[Full Version] 100% Pass Lead2pass 400-251 New Questions Free Version (201-220)

2017 February Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Good news, Lead2pass has updated the 400-251 exam dumps. With all the questions and answers in your hands, you will pass the Cisco 400-251 exam easily.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/400-251.html

QUESTION 201
Which two statements about DTLS are true?(Choose two)

A.    It uses two simultaneous IPSec tunnels to carry traffic.
B.    If DPD is enabled, DTLS can fall back to a TLS connection.
C.    Because it requires two tunnels, it may experience more latency issues than SSL connections.
D.    If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
E.    It is disabled by default if you enable SSL VPN on the interface.

Answer: BC

QUESTION 202
Refer to the exhibit, which two Statements about the given Configuration are true? (Choose two)

2021

A.    It is an inbound policy.
B.    It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.
C.    It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.
D.    It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.
E.    It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
F.    It is an outbound policy.

Answer: AC

QUESTION 203
What command can you use to protect a router from TCP SYN-flooding attacks?

A.    ip igmp snooping
B.    rate-limit input <bps><burst-normal><Burst-max>
C.    ip tcp intercept list <access-list>
D.    ip dns spoofing <ip-address>
E.    police <bps>

Answer: C

QUESTION 204
Refer to the exhibit, what is the effect of the given configuration?

2041

A.    It will Drop all TTL packet with a value of 14 in the IP header field.
B.    It will Drop all TTL packet with a TTL value less than 14.
C.    It will Drop all TTL packet with a TTL value of 15 or more.
D.    It will Drop all TTL packet with a TTL value of 14 or more.

Answer: B

QUESTION 205
If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?

A.    standby
B.    active
C.    on
D.    passive

Answer: B

QUESTION 206
Which three statements about the SHA-2 algorithm are true? (Choose three)

A.    It provides a variable-length output using a collision-resistant cryptographic hash.
B.    It provides a fixed-length output using a collision-resistant cryptographic hash.
C.    It is used for integrity verification.
D.    It generates a 160-bit message digest.
E.    It is the collective term for the SHA-224, SHA-256, SHA-384, and SHA-512 algorithms.
F.    It generates a 512-bit message digest.

Answer: BCE

QUESTION 207
Drag and Drop Question
Drag and drop each RADIUS packet field on the left onto the matching decription on the right.

2071

Answer:

2072

QUESTION 208
Which three of these situation warrant engagement of a security incident Response team?(Choose three)

A.    damage to computer/network resources
B.    pornographic biogs’websites
C.    computer or network misuse/abuse
D.    denial of service (DoS)
E.    loss of data confidentialitymtegrity

Answer: CDE

QUESTION 209
What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)

A.    IMAP
B.    RDP
C.    MME
D.    ICQ
E.    POP3
F.    IKE

Answer: ADE

QUESTION 210
You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch’s port mode to trunk?

A.    device-traffic-class=switch
B.    device-traffic-class=trunk
C.    framed-protocol=1
D.    EAP-message-switch
E.    Authenticate=Administrative
F.    Acct-Authentic=radius

Answer: A

QUESTION 211
Refer to the exhibit. Which statement about the router R1 is true?

2111

A.    Its private-config is corrupt.
B.    Its NVRAM contains public and private crypto keys.
C.    Its running configuration is missing.
D.    RMON is configured.

Answer: B

QUESTION 212
Refer to the Exhibit. What is the effect of the given ACL policy ?

2121

A.    The policy will deny all IPv6 eBGP session.
B.    The policy will disable IPv6 source routing.
C.    The policy will deny all IPv6 routing packet.
D.    The policy will deny all IPv6 routed packet.

Answer: B

QUESTION 213
Which three statements about the RSA algorithm are true? (Choose three.)

A.    The RSA algorithm provides encryption but not authentication.
B.    The RSA algorithm provides authentication but not encryption.
C.    The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.
D.    The private key is never sent across after it is generated.
E.    The public key is used to decrypt the message that was encrypted by the private key.
F.    The private key is used to decrypt the message that was encrypted by the public key.

Answer: CDF

QUESTION 214
Which of these is a core function of the risk assessment process? (Choose one.)

A.    performing regular network upgrades
B.    performing network optimization
C.    performing network posture validation
D.    establishing network baselines
E.    prioritizing network roll-outs

Answer: C

QUESTION 215
Which two router configurations block packets with the Type 0 Routing header on the interface? (Choose two)

A.    Ipv6 access-list Deny_Loose_Routing
permit ipv6 any any routing-type 0
deny ipv6 any any
interface FastEthernet0/0
ipv6 traffic-filter Deny_Loose_Source_Routing in
B.    Ipv6 access-list-Deny_Loose_Source_Routing
Deny ipv6 FE80::/10 any mobility -type bind-refresh
Interface FastEthernet/0
Ipv6 tr
Affic-filter Deny_Loose_Source_Routing in
C.    Ipv6 access-list Deny_Loose_Source_Routing
Deny ipv6 any any routing-type 0
Permit ipv6 any any
Interface FastEthernet0/0
Ipv6 traffic -filter Deny_Loose_Routing in
D.    Ipv6 access -list Deny_Loose_Source_Routing
Deny ipv6 any FE80: :/10 routing -type 0
Deny ipv6 any any routing -type 0
Permit ipv6 any any
Interface FastEthernet t0/0
Ipv6 traffic -filter Deny_Loose_Source_Routing in
E.    Ipv6 access -list Deny_Loose_Source_Routing
Sequence 1 deny ipv6 any any routing -type 0 log-input
Sequence 2 permit ipv6 any any flow -label 0 routing interface Fastethernet0/0
Ipv6 traffic-filter Deny_Loose_Source_Routing in

Answer: CD

QUESTION 216
What protocol provides security for datagram protocols?

A.    MAB
B.    DTLS
C.    SCEP
D.    GET
E.    LDP

Answer: B

QUESTION 217
Which two options are open-source SDN controllers? (Choose two)

A.    OpenContrail
B.    OpenDaylight
C.    Big Cloud Fabric
D.    Virtual Application Networks SDN Controller
E.    Application Policy Infrastructure Controller

Answer: AB

QUESTION 218
Which current RFC made RFCs 2409, 2407, and 2408 obsolete?

A.    RFC 4306
B.    RFC 2401
C.    RFC 5996
D.    RFC 4301
E.    RFC 1825

Answer: A

QUESTION 219
Refer to the exhibit. Which effect of this configuration is true?

2191

A.    It enables MLD query messages for all link-local groups.
B.    It configures the node to generate a link-local group report when it joins the solicited- node multicast group.
C.    It enables hosts to send MLD report messages for groups 224.0.0.0/24.
D.    it enables local group membership for MLDv1 and MLDv2.
E.    It enables the host to send MLD report messages for nonlink local groups.

Answer: C

QUESTION 220
Which technology builds on the vPathconcept and can be used in virtual and physical environments?

A.    VXLAN
B.    ACI
C.    NSH
D.    SDN

Answer: C

Once there are some changes on 400-251 exam questions, we will update the study materials timely to make sure that our customer can download the latest edition.

400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbkNSWnpMam9TWWM

2017 Cisco 400-251 exam dumps (All 336 Q&As) from Lead2pass:

http://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]