Vendor: CiscoExam Code: 400-251 Exam Name: Cisco CCIE Security Written Exam (v5.0) Version: Demo https://www.pass4itsure.com/400-251.html [2017-New!] Cisco Exam 400-251 Dumps - Cisco CCIE Security Written Exam (v5.0) 400-251 exam 400-251 dumps 400-251 pdf 400-251 vce DEMO QUESTION 1 Within Platform as a Service, which two components are managed by the customer?(Choose two) A. Data. B. Networking. C. Middleware. D. Applications. E. Operating system Correct Answer: AD QUESTION 2 Which two characteristics of DTLS are true?(Choose two ) A. It is used mostly by applications that use application layer object-protocols B. It includes a congestion control mechanism B. It completes key negotiation and bulk data transfer over a single channel. C. It supports long data transfers and connectionless data transfers. D. It cannot be used if NAT exists along the path. E. It concludes a retransmission method because it uses an unreliable datagram transport Correct Answer: AD QUESTION 3 Which three additional configuration elements must you apply to complete a functional Flex VPN deployment?(Choose three) A. Interface Loopback0 Tunnel mode ipsec ipv6 Tunnel protection ipsec profile default B. Aaa authorization network ccie local C. Crypto ikev2 keyring default Peer PEER- ROUTER Address 2001 101/64 Interface Virtual-Template5 type tunnel Ip nhrp network-id 10 Ip nhrp shortcut Loopack0 D. Crypto ikev2 keyring KEYS Peer PEER- ROUTER Address 2001 101/64 Crypto ikev2 profile default Aaa authorization group pak list ccie default E. Interface Tunnelo Bfd interval 50 min-rx 50 multiplier 3 No bfd echo F. Interface Virtual-Template5 type tunnel Ip nhrp network-id 10 Ipv6 enable Interface Lookback0 Ipv6 eigrp 10 Correct Answer: DEF QUESTION 4 <featureChec k> <deviceResponse> <feature> name="json" support="yes" </feature> </deviceResponse> </featureCheck> Which data format is used in this script? A. API B. JavaScript C. JSON D. YANG E. XML Correct Answer: E QUESTION 5 Which two options are unicast address types for IPv6 addressing?(Choose two) A. Link-local. B. Established. C. Global D. Dynamic E. Static Correct Answer: AC QUESTION 6 Which two statements about the DES algorithm are true? (Choose two) A. The DES algorithm is based on asymmetric cryptography. B. The DES algorithm is a stream cipher. C. The DES algorithm is based on symmetric cryptography. D. The DES algorithm encrypts a block of 128 bits. E. The DES algorithm uses a 56-bit key. Correct Answer: CE QUESTION 7 Which of these is a core function of the risk assessment process? (Choose one.) A. performing regular network upgrades B. performing network optimization C. performing network posture validation D. establishing network baselines E. prioritizing network roll-outs Correct Answer: C QUESTION 8 What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies? A. merge rule tool B. policy simplification tool C. rule grouping tool D. object group tool E. combine rule tool Correct Answer: E QUESTION 9 Which two statements about the ISO are true? (Choose two) A. The ISO is a government-based organization. B. The ISO has three membership categories: member, correspondent, and subscribers. C. Only member bodies have voting rights. D. Correspondent bodies are small countries with their own standards organization. E. Subscriber members are individual organizations. Correct Answer: BC QUESTION 10 What security element must an organization have in place before it can implement a security audit and validate the audit results? A. firewall B. network access control C. an incident response team D. a security policy E. a security operation center Correct Answer: D QUESTION 11 Which three statements about RLDP are true? (Choose three) A. It can detect rogue Aps that use WPA encryption B. It detects rogue access points that are connected to the wired network C. The AP is unable to serve clients while the RLDP process is active D. It can detect rogue APs operating only on 5 GHz E. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network F. It can detect rogue APs that use WEP encryption Correct Answer: ABD QUESTION 12 What are the two technologies that support AFT? (Choose two) A. SNAT B. NAT-6to4 C. DNAT D. NAT-PT E. NAT-PMP F. NAT64 Correct Answer: DF QUESTION 13 Which option describes the purpose of the RADIUS VAP-ID attribute? A. It specifies the ACL ID to be matched against the client It specifies the WLAN ID of the wireless LAN to which the client belongs B. It sets the minimum bandwidth for the connection C. It sets the maximum bandwidth for the connection D. It specifies the priority of the client E. It identifies the VLAN interface to which the client will be associated Correct Answer: B QUESTION 14 Which two statement about PVLAN port types are true? (Choose two) A. A community port can send traffic to community port in other communities on its broadcast domain. B. An isolated port can send and receive traffic only to and from promiscuous ports. C. An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community. D. A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain. E. A community port can send traffic to promiscuous port in other communities on its broadcast domain. F. A Promiscuous port can send traffic to all ports within a broadcast domain. Correct Answer: BF QUESTION 15 Which two statement about DTLS are true? (choose two) A. Unlike TLS, DTLS support VPN connection with ASA. B. It is more secure that TLS. C. When DPD is enabled DTLS connection can automatically fall back to TLS. D. It overcomes the latency and bandwidth problem that can with SSL. E. IT come reduce packet delays and improve application performance. F. It support SSL VPNs without requiring an SSL tunnel. Correct Answer: CD QUESTION 16 Refer to the exhibit. If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true?(Choose two) A. The device will close each connection after 90 seconds even if a connection is actively processing a request. B. Connections will close after 60 seconds without activity or 90 seconds with activity. C. Connections will close after 60 seconds or as soon as the first request is processed. D. When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds. E. Connections will close after 60 seconds without activity or as soon as the first request is processed. Correct Answer: CE QUESTION 17 What are the two technologies that support AFT? (Choose two) A. NAT-PT B. SNAT C. NAT64 D. DNAT E. NAT-PMP F. NAT-6to4 Correct Answer: AC QUESTION 18 According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.) A. Router Renumbering(Type 138) B. Node Information Query(Type 139) C. Router Solicitation(Type 133) D. Node information Response(Type E. Router Advertisement(Type 134) F. Neighbor Solicitation(Type 135) Correct Answer: ABD QUESTION 19 Which two options are disadvantages of MPLS layers 3 VPN services? (choose two) A. They requires cooperation with the service provider to implement transport of non-IP traffic. B. SLAs are not supported by the service provider. C. It requires customers to implement QoS to manage congestion in the network. D. Integration between Layers 2 and 3 peering services is not supported. E. They may be limited by the technology offered by the service provider. F. They can transport only IPv6 routing traffic. Correct Answer: DE QUESTION 20 From the list below, which one is the major benefit of AMP Threat GRID? A. AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with viruses B. AMP Threat Grid learns ONLY from data you pass on your network and not from anything else to monitor for suspicious behavior. This makes the system much faster and efficient C. AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one combined solution D. AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral indicators Correct Answer: C QUESTION 21 Which statement best describes the concepts of rootkits and privilege escalation? A. Rootkits propagate themselves. B. Privilege escalation is the result of a rootkit. C. Rootkits are a result of a privilege escalation. D. Both of these require a TCP port to gain access. Correct Answer: B QUESTION 22 Which two statements about PVLAN port types are true ? (Choose two) A. A promiscuous port can send traffic to all ports within a broadcast domain B. An isolated port can receive traffic t from promiscuous ports in any community on its Broadcast domain, but can send traffic only to ports in its own community C. An isolated port can send and receive traffic only to and from promiscuous ports D. A community port can send traffic to promiscuous ports in other communities its Broadcast domain E. A community port can send traffic to community ports in other communities its Broadcast domain F. A promiscuous can send traffic to to community ports in other Broadcast domainS Correct Answer: AC QUESTION 23 On an ASA firewall in multiple context mode running version 8.X, what is the default number of VPN site to-site tunnels per context? A. 2 sessions B. 4 sessions C. 1 session D. 0 sessions Correct Answer: A
Report "New Pass4itsure Cisco 400-251 Dumps PDF - CCIE Security Written Exam (v5.0)"