[Full Version] 100% Pass 400-251 Exam By Training Lead2pass New VCE And PDF Dumps (1-20)

2017 February Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

How to pass 400-251 exam easily? Are you struggling for the 400-251 exam? Good news, Lead2pass Cisco technical experts have collected all the questions and answers which are updated to cover the knowledge points and enhance candidates’ abilities. We offer the latest 400-251 PDF and VCE dumps with new version VCE player for free download, and the new 400-251 dump ensures your 400-251 exam 100% pass.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/400-251.html

QUESTION 1
According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?

A.    Allow only POST requests.
B.    Mark all cookies as HTTP only.
C.    Use per-session challenge tokens in links within your web application.
D.    Always use the “secure” attribute for cookies.
E.    Require strong passwords.

Answer: C

QUESTION 2
What is the maximum pattern length supported by FPM searches within a packet?

A.    256 bytes
B.    128 bytes
C.    512 bytes
D.    1500 bytes

Answer: A

QUESTION 3
Which two statements about role-based access control are true?(Choose two)

A.    Server profile administrators have read and write access to all system logs by default.
B.    If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.
C.    A view is created on the Cisco IOS device to leverage role-based access controls.
D.    Network administrators have read and write access to all system logs by default.
E.    The user profile on an AAA server is configured with the roles that grant user privileges.

Answer: DE

QUESTION 4
Which three global correlation feature can be enabled from cisco IPD device manager (Cisco IDM)? (Choose three)

A.    Network Reputation
B.    Global Data Interaction
C.    Signature Correlation
D.    Reputation Filtering
E.    Global Correlation Inspection
F.    Data Contribution
G.    Reputation Assignment

Answer: CDE

QUESTION 5
According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)

A.    Router Renumbering(Type 138)
B.    Node Information Query(Type 139)
C.    Router Solicitation(Type 133)
D.    Node information Response(Type
E.    Router Advertisement(Type 134)
F.    Neighbor Solicitaion(Type 135)

Answer: ABD

QUESTION 6
What is the effect of the following command on Cisco IOS router?

ip dns spoofing 1.1.1.1

A.    The router will respond to the DNS query with its highest loopback address configured
B.    The router will respond to the DNS query with 1.1.1.1 if the query id for its own hostname
C.    The router will respond to the DNS query with the IP address of its incoming interface for any hostname query
D.    The router will respond to the DNS query with the IP address of its incoming interface for its own hostname

Answer: D

QUESTION 7
Which two options are differences between automation and orchestration? (Choose two)

A.    Automation is to be used to replace human intervention
B.    Automation is focused on automating a single or multiple tasks
C.    Orchestration is focused on an end-to-end process or workflow
D.    Orchestration is focused on multiple technologies to be integrated together
E.    Automation is an IT workflow composed of tasks, and Orchestration is a technical task

Answer: BC

QUESTION 8
Refer to the exhibit. What is the effect of the given configuration?

81

A.    It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.
B.    It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to
3600 milliseconds.
C.    It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.
D.    It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.
E.    It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.

Answer: E

QUESTION 9
What are two characteristics of RPL, used in loT environments? (Choose two)

A.    It is an Exterior Gateway Protocol
B.    It is a Interior Gateway Protocol
C.    It is a hybrid protocol
D.    It is link-state protocol
E.    It is a distance-vector protocol

Answer: BE

QUESTION 10
In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource-limited by default when their context is a member of the default class?(choose three).

A.    Telnet sessions
B.    ASDM sessions
C.    IPSec sessions
D.    SSH sessions
E.    TCP sessions
F.    SSL VPN sessions

Answer: ABD

QUESTION 11
Drag and Drop Question
Drag each OSPF security feature on the left to its description on the right.

111

Answer:

112

QUESTION 12
Which VPN technology is based on GDOI (RFC 3547)?

A.    MPLS Layer 3 VPN
B.    MPLS Layer 2 VPN
C.    GET VPN
D.    IPsec VPN

Answer: C

QUESTION 13
Which statement about the 3DES algorithm is true?

A.    The 3DES algorithm uses the same key for encryption and decryption,
B.    The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption.
C.    The 3DES algorithm is a block cipher.
D.    The 3DES algorithm uses a key length of 112 bits.
E.    The 3DES algorithm is faster than DES due to the shorter key length.

Answer: C

QUESTION 14
Which significant change to PCI DSS standards was made in PCI DSS version 3.1?

A.    No version of TLS is now considered to provide strong cryptography.
B.    Storage of sensitive authentication data after authorization is now permitted when proper encryption is applied.
C.    Passwords are now required to be changed at least once every 30 days.
D.    SSL is now considered a weak cryptographic technology.
E.    If systems that are vulnerable to POODLE are deployed in an organization, a patching and audit review process must be implemented.

Answer: D

QUESTION 15
Refer to the Exhibit, what is a possible reason for the given error?

151

A.    One or more require application failed to respond.
B.    The IPS engine is busy building cache files.
C.    The IPS engine I waiting for a CLI session to terminate.
D.    The virtual sensor is still initializing.

Answer: D

QUESTION 16
Which three statements about the keying methods used by MAC Sec are true (Choose Three)

A.    MKA is implemented as an EAPoL packet exchange
B.    SAP is enabled by default for Cisco TrustSec in manual configuration mode.
C.    SAP is supported on SPAN destination ports
D.    Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA
E.    SAP is not supported on switch SVIs .
F.    A valid mode for SAP is NULL

Answer: ABF

QUESTION 17
Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)

A.    It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute
B.    It uses AD attribute maps to assign users to group policies configured under the WebVPN context
C.    The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies
D.    It can assign a group policy to a user based on access credentials
E.    It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA
F.    It is a closed standard that manages directory-information services over distributed networks

Answer: AB

QUESTION 18
Drag and Drop Question
Drag each IPS signature engine on the left to its description on the right.

181

Answer:

182

QUESTION 19
With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails Registration will continue to fail until you do which of these?

191

A.    Modify the NHRP network IDs to match on the hub and spoke.
B.    configure the ip nhrp caches non-authoritative command on the hub’s tunnel interface.
C.    modify the tunnel keys to match on the hub and spoke.
D.    modify the NHRP hold time to match on the hub and spoke.

Answer: C

QUESTION 20
Which three statements are true regarding Security Group Tags? (Choose three.)

A.    When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.
B.    When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.
C.    Security Group Tags are a supported network authorization result using Cisco ACS 5.x.
D.    Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.
E.    A Security Group Tag is a variable length string that is returned as an authorization result.

Answer: ACD

Lead2pass Cisco 400-251 exam dumps are audited by our certified subject matter experts and published authors for development. Lead2pass Cisco 400-251 exam dumps are one of the highest quality Cisco 400-251 Q&As in the world. It covers nearly 96% real questions and answers, including the entire testing scope. Lead2pass guarantees you pass Cisco 400-251 exam at first attempt.

400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM

2017 Cisco 400-251 exam dumps (All 336 Q&As) from Lead2pass:

http://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]