[April-2018-New]400-251 Brain Dumps PDF Free Download in Braindump2go[166-176]
2018 April New Cisco 400-251 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 400-251 Real Exam Questions:
1.|2018 Latest 400-251 Exam Dumps (PDF & VCE) 359Q Download: https://www.braindump2go.com/400-251.html 2.|2018 Latest 400-251 Exam Questions & Answers Download: https://drive.google.com/drive/folders/0B75b5xYLjSSNcGJLWWtfdE96ZUU?usp=sharingQUESTION 166 When TCP intercept is enabled in its default mode, how does it react to a SYN request? A. It intercepts the SYN before it reaches the server and responds with a SYN-ACK B. It drops the connection C. It monitors the attempted connection and drops it if it fails to establish within 30 seconds D. It allows the connection without inspection E. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established Answer: A Explanation: The default mode of TCP intercept is active intercept mode http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfdenl.html QUESTION 167 Refer to the exhibit. What are the two effects of the given configuration? (Choose two) A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagram D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed E. It permits Parameter Problem messages that indicate an error in the header F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram Answer: CF Explanation: icmp type 1 code 3 is for address unreachable, icmp 1 code 4 is for port unreachable. http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/22974-icmpv6codes.html QUESTION 168 According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4) A. ISMS Policy B. Corrective Action Procedure C. IS Procedures D. Risk Assessment Reports E. Complete Inventory of all information assets Answer: ACDE Explanation: Corrective action report is a required document but not the procedure https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ QUESTION 169 Which two statements about ICMP redirect messages are true? (Choose two) A. By default, configuring HSRP on the interface disables ICMP redirect functionality. B. They are generated when a packet enters and exits the same router interface. C. The messages contain an ICMP Type 3 and ICMP code 7. D. They are generated by the host to inform the router of an alternate route to the destination. E. Redirects are only punted to the CPU if the packets are also source-routed. Answer: AB QUESTION 170 Which two statements about NAT-PT with IPv6 are true? (Choose two) A. It can be configured as dynamic, static, or PAT. B. It provides end-to-end security. C. It supports IPv6 BVI configurations. D. It provides support for Cisco Express Forwarding. E. It provides ALG support for ICMP and DNS. F. The router can be a single point of failure on the network. Answer: AE QUESTION 171 Which of the following Cisco IPS signature engine has relatively high memory usage ? A. The STRING-TCP engine B. The STRING-UDP engine C. The NORMALIZER engine D. The STRING-ICMP engine Answer: A Explanation: String-TCP engine has the highest number of signatures and has higher memory utilization http://www.ndm.net/ips/pdf/cisco/IOS-IPS/white_paper_c11_549300.pdf QUESTION 172 Which of the following two options can you configure to avoid iBGP full mesh?(Choose two) A. BGP NHT B. route reflector C. local preference D. confederations E. Virtual peering Answer: BD QUESTION 173 Refer to the exhibit, if R1 is acting as a DHCP server, what action can you take to enable the pc to receive an ip address assignment from the DHCP server ? A. Configure the IP local pool command on R2 B. Configure DHCP option 150 on R2 C. Configure the IP helper-address command on R2 to use R1's ip address D. Configure the IP helper-address command on R1 to use R2's ip address E. Configuration DHCP option 82 on R1 F. Configure the ip local pool command on R1 Answer: C QUESTION 174 Which two statements about LEAP are true? (Choose two) A. It is compatible with the PAP and MS-CHAP protocols B. It is an ideal protocol for campus networks C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys D. It is an open standard based on IETF and IEEE standards E. It is compatible with the RADIUS authentication protocol F. Each encrypted session is authentication by the AD server Answer: EF QUESTION 175 Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two) A. Destination Unreachable-protocol Unreachable B. Destination Unreachable-port Unreachable C. Time Exceeded-Time to Live exceeded in Transit D. Redirect-Redirect Datagram for the Host E. Time Exceeded-Fragment Reassembly Time Exceeded F. Redirect-Redirect Datagram for the Type of service and Host Answer: BC QUESTION 176 What are the three response types for SCEP enrollment requests? (Choose three.) A. PKCS#7 B. Reject C. Pending D. PKCS#10 E. Success F. Renewal Answer: BCE !!!RECOMMEND!!!1.|2018 Latest 400-251 Exam Dumps (PDF & VCE) 359Q Download: https://www.braindump2go.com/400-251.html 2.|2018 Latest 400-251 Study Guide Video: YouTube Video: YouTube.com/watch?v=DH_ZfDVMWiU
|