2018 April New Cisco 400-251 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 400-251 Real Exam Questions:

1.|2018 Latest 400-251 Exam Dumps (PDF & VCE) 359Q Download:

https://www.braindump2go.com/400-251.html

2.|2018 Latest 400-251 Exam Questions & Answers Download:

https://drive.google.com/drive/folders/0B75b5xYLjSSNcGJLWWtfdE96ZUU?usp=sharing

QUESTION 166
When TCP intercept is enabled in its default mode, how does it react to a SYN request?

A. It intercepts the SYN before it reaches the server and responds with a SYN-ACK
B. It drops the connection
C. It monitors the attempted connection and drops it if it fails to establish within 30 seconds
D. It allows the connection without inspection
E. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established

Answer: A
Explanation:
The default mode of TCP intercept is active intercept mode
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfdenl.html

QUESTION 167
Refer to the exhibit. What are the two effects of the given configuration? (Choose two)

A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded
B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering
C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the destination address specified in the datagram
D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed
E. It permits Parameter Problem messages that indicate an error in the header
F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram

Answer: CF
Explanation:
icmp type 1 code 3 is for address unreachable, icmp 1 code 4 is for port unreachable.
http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/22974-icmpv6codes.html

QUESTION 168
According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)

A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets

Answer: ACDE
Explanation:
Corrective action report is a required document but not the procedure
https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

QUESTION 169
Which two statements about ICMP redirect messages are true? (Choose two)

A. By default, configuring HSRP on the interface disables ICMP redirect functionality.
B. They are generated when a packet enters and exits the same router interface.
C. The messages contain an ICMP Type 3 and ICMP code 7.
D. They are generated by the host to inform the router of an alternate route to the destination.
E. Redirects are only punted to the CPU if the packets are also source-routed.

Answer: AB

QUESTION 170
Which two statements about NAT-PT with IPv6 are true? (Choose two)

A. It can be configured as dynamic, static, or PAT.
B. It provides end-to-end security.
C. It supports IPv6 BVI configurations.
D. It provides support for Cisco Express Forwarding.
E. It provides ALG support for ICMP and DNS.
F. The router can be a single point of failure on the network.

Answer: AE

QUESTION 171
Which of the following Cisco IPS signature engine has relatively high memory usage ?

A. The STRING-TCP engine
B. The STRING-UDP engine
C. The NORMALIZER engine
D. The STRING-ICMP engine

Answer: A
Explanation:
String-TCP engine has the highest number of signatures and has higher memory utilization
http://www.ndm.net/ips/pdf/cisco/IOS-IPS/white_paper_c11_549300.pdf

QUESTION 172
Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)

A. BGP NHT
B. route reflector
C. local preference
D. confederations
E. Virtual peering

Answer: BD

QUESTION 173
Refer to the exhibit, if R1 is acting as a DHCP server, what action can you take to enable the pc to receive an ip address assignment from the DHCP server ?

A. Configure the IP local pool command on R2
B. Configure DHCP option 150 on R2
C. Configure the IP helper-address command on R2 to use R1’s ip address
D. Configure the IP helper-address command on R1 to use R2’s ip address
E. Configuration DHCP option 82 on R1
F. Configure the ip local pool command on R1

Answer: C

QUESTION 174
Which two statements about LEAP are true? (Choose two)

A. It is compatible with the PAP and MS-CHAP protocols
B. It is an ideal protocol for campus networks
C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys
D. It is an open standard based on IETF and IEEE standards
E. It is compatible with the RADIUS authentication protocol
F. Each encrypted session is authentication by the AD server

Answer: EF

QUESTION 175
Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host

Answer: BC

QUESTION 176
What are the three response types for SCEP enrollment requests? (Choose three.)

A. PKCS#7
B. Reject
C. Pending
D. PKCS#10
E. Success
F. Renewal

Answer: BCE


!!!RECOMMEND!!!

1.|2018 Latest 400-251 Exam Dumps (PDF & VCE) 359Q Download:

https://www.braindump2go.com/400-251.html

2.|2018 Latest 400-251 Study Guide Video:

https://youtu.be/DH_ZfDVMWiU