This page was exported from New Lead2pass Dumps PDF Version Released For Free Downloading [ https://www.pass4suredumps.org ] Export date:Thu Apr 18 4:43:24 2024 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Free Updated Lead2pass 400-251 Exam Dumps Download (426-450) --------------------------------------------------- 2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! We never believe in second chances and Lead2pass brings you the best 400-251 Exam Questions which will make you pass in the first attempt. We guarantee all questions and answers in our 400-251 Dumps are the latest released, we check all exam dumps questions from time to time according to Cisco Official Center, in order to guarantee you can read the latest questions! Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html QUESTION 426Refer to the exhibit. Which two statements about a device with this configuration are true? (Choose two)   A.    When a peer re-establishes a previous connection to the device.CTS retains all existing SGT mapping entries for 3 minutesB.    If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer startsC.    If a peer re-establishes a connection to the device before the hold-down tier expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutesD.    It sets the internal hold-down timer of the device to 3 minutesE.    When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutesF.    If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer startsAnswer: BC QUESTION 427Which four task items need to be performed for an effective risk assessment and to evaluate network posture? (Choose four) A.    ScanningB.    MitigationC.    BaseliningD.    ProfilingE.    NotificationF.    ValidationG.    DiscoveryH.    Escalation Answer: ADFG QUESTION 428Which two statements about Cisco AMP for Web Security are true? (Choose two) A.    It can detect and block malware and other anomalous traffic before it passes through the Web gateway.B.    It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activityC.    It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threatsD.    It continues monitoring files after they pass the Web gatewayE.    It can prevent malicious data exfiltration by blocking critical files from exiting through the Web gatewayF.    It can perform reputation-based evaluation and blocking by uploading of incoming files to a cloud-based threat intelligence network Answer: DF QUESTION 429Which two statements about a wireless access point configured with the guest-mode command are true? (Choose two) A.    If one device on a network is configured in guest mode, clients can use the guest mode SSID to connect to any device on the same networkB.    It supports associations by clients that perform passive scansC.    It allows associated clients to transmit packets using its SSIDD.    It can support more than one guest-mode SSIDE.    It allows clients configured without SSID to associate Answer: DE QUESTION 430What are the major components of a Firepower health monitor alert? A.    A health monitor, one or more alert responses, and a remediation policyB.    One or more health modules, one more alert responses, and one or more alert actionsC.    The severity level, one or more alert responses, and a remediation policyD.    One or more health modules, the severity level, and an alert responseE.    One health module and one or more alert responses Answer: D QUESTION 431Which statement about managing Cisco ISE Guest Services is true? A.    Only a Super Admin or System Admin can delete the default Sponsor portalB.    ISE administrators can view and set a guest's password to a custom value in the sponsor portalC.    ISE administrators can access the Sponsor portal only if they have valid Sponsor accountsD.    By default, an ISE administrator can manage only the guest accounts he or she created in the Sponsor portalE.    Only ISE administrators from an external identity store can be members of a Sponsor groupF.    ISE administrator can access the Sponsor portal only from the Guest Access menu Answer: D QUESTION 432Which two statements about 6to4 tunneling are true? A.    It provides a /48 address blockB.    The prefix address of the tunnel is determined by the IPv6 configuration to the interfaceC.    It supports static and BGPv4 routingD.    It supports managed NAT along the path of the tunnelE.    It provides a /128 address blockF.    It supports mutihoming Answer: AC QUESTION 433Which connection mechanism does the eSTREAMER service use to communicate? A.    SSHB.    IPsec tunnels with 3DES encryption onlyC.    TCP over SSL onlyD.    EAP-TLS tunnelsE.    TCP with optional SSL encryptionF.    IPsec tunnels with 3DES or AES encryption Answer: C QUESTION 434Which two statements about MPP (Management Plane protection. Are true? (Choose two) A.    It is supported on both distributed and hardware-switched platformsB.    Only virtual interfaces associated with physical interfaces are supportedC.    It is supported on both active and standby management interfacesD.    Only in-band management interfaces are supportedE.    Only virtual interfaces associated with sub-interfaces are supportedF.    Only out-of-band management interface are supported Answer: BD QUESTION 435Which two statements about EVPN are true? (Choose two) A.    EVPN routes can advertise VLAN membership and verify the reachability of Ethernet segmentsB.    EVPN route exchange enables PEs to discover one another and elect a DFC.    It is a next-generation Ethernet L3VPN solution that simplifies control-plane operations and enhances scalabilityD.    EVPN routes can advertise backbone MAC reachabilityE.    EVIs allows you to map traffic on one or more VLANs or ports to a Bridge DomainF.    It is a next-generation Ethernet L2VPN solution that supports load balancing at the individual flow level and provides advanced access redundancy Answer: BD QUESTION 436When applying MD5 route authentication on routers running RIP or EIGRP, which two important key chain considerations should be accounted for ? (Choose two) A.    Key 0 of all key chains must match for all routers in the autonomous systemB.    No more than three keys should be configured in any single chainC.    Routers should be configured for NTP to synchronize their clocksD.    The Lifetimes of the keys in the chain should overlapE.    Link compression techniques should be disabled on links transporting any MD5 hash Answer: CD QUESTION 437Refer to the exhibit. What are two effects of the given configuration? (Choose two)   A.    It enables botnet filtering in multiple context modeB.    It enables botnet filtering in single context modeC.    It enables the ASA to download the static botnet filter databaseD.    It enables multiple context modeE.    It enables single context modeF.    It enables the ASA to download the dynamic botnet filter database Answer: AF QUESTION 438Which direct of the crypto key encrypt write rsa command on a router is true ? A.    The device saves the unlocked encrypted key to the NVRAMB.    The device encrypts and locks the key before authenticating it with an external CA serverC.    The device unlocks the encrypted key, but the key is lost when the router is reloadedD.    The device locks the encrypted key, but the key is lost when the router is reloadedE.    The device locks the encrypted key and saves is to the NVRAM Answer: A QUESTION 439If an ASA device is configured as a remote access IPsec server with the RADIUS authentication and password management enabled which type of authentication will it use? A.    MS-CHAPv1B.    NTLMC.    PAPD.    RSAE.    MS-CHAPv2 Answer: E QUESTION 440Which statement about deployment policies with the Firepower Management Center is true? A.    The global domain can deploy changes to individuals subdomainsB.    The leaf domain can deploy changes to all subdomains simultaneouslyC.    Deploy tasks can be scheduled to deploy polices automaticallyD.    All policies are deployed on-demand when the administrator triggers themE.    Polices are deployed automatically when the administrator saves them Answer: C QUESTION 441Which of these command sequences will send an email to holly@invalid.com using SMTP? A.    MAIL FROM:<david@invalid.com>RCPT TO: < holly@invalid.com>MESSAGEB.    MAIL FROM:<david@invalid.com>RCPT TO: < holly@invalid.com>DATAC.    HELO invalid.comMAIL FROM : < david@invalid.com >RCPT TO: < holly@invalid.com >BODYD.    HELO invalid.comMAIL TO: < holly@invalid.com >MESSAGEEND Answer: B QUESTION 442Which statement about MDM with the Cisco ISE is true? A.    The MDM's server certificate must be imported into the Cisco ISE Certificate Store before the MDM and ISE can establish a connectionB.    MDM servers can generate custom ACLs for the Cisco ISE to apply to networks devicesC.    The Cisco ISE supports limited built-in MDM functionalityD.    The Cisco ISE supports a built-in list of MDM dictionary attributes it can use in authorization policiesE.    When a mobile endpoint becomes compliant, the Cisco ISE records the updated device status in its internal databaseF.    If mobile endpoint fails posture compliance, both the user and the administrator are notified immediately Answer: D QUESTION 443Which are the three scanning engines that the Cisco IronPort dynamic vectoring and streaming engine can use to protect against malware? (Choose three) A.    SymantecB.    McAfeeC.    F-SecureD.    TrendMicroE.    SophosF.    Webroot Answer: BEF QUESTION 444What are three technologies that can be used to trace the source of an attack in a network environment with multiple exit/entry points? (Choose three) A.    Remotely-triggered destination-based black holingB.    ICMP Unreachable messagesC.    SinkholesD.    A honey potE.    Traffic scrubbing Answer: CDE QUESTION 445What are two of the valid IPv6 extension headers? (Choose two) A.    ProtocolB.    OptionsC.    Authentication HeaderD.    Next HeaderE.    MobilityF.    Hop Limit Answer: CE QUESTION 446Which three of these are properties of RC4? (Choose three) A.    It is used in AESB.    It is an asymmetric cipherC.    It is a stream cipherD.    It is a symmetric cipherE.    It is used is SSLF.    It is a block cipher Answer: CDE QUESTION 447What are two important guidelines to follow when implementing VTP? (Choose two) A.    Enabling VTP pruning on a server will enable the feature for the entire management domainB.    When using secure mode VTP, only configure management domain passwords on VTP serversC.    All switches in the VTP domain must run the same version of VTPD.    Use of the VTP multi-domain feature should be restricted to migration and temporary implementationE.    CDP must be enabled on all switches in the VTP management domain Answer: AC QUESTION 448Which statement about the Cisco AMP Virtual Private Cloud Appliance is true for deployments in air-gape mode? A.    The appliance can perform disposition lookup against either the Protect DB or the AMP public clZud.B.    The appliance evaluates files against the threat intelligence and disposition information residing on the Update Host.C.    The Update Host automatically downloads updates and deploys them to the Protect DB on a daily basis.D.    The appliance can perform disposition lookups against the Protect DB without an Internet Connection.E.    The amp-sync tool syncs the threat-intelligence repository on the appliance directly with AMP public cloud. Answer: D QUESTION 449Drag and Drop QuestionDrag each component of an Adaptive Wireless IPS deployment on the left to the matching description on the right   Answer:     QUESTION 450Which two cipher mechanisms does PCoIP use? (Choose two) A.    BlowfishB.    AES 256C.    Suite BD.    SEALE.    autokeyF.    RC4 Answer: BC Lead2pass new released 400-251 PDF are now for free download, download it right now and pass your exam 100%. More 400-251 new questions (with images) on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8 2017 Cisco 400-251 exam dumps (All 636 Q&As) from Lead2pass: https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-10-25 07:54:25 Post date GMT: 2017-10-25 07:54:25 Post modified date: 2017-10-25 07:54:25 Post modified date GMT: 2017-10-25 07:54:25 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com