[2017 New] Free Share 400-251 PDF Dumps With Lead2pass Updated Exam Questions (126-150)

2017 August Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

I was very confused about selecting the best practice test website when preparing for my 400-251 certification exam. Luckly, a friend told me about Lead2pass.com. I passed the 400-251 exam from the first try. Excellent website for free exam dumps!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html

QUESTION 126
Which Three statement about cisco IPS manager express are true? (Choose three)

A.    It provides a customizable view of events statistics.
B.    It Can provision policies based on risk rating.
C.    It Can provision policies based on signatures.
D.    It Can provision policies based on IP addresses and ports.
E.    It uses vulnerability-focused signature to protect against zero-day attacks.
F.    It supports up to 10 sensors.

Answer: ABF

QUESTION 127
In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?

A.    On MAC Filter Failure
B.    Pass through
C.    Splash Page Web Redirect
D.    Conditional Web Redirect
E.    Authentication

Answer: A

QUESTION 128
Drag and Drop Question
Drag and drop each syslog facility code on the left onto its description on the right.

 

Answer:

 

QUESTION 129
Refer to the exhibit. What is the effect of the given configuration?

 

A.    It reset and logs FTP connection to all sites except cisco.com and hp.com.
B.    FTP connections are unaffected.
C.    It resets FTP connection to all sites except cisco.com and hp.com.
D.    It resets and logs FTP connection to cisco.com and hp.com only.
E.    It resets FPT connection to cisco.com and hp.com only

Answer: A

QUESTION 130
What port has IANA assigned to the GDOI protocol ?

A.    UDP 4500
B.    UDP 1812
C.    UDP 500
D.    UDP 848

Answer: D

QUESTION 131
Refer to the exhibit, after you implement ingress filter 101 to deny all icmp traffic on your perimeter router user complained of poor web performance and the router and the router display increase CPU load. The debug ipicmp command returned the given output.
Which configuration you make to the router configuration to correct the problem?

 

A.    
B.    
C.    
D.    

Answer: D

QUESTION 132
Which two statements about implementing GDOI in a DMVPN network are true?(Choose true)

A.    Direct spoke-to-spoke traffic is black-holed.
B.    Rekeying requires an exclusive IGMP join in the mGRE interface
C.    The crypto map is applied to the sub interface of each spoke.
D.    If a group member rekey operation fails, it must wait for the SA lifetime to expire before it can reregister with the key server.
E.    The DMVPN hub can act as the GDOI key server.
F.    DMVPN spokes with tunnel protection allow traffic to be encrypted to the hub

Answer: BE
Explanation:
Check this out (the section on caveats and final notes)
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/getvpn-solution-managed-services/prod_white_paper0900aecd804c363f.html

QUESTION 133
For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)

A.    BVI is required for the inspection of IP traffic.
B.    The firewall can perform routing on bridged interfaces.
C.    BVI is required if routing is disabled on the firewall.
D.    BVI is required if more than two interfaces are in a bridge group.
E.    BVI is required for the inspection of non-IP traffic.
F.    BVI can manage the device without having an interface that is configured for routing.

Answer: DF

QUESTION 134
Drag and Drop Question
Drag each step in the configuration of a cisco ASA NSEL export to a NETFLOW collector on the left into the correct order of operations on the right.

 

Answer:

 

QUESTION 135
Which two u.s government entities are authorized to execute and enforce the penalties for violations of the Sarbanes-oxley(SOX) act? (Choose two)

A.    Federal trade commission (FTC.
B.    internal Revenue service (IRS)
C.    Office of Civil Rights (OCR)
D.    federal reserve board
E.    Securities and exchange commission (SEC.
F.    United states Citizenship and immigration services (USCIS)

Answer: DE

QUESTION 136
MWhich three are RFC 5735 addresses? (Choose three.)

A.    171.10.0.0/24
B.    0.0.0.0/8
C.    203.0.113.0/24
D.    192.80.90.0/24
E.    172.16.0.0/12
F.    198.50.100.0/24

Answer: BCE

QUESTION 137
Refer to the exhibit . Which Statement about this configuration is true?

 

A.    The ASA stops LSA type 7 packets from flooding into OSPF area 1.
B.    The ASA injects a static default route into OSPF area 1.
C.    The ASA redistributes routes from one OSPF process to another.
D.    The ASA redistributes routes from one routing protocol to another.
E.    The ASA injects a static default route into OSPF process 1.

Answer: C

QUESTION 138
Drag and Drop Question
Drag and drop step in the flow of packets on a DMVPN network using GDOI on the left into the correct sequence on the right

 

Answer:

 

QUESTION 139
When attempting to use basic Http authentication to authenticate a client,which type of HTTP massage should the server use?

A.    HTTP 200 with a WWW-authenticate header.
B.    HTTP 401 with a WWW-authenticate header.
C.    Http 302 with an authenticate header.
D.    HTTP 407.

Answer: B

QUESTION 140
Drag and Drop Question
Drag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right.

 

Answer:

 

QUESTION 141
Which two statements about the ISO are true? (Choose two)

A.    The ISO is a government-based organization.
B.    The ISO has three membership categories: member, correspondent, and subscribers.
C.    Only member bodies have voting rights.
D.    Correspondent bodies are small countries with their own standards organization.
E.    Subscriber members are individual organizations.

Answer: BC

QUESTION 142
What feature on Cisco IOS router enables user identification and authorization based on per-user policies

A.    CBAC
B.    IPsec
C.    Authentication proxy
D.    NetFlow v9
E.    Zone-based firewall
F.    EEM

Answer: C

QUESTION 143
Which two statements about WPA 2 with AES CCMP encryption are true? (Choose two)

A.    AES CCMP is a block cipher
B.    It is compatible with TACACS+ servers running LEAP authentication
C.    Every wireless packet sent to the host is tagged with CCMP frames
D.    It uses a 256-bit hashing key
E.    The MIC prevents modifications of wireless frames and replay attacks
F.    It uses a 128-bit hashing key

Answer: AF

QUESTION 144
Refer to the exhibit. You have received an advisory that your organization could be running a vulnerable product. Using the Cisco Systems Rapid Risk Vulnerability Model, you determine that * Your organization is running an affected product on a vulnerable version of code vulnerable component is enabled and there is no feasible workaround *
There is medium confidence of an attack without significant collateral damage to the organization. According to the model what is the appropriate urgency for remediation?

 

A.    priority maintenance process
B.    contact ISP to trace attack
C.    no action required
D.    remove vulnerable device from service
E.    standard maintenance process
F.    immediate mitigation process

Answer: E

QUESTION 145
When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(Choose two)

A.    at the trusted and untrusted interfaces in the inbound direction.
B.    at the trusted interface in the inbound direction.
C.    at the trusted and untrusted interfaces in the outbound direction.
D.    at the untrusted interface in the inbound direction.
E.    at the trusted interface in the outbound direction.

Answer: AC
Explanation:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c5.html

QUESTION 146
Refer to the exhibit, what type of attack is illustrated?

 

A.    ICMP flood
B.    ARP spoofing
C.    IP address spoofing
D.    CAM overflow

Answer: B

QUESTION 147
Which protocol does VNC use for remote access to a GUI?

A.    RTPS
B.    RARP
C.    E6
D.    SSH
E.    RFB

Answer: E
Explanation:
https://en.wikipedia.org/wiki/Virtual_Network_Computing

QUESTION 148
Drag and Drop Question
Drag each management frame protection feature on the left to the function it performs on the right.

 

Answer:

 

QUESTION 149
Which two statements about VPLS and VPWS are true? (Choose two)

A.    VPLS Layer 2 VPNs support both full-mesh and hub-and-spoke implementations
B.    VPWS only sends the data payload over an MPLS core
C.    VPLS is intended for applications that require point-to-point access
D.    VPWS supports multicast using a hub-and-spoke architecture
E.    VPLS is intended for applications that require multipoint or broadcast access
F.    VPWS supports point-to-point integration of Layer 2 and Layer 3 services over an MPLS cloud

Answer: EF

QUESTION 150
Refer to the exhibit, which conclusion can be drawn from this output?
 

A.    The license of the device supports multiple virtual firewalls
B.    The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platform
C.    The license of the device allows for it to be used in a failover set
D.    The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher

Answer: A

Thanks for the high quality 400-251 study guide. Will be back soon for more dumps.

400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDMERESjlYcVlZNWs

2017 Cisco 400-251 exam dumps (All 470 Q&As) from Lead2pass:

https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed]