This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Sat Apr 20 4:16:54 2024 / +0000 GMT ___________________________________________________ Title: [April-2018-New]Real 400-251 Exam PDF and VCE Free Download from Braindump2go[177-189] --------------------------------------------------- 2018 April New Cisco 400-251 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 400-251 Real Exam Questions:1.|2018 Latest 400-251 Exam Dumps (PDF & VCE) 359Q Download:https://www.braindump2go.com/400-251.html2.|2018 Latest 400-251 Exam Questions & Answers Download:https://drive.google.com/drive/folders/0B75b5xYLjSSNcGJLWWtfdE96ZUU?usp=sharingQUESTION 177Refer to the exhibit. What is the configuration design to prevent? A. Man in the Middle AttacksB. Dynamic payload inspectionC. Backdoor control channels for infected hostsD. DNS InspectionAnswer: CExplanation:Cisco ASA firewall is configured for botnet filtering which prevents backdoor control channels from infected hosts.QUESTION 178Which three statements about the Cisco IPS sensor are true? (Choose three.)A. You cannot pair a VLAN with itself.B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.D. The order in which you specify the VLANs in a inline pair is significant.E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.Answer: ACEExplanation:Inline VLAN Interface PairsYou cannot pair a VLAN with itself.For a given sensing interface, a VLAN can be a member of only one inline VLAN pair. However, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.The order in which you specify the VLANs in an inline VLAN pair is not significant. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.QUESTION 179Which command sets the Key-length for the IPv6 send protocol?A. IPv6 nd ns-intervalB. Ipv6 ndra-intervalC. IPv6 nd prefixD. IPv6 nd inspectionE. IPv6 nd securedAnswer: EQUESTION 180Which two statement about MSDP ate true? (Choose three)A. It can connect to PIM-SM and PIM-DM domainsB. It announces multicast sources from a groupC. The DR sends source data to the rendezvous point only at the time the source becomes activeD. It can connect only to PIM-DM domainsE. It registers multicast sources with the rendezvous point of a domainF. It allows domains to discover multicast sources in the same or different domains.Answer: BEFQUESTION 181What are two advantages of NBAR2 over NBAR? (Choose two)A. Only NBAR2 support Flexible NetFlow for extracting and exporting fields from the packet header.B. Only NBAR2 allows the administrator to apply individual PDL files.C. Only NBAR2 support PDLM to support new protocals.D. Only NBAR2 can use Sampled NetFlow to extract pre-defined packet headers for reporting.E. Only NBAR2 supports custom protocols based on HTTP URLs.Answer: AEQUESTION 182Which two statements about Network Edge Authentication Technology (NEAT) are true? (Choose two)A. It requires a standard ACL on the switch portB. It conflicts with auto-configurationC. It allows you to configure redundant links between authenticator and supplicant switchesD. It supports port-based authentication on the authenticator switchE. It can be configured on both access ports and trunk portsF. It can be configured on both access ports and EtherChannel portsAnswer: DEQUESTION 183What are three pieces of data you should review in response to a suspected SSL MITM attack? (Choose three)A. The IP address of the SSL serverB. The X.509 certificate of the SSL serverC. The MAC address of the attackerD. The MAC address of the SSL serverE. The X.509 certificate of the attackerF. The DNS name off the SSL serverAnswer: ABFQUESTION 184From what type of server can you to transfer files to ASA's internal memory ?A. SSHB. SFTPC. NetlogonD. SMBAnswer: DQUESTION 186Which feature can you implement to protect against SYN-flooding DoS attacks?A. the ip verify unicast reverse-path commandB. a null zero routeC. CAR applied to icmp packetsD. TCP InterceptAnswer: DExplanation:https://www.sans.org/security-resources/idfaq/preventing-syn-flooding-with-cisco-routers/5/5QUESTION 187Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF) from dropping asymmetric traffic? A. Configure Unicast RPF Loose Mode on R2 and R3 only.B. Configure Unicast RPF Loose Mode on R1 only.C. Configure Unicast RPF Strict Mode on R1 only.D. Configure Unicast RPF Strict Mode on R1,R2 and R3.E. Configure Unicast RPF Strict Mode on R2 and R3 only.Answer: BExplanation:http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-3s/sec-data-urpf-xe-3s-book/sec-unicast-rpf-loose-mode.htmlhttp://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.htmlQUESTION 188Refer to the exhibit. Which effect of this Cisco ASA policy map is true? A. The Cisco ASA is unable to examine the TLS session.B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.C. it prevents a STARTTLS session from being established.D. The Cisco ASA logs SMTP sessions in clear text.Answer: DExplanation:http://www.cisco.com/c/en/us/about/security-center/intelligence/asa-esmtp-starttls.html#interacthttps://stomp.colorado.edu/blog/blog/2012/12/31/on-smtp-starttls-and-the-cisco-asa/And in RFC 3207 that governs this TLS negotiation is said that " If the SMTP client decides that the level of authentication or privacy is not high enough for it to continue, it SHOULD issue an SMTP QUIT command immediately after the TLS negotiation is complete. If the SMTP server decides that the level of authentication or privacy is not high enough for it to continue, it SHOULD reply to every SMTP command from the client (other than a QUIT command) with the 554 reply code (with a possible text string such as "Command refused due to lack of security")." Hence it is the client that sends QUIT command, not the serverThis is an example of ASA logging an SMTP session that was established using TLS:Mar 07 2017 19:40:04: %ASA-6-108007: TLS started on ESMTP session between client outside:98.139.212.154/45850 and server inside:192.168.1.12/25QUESTION 189What security element must an organization have in place before it can implement a security audit and validate the audit results?A. firewallB. network access controlC. an incident response teamD. a security policyE. a security operation centerAnswer: D!!!RECOMMEND!!!1.|2018 Latest 400-251 Exam Dumps (PDF & VCE) 359Q Download:https://www.braindump2go.com/400-251.html2.|2018 Latest 400-251 Study Guide Video: YouTube Video: YouTube.com/watch?v=DH_ZfDVMWiU --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2018-04-26 07:49:37 Post date GMT: 2018-04-26 07:49:37 Post modified date: 2018-04-26 07:49:37 Post modified date GMT: 2018-04-26 07:49:37 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com