[Free] 2018(May) EnsurePass Passguide Cisco 400-251 Dumps with VCE and PDF 151-160

Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 151 – (Topic 2)

Ensurepass 2018 PDF and VCE

  1. Modify the tunnel keys to match on the hub and spoke

  2. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface

  3. Modify the NHRP hold times to match on the hub and spoke

  4. Modify the NHRP network IDs to match on the hub and spoke

Answer: A

Question No: 152 DRAG DROP – (Topic 2)

Drag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?

Ensurepass 2018 PDF and VCE


Ensurepass 2018 PDF and VCE


1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.

Question No: 153 – (Topic 2)

Which two statements about RFC 2827 are true? (Choose two.)

  1. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.

  2. A corresponding practice is documented by the IEFT in BCP 38.

  3. RFC 2827 defines ingress packet filtering for the multihomed network.

  4. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.

  5. A corresponding practice is documented by the IEFT in BCP 84.

Answer: B,D

Question No: 154 – (Topic 2)

A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?

  1. LDP

  2. VXLAN

  3. VRF

  4. Extended VLAN ranges

Answer: B

Question No: 155 – (Topic 2)

Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?

  1. extKeyUsage

  2. nameConstrainsts

  3. id-pe-ipAddrBlocks

  4. Id-pe-autonomousSysldsE. Ia-ad-calssuers

  5. keyUsage

Answer: B

Question No: 156 – (Topic 2)

Ensurepass 2018 PDF and VCE

Refer to the exhibit. Which effect of this Cisco ASA policy map is true?

  1. The Cisco ASA is unable to examine the TLS session.

  2. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.

  3. it prevents a STARTTLS session from being established.

  4. The Cisco ASA logs SMTP sessions in clear text.

Answer: B

Question No: 157 – (Topic 2)

Which three statements about the Unicast RPF in strict mode and loose mode are true?(Choose three)

  1. Loose mode requires the source address to be present in the routing table.

  2. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.

  3. Interfaces in strict mode drop traffic with return that point to the Null 0 Interface.

  4. Strict mode requires a default route to be associated with the uplink network interface.

  5. Strict mode is recommended on interfaces that will receive packets only from the same subnet to which is assigned.

  6. Both loose and strict modes are configured globally on the router.

Answer: A,C,E

Question No: 158 – (Topic 2)

Ensurepass 2018 PDF and VCE

Refer to the exhibit, which effect of this configuration is true?

  1. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes

  2. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes

  3. The maximum size of TCP SYN ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

  4. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

  5. The minimum size of TCP SYN ACL packets passing the router is set to 1452 bytes

and the IP MTU of the interface is set to 1492 bytes

Answer: D

Question No: 159 – (Topic 2)

Which two value must you configure on the cisco ASA firewall to support FQDN ACL ? (Choose two)

  1. A DNS server

  2. A Service policy

  3. An FQDN object

  4. A Class map

  5. A services object

  6. A policy map

Answer: A,C

Question No: 160 – (Topic 2)

Which three IP resources is the IANA responsible? (Choose three.)

  1. IP address allocation

  2. detection of spoofed address

  3. criminal prosecution of hackers

  4. autonomous system number allocation

  5. root zone management in DNS

  6. BGP protocol vulnerabilities

Answer: A,D,E

100% Ensurepass Free Download!
Download Free Demo:400-251 Demo PDF
100% Ensurepass Free Guaranteed!
400-251 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.