: C
New Question
Which command sequence can you enter to enable IP multicast for WCCPv2?
A. Router(config)#ip wccp web-cache service-list
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
B. Router(config)#ip wccp web-cache group-list
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
C. Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache redirect in
D. Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache group-listen
E. Router(config)#ip wccp web-cache group-address 224.1.1.100
Router(config)#interface FastEthernet0/0
Router(config)#ip wccp web-cache redirect out
Answer: D
New Question
The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA.
What command can you use to block all current and future connections from the infected host?
A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4
B. shun 10.10.10.4 168.65.201.120 6000 80
C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120
D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4
E. shun 168.65.201.120 10.10.10.4 6000 80
Answer: B
Explanation:
The key points to consider here are “current and future connections from infected host”. If using the ACL, it will only stop the current connection but an infected host may establish a connection to a different host and it would not work. The Shun command with destination IP deals with current and future connections to any host.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s15.html
New Question
IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)
A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.
B. Ikev2 perform TCP intercept on all secure connections
C. IKEv2 only allows symmetric keys for peer authentication
D. IKEv2 interoperates with IKEv1 to increase security in IKEv1
E. IKEv2 only allows certificates for peer authentication
F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie
Answer: AF
New Question
Which five of these are criteria for rule-based rogue classification of access points by the cisco Wireless LAN controller? (Choose five)
A. MAC address range
B. MAC address range number of clients it has
C. open authentication
D. whether it matches a user-configured SSID
E. whether it operates on an authorized channel
F. minimum RSSI
G. time of day the rogue operates
H. Whether it matches a managed AP SSID
Answer: BCDFH
New Question
Which two statement about the DES algorithm are true?(Choose two)
A. It uses a 64-bit key block size and its effective key length is 65 bits
B. It uses a 64-bits key block size and its effective key length is 56 bits
C. It is a stream cripher that can be used with any size input
D. It is more efficient in software implements than hardware implementations.
E. It is vulnerable to differential and linear cryptanalysis
F. It is resistant to square attacks
Answer: BE
New Question
Which three types of addresses can the Botnet Traffic Filter feature of the Cisco ASA monitor? (Choose three)
A. Ambiguous addresses
B. Known malware addresses
C. Listed addresses
D. Dynamic addresses
E. Internal addresses
F. Known allowed addresses
Answer: ABF
New Question
Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: ABF
!!!RECOMMEND!!!
1.|2019 Latest 400-251 Exam Dumps (PDF & VCE) Instant Download:
https://www.braindump2go.com/400-251.html
2.|2019 Latest 400-251 Study Guide Video Download: