[February 2018] Lead2pass New Updated 400-251 Braindump Free Get 727q
Lead2pass Offers Free 400-251 Dumps Files for Free Downloading By 400-251 Exam Expert: https://www.lead2pass.com/400-251.html 4 1 QUESTION 11 Drag and Drop Question Drag each OSPF security feature on the left to its description on the right. Answer: QUESTION 12 Which VPN technology is based on GDOI (RFC 3547)? A. MPLS Layer 3 VPN B. MPLS Layer 2 VPN C. GET VPN D. IPsec VPN Answer: C QUESTION 13 Which statement about the 3DES algorithm is true? A. The 3DES algorithm uses the same key for encryption and decryption, B. The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption. C. The 3DES algorithm is a block cipher. D. The 3DES algorithm uses a key length of 112 bits. E. The 3DES algorithm is faster than DES due to the shorter key length. Answer: C QUESTION 14 Which significant change to PCI DSS standards was made in PCI DSS version 3.1? A. No version of TLS is now considered to provide strong cryptography. B. Storage of sensitive authentication data after authorization is now permitted when proper encryption is applied. C. Passwords are now required to be changed at least once every 30 days. D. SSL is now considered a weak cryptographic technology. E. If systems that are vulnerable to POODLE are deployed in an organization, a patching and audit review process must be implemented. Answer: D QUESTION 15 Refer to the Exhibit, what is a possible reason for the given error? A. One or more require application failed to respond. B. The IPS engine is busy building cache files. C. The IPS engine I waiting for a CLI session to terminate. D. The virtual sensor is still initializing. Answer: D QUESTION 16 Which three statements about the keying methods used by MAC Sec are true (Choose Three) A. MKA is implemented as an EAPoL packet exchange B. SAP is enabled by default for Cisco TrustSec in manual configuration mode. C. SAP is supported on SPAN destination ports D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA E. SAP is not supported on switch SVIs . F. A valid mode for SAP is NULL Answer: AEF Explanation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmacsec.pdf 2 SAP is disabled by default in Cisco TrustSec manual mode QUESTION 17 Which two statements about Cisco ASA authentication using LDAP are true? (Choose two) A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute B. It uses AD attribute maps to assign users to group policies configured under the WebVPN context C. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies D. It can assign a group policy to a user based on access credentials E. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA F. It is a closed standard that manages directory-information services over distributed networks Answer: BD QUESTION 18 Drag and Drop Question Drag each IPS signature engine on the left to its description on the right. Answer: Explanation: http://www.cisco.com/c/en/us/td/docs/security/ips/6-1/configuration/guide/cli/cliguide/cli_signature_engines.html#wp1141808 3 400-251 dumps full version (PDF&VCE): https://www.lead2pass.com/400-251.html 4 1 Large amount of free 400-251 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8 5
|