Your success in Cisco 400-251 is our sole target and we develop all our 400-251 braindumps in a way that facilitates the attainment of this target. Not only is our 400-251 study material the best you can find, it is also the most detailed and the most updated. 400-251 Practice Exams for Cisco CCIE Security 400-251 are written to the highest standards of technical accuracy.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-251-exam-dumps.html
Q11. Which three statements about the RSA algorithm are true? (Choose three.)
A. The RSA algorithm provides encryption but not authentication.
B. The RSA algorithm provides authentication but not encryption.
C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.
D. The private key is never sent across after it is generated.
E. The public key is used to decrypt the message that was encrypted by the private key.
F. The private key is used to decrypt the message that was encrypted by the public key.
Answer: C,D,F
Q12. For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: D,F
Q13. What port has IANA assigned to the GDOI protocol ?
A. UDP 4500
B. UDP 1812
C. UDP 500
D. UDP 848
Answer: D
Q14. Refer to the exhibit.
Which effect of this configuration is true?
A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes.
B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.
C. NUD retransmits Neighbor Solicitation messages every 4 seconds.
D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.
E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.
F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.
Answer: E
Q15. Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
A. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors
B. The ASA supports policy-based routing with route maps
C. Routes to the Null0 interface cannot be configured to black-hole traffic
D. The translations table cannot override the routing table for new connections
Answer: C
Q16. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
A. Network translation mode
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Answer: B
Q17. What is the purpose of enabling the IP option selective Drop feature on your network routers?
A. To protect the internal network from IP spoofing attacks.
B. To drop IP fragmented packets.
C. To drop packet with a TTL value of Zero.
D. To protect the network from DoS attacks.
Answer: D
Q18. Which two statements about LEAP are true? (Choose two)
A. It is compatible with the PAP and MS-CHAP protocols
B. It is an ideal protocol for campus networks
C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys
D. It is an open standard based on IETF and IEEE standards
E. It is compatible with the RADIUS authentication protocol
F. Each encrypted session is authentication by the AD server
Answer: E,F
Q19. All of these Cisco security products provide event correlation capabilities excepts which one?
A. Cisco Security MARS
B. Cisco Guard/Detector
C. Cisco ASA adaptive security appliance
D. Cisco IPS
E. Cisco Security Agent.
Answer: C
Q20. Which command sets the Key-length for the IPv6 send protocol?
A. IPv6 nd ns-interval
B. Ipv6 ndra-interval
C. IPv6 nd prefix
D. IPv6 nd inspection
E. IPv6 nd secured
Answer: E