Exam 400-251 PDF Free Instant Download From Lead2pass:
https://www.lead2pass.com/400-251.html
QUESTION 11
Drag and Drop Question
Drag each OSPF security feature on the left to its description on the right.
Answer:
QUESTION 12
Which VPN technology is based on GDOI (RFC 3547)?
A. MPLS Layer 3 VPN
B. MPLS Layer 2 VPN
C. GET VPN
D. IPsec VPN
Answer: C
QUESTION 13
Which statement about the 3DES algorithm is true?
A. The 3DES algorithm uses the same key for encryption and decryption,
B. The 3DES algorithm uses a public-private key pair with a public key for encryption and a private key for decryption.
C. The 3DES algorithm is a block cipher.
D. The 3DES algorithm uses a key length of 112 bits.
E. The 3DES algorithm is faster than DES due to the shorter key length.
Answer: C
QUESTION 14
Which significant change to PCI DSS standards was made in PCI DSS version 3.1?
A. No version of TLS is now considered to provide strong cryptography.
B. Storage of sensitive authentication data after authorization is now permitted when proper encryption is applied.
C. Passwords are now required to be changed at least once every 30 days.
D. SSL is now considered a weak cryptographic technology.
E. If systems that are vulnerable to POODLE are deployed in an organization, a patching and audit review process must be implemented.
Answer: D
QUESTION 15
Refer to the Exhibit, what is a possible reason for the given error?
A. One or more require application failed to respond.
B. The IPS engine is busy building cache files.
C. The IPS engine I waiting for a CLI session to terminate.
D. The virtual sensor is still initializing.
Answer: D
QUESTION 16
Which three statements about the keying methods used by MAC Sec are true (Choose Three)
A. MKA is implemented as an EAPoL packet exchange
B. SAP is enabled by default for Cisco TrustSec in manual configuration mode.
C. SAP is supported on SPAN destination ports
D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA
E. SAP is not supported on switch SVIs .
F. A valid mode for SAP is NULL
Answer: AEF
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmacsec.pdf
SAP is disabled by default in Cisco TrustSec manual mode
QUESTION 17
Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)
A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute
B. It uses AD attribute maps to assign users to group policies configured under the WebVPN context
C. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies
D. It can assign a group policy to a user based on access credentials
E. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA
F. It is a closed standard that manages directory-information services over distributed networks
Answer: BD
QUESTION 18
Drag and Drop Question
Drag each IPS signature engine on the left to its description on the right.
Answer:
400-251 dumps full version (PDF&VCE): https://www.lead2pass.com/400-251.html
Large amount of free 400-251 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8