Demo Questions For Cisco 400-251 Exam
Question No : 1
Which two statements about SCEP are true? (Choose two)
A. CA servers must support GetCACaps response messages in order to implement extended functionality
B. The GetCRL exchange is signed and encrypted only in the response direction.
C. It is vulnerable to downgrade attacks on its cryptographic capabilities
D. The GetCert exchange is signed and encrypted only in the response direction.
E. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.
Answer: A,C
Question No : 2
Which two events can cause a failover event on an active/standby setup? (Choose two.)
A. The active unit experiences interface failure above the threshold.
B. The unit that was previously active recovers.
C. The stateful failover link fails.
D. The failover link fails.
E. The active unit fails
Answer: A,E
Question No : 3
Which two statements about the MACsec security protocol are true? (Choose two.)
A. Stations broadcast an MKA heartbeat that contains the key server priority
B. The SAK is secured by 128 bit AES-GCM by default
C. When switch-to-switch link security is configured in manual mode, the SAP operation mode must
be set to GCM
D. MACsec is not supported in MDA mode.
E. MKA heartbeats are sent at a default interval of 3 seconds.
Answer: A,B
Verified Cisco 400-251 Study
Material - 400-251 Exam Dumps Realexamdumps.com
Question No : 4
Which two options are benefits of network summarization? (Choose two.)
A. It can summarize discontiguous IP addresses.
B. It can easily be added to existing networks
C. it can increase the convergence of the network
D. It reduces the number of routes
E. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.
Answer: D,E
Question No : 5
Which two statements about uRPF are true? (Choose two.)
A. The administrator can configure the allow-default command to force the routing table to use only the default route
B. It is not supported on the Cisco ASA security appliance.
C. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work routing groups.
D. The administrator can use the show cef interface command to determine whether uRPF is enabled
E. In strict mode, only one routing path can be available to reach network devices on a subnet
Answer: D,E
Question No : 6
Which type of header attack is detected by Cisco ASA basic threat detection?
A. connection limit exceeded
B. denial by access list
C. failed application inspection
D. bad packet format
Answer: D
Pass 2018 Cisco 400-251 Final
Exam - 400-251 Exam Dumps Questions
Question N : 7
When TCP intercept is enabled in its default mode, how does it react to a SYN request?
A. It intercepts the SYN before it reaches the server and responds with a SYN-ACK
B. It drops the connection
C. It monitors the attempted connection and drops it if it fails to establish within 30 seconds
D. It allows the connection without inspection
E. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established
Answer: E
Question No : 8
Which two statements about global ACLs are true? (Choose two)
A. They support an implicit deny
B. They are applied globally instead of being replicated on each interface
C. They override individual interface access rules
D. They require an explicit deny
E. They can filer different packet types than extended ACLs
F. They require class-map configuration
Answer: A,B
Question No : 9
Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
A. L2TP-Encryption
B. Web-VPN-ACL-Filters
C. IPsec-Client-Firewall-Filter-Name
D. Authenticated-User-Idle-Timeout
E. IPsec-Default-Domain
F. Authorization-Type
Answer: B,D,E
Question N : 10
Which two statements about IPsec in a NAT-enabled environment are true? (Choose two)
A. The hashes of each peer's IP address and port number are compared to determine whether NAT-T is required
B. NAT-T is not supported when IPsec Phase 1 is set to Aggressive Mode
C. The first two messages of IPsec Phase 2 are used to determine whether the remote host supports NAT-T
D. IPsec packets are encapsulated in UDP 500 or UDP 10000 packets
E. To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers
Answer: A,D
Preparing Tips For Cisco 400-251
Final Exam | 400-251 Dumps PDF Realexamdumps.com
No comments:
Post a Comment