400-251 Dumps 400-251 Exam Questions 400-251 PDF Dumps 400-251 VCE Dumps Cisco

[Full-Version!]Braindump2go 400-251 (CCIE Security) Exam VCE 1106Q&As Free Offer[Question56-Question65]

February 13, 2017

2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now!

2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!

1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Written Exam Questions & Answers:
http://www.braindump2go.com/400-251.html

 

QUESTION 56
Refer to the exhibit, which effect of this configuration is true?
 

A.    The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes
B.    SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes
C.    The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
D.    The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
E.    The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

Answer: D

QUESTION 57
Which of the following statement is true about the ARP spoofing attack?

A.    Attacker sends the ARP request with the MAC address and IP address of the legitimate resource in the network.
B.    Attacker of ends the ARP request with MAC address and IP address of its own.
C.    ARP spoofing does not facilitate man in-the-middle attack for the attacker.
D.    Attacker sends the ARP request with its own MAC address and IP address of legitimate resource in the network.

Answer: D

QUESTION 58
Which command can you enter to cause the locally-originated Multicast Source Discovery Protocol Source-Active to be prevented from going to specific peers?

A.    ip msdp mesh-group mesh-name {<peer-address>|<peer-name>}
B.    ip msdp redistribute [list <acl>][asn as-access-list][route-map <map>]
C.    ip msdp sa-filter out <peer> [list<acl>] [route-map<map>]
D.    ip msdp default-peer {<peer-address> | <peer-name>}[prefix-list<list>]
E.    ip msdp sa-filter in <peer> [list<acl>][route-map <map>]

Answer: C

QUESTION 59
CCMP (CCM mode Protocol) is based on which algorithm?

A.    3DES
B.    Blowfish
C.    RC5
D.    AES
E.    IDEA

Answer: D

QUESTION 60
Drag and Drop Question
Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.
 
Answer:
 

QUESTION 61
Which command can you enter on the Cisco ASA to disable SSH?

A.    Crypto key generate ecdsa label
B.    Crypto key generate rsa usage-keys noconfirm
C.    Crypto keys generate rsa general-keys modulus 768
D.    Crypto keys generate ecdsa noconfirm
E.    Crypto keys zeroize rsa noconfirm

Answer: E

QUESTION 62
Which one of the foiling Cisco ASA adapts security appliance rule samples will send HTTP data to the AIP-SSM module to evaluate and stop HTTP attacks?

A.    
B.    
C.    
D.     

Answer: D

QUESTION 63
Why is the IPv6 type 0 routing header vulnerable to attack?

A.    It allows the receiver of a packet to control its flow.
B.    It allows the sender to generate multiple NDP requests for each packet.
C.    It allows the sender of a packet to control its flow.
D.    It allows the sender to generate multiple ARP requests for each packet.
E.    It allows the receiver of a packet to modify the source IP address.

Answer: C

QUESTION 64
What context-based access control (CBAC. command sets the maximum time that a router running Cisco IOS Will wait for a new TCP session to reach the established state?

A.    IP inspect max-incomplete
B.    IP inspect tcp finwait-time
C.    Ip inspect udp idle-time
D.    Ip inspect tcpsynwait-time
E.    Ip inspect tcp idle-time

Answer: D

QUESTION 65
Which three statements about Cisco Flexible NetFlow are true? (Choose three.)

A.    The packet information used to create flows is not configurable by the user.
B.    It supports IPv4 and IPv6 packet fields.
C.    It tracks all fields of an IPv4 header as well as sections of the data payload.
D.    It uses two types of flow cache, normal and permanent.
E.    It can be a useful tool in monitoring the network for attacks.

Answer: BCE


!!! RECOMMEND!!!

1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Study Guide Video:

https://youtu.be/GSXnXKIh834