2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now!

2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!

1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Written Exam Questions & Answers:
http://www.braindump2go.com/400-251.html

 

QUESTION 76
Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication.
Which statement about eBGP peering between the routers could be true?
 

A.    eBGP peering will fail because ASA is transit lacks BGP support.
B.    eBGP peering will be successful.
C.    eBGP peering will fail because the two routers must be directly connected to allow peering.
D.    eBGP peering will fail because of the TCP random sequence number feature.

Answer:

QUESTION 77
What is the maximum pattern length supported by FPM searches within a packet ?

A.    256 bytes
B.    1500 bytes
C.    512 bytes
D.    128 bytes

Answer: A

QUESTION 78
Refer to the exhibit. What are three effect of the given firewall configuration? (Choose three.)
 

A.    The firewall allows Echo Request packets from any source to pass server.
B.    The firewall allows time Exceeded error messages from any source to pass to the server.
C.    PCs outside the firewall are unable to communicate with the server over HTTP
D.    The firewall allows Echo Reply packets from any source to pass to the server.
E.    The firewall allows Destination Unreachable error messages from any source to pass to the server.
F.    The firewall allows Packet too big error messages from any source to pass to the server.

Answer: ADF

QUESTION 79
Refer to the exhibit Flexible NetFlow is failing to export flow records from RouterA to your flow collector.
What action can you take to allow the IPv6 flow records to be sent to the collect?
 

A.    Set the NetFlow export protocol to v5
B.    Configure the output-features command for the IPV4-EXPORTER
C.    Add the ipv6 cef command to the configuration
D.    Remove the ip cef command from the configuration
E.    Create a new flow exporter with an IPv6 destination and apply it to the flow monitor

Answer: D

QUESTION 80
Drag and Drop Question
Drag each type of spoofing attack on the left to an action you can take to prevent it on the right
 
Answer:
 

QUESTION 81
When you configure an ASA with RADIUS authentication and authorization, which attribute is used to differentiate user roles?

A.    login-ip-host
B.    cisco-priv-level
C.    service-type
D.    termination-action
E.    tunnel-type

Answer: C

QUESTION 82
Which two statement about the IPv6 Hop-by-Hop option extension header (EH) are true? (Choose two)

A.    The Hop-by-Hop EH is processed in hardware at the source and the destination devices only.
B.    If present, network devices must process the Hop-by-Hop EH first
C.    The Hop-by-Hop extension header is processed by the CPU by network devices
D.    The Hop-by-Hop EH is processed in hardware by all intermediate network devices
E.    The Hop-by-Hop EH is encrypted by the Encapsulating Security Header.
F.    If present the Hop-by-Hop EH must follow the Mobility EH.

Answer: BC

QUESTION 83
Refer to the exhibit. Which configuration option will correctly process network authentication and authorization using both single port ?
 

A.    
B.    
C.    
D.    

Answer: B

QUESTION 84
Which two current RFCs discuss special use IP addresses that may be used as a checklist of invalid routing prefixes for IPv4 and IPv6 addresses? (Choose two.)

A.    RFC 5156
B.    RFC 5735
C.    RFC 3330
D.    RFC 1918
E.    RFC 2827

Answer: AB

QUESTION 85
What are two protocols that HTTP can use to secure sessions? (Choose two)

A.    HTTPS
B.    AES
C.    TLS
D.    AH
E.    SSL

Answer: AE


!!! RECOMMEND!!!

1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Study Guide Video:

https://youtu.be/GSXnXKIh834