[Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 21-30

Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html

Question No.21

Which best practice can limit inbound TTL expiry attacks?

  1. Setting the TTL value to zero.

  2. Setting the TTL value to more than longest path in the network.

  3. Setting the TTL value equal to the longest path in the network.

  4. Setting the TTL value to less than the longest path in the network.

Correct Answer: B

Explanation:

In practice, filtering packets whereby TTL value is less than or equal to the value that is needed to traverse the longest path across the network will completely mitigate this attack vector.

https://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.html

Question No.22

Which file extensions are supported on the Firesight Management Center 6.1 file policies that can be analyzed dynamically using the Threat Grid Sandbox integration?

  1. MSEXEMSOLE2NEW-OFFICEPDF

  2. DOCXWAVXLSTXT

  3. TXTMSOLE2WAVPDF

  4. DOCMSOLE2XMLPDF

Correct Answer: A

Question No.23

What IOS feature can header attacks by using packet-header information to classify traffic?

  1. TTL

  2. CAR

  3. FPM

  4. TOS

  5. LLQ

Correct Answer: C

Question No.24

Which two statements about Botnet Traffic Filter snooping are true? (Choose two.)

  1. It can log and block suspicious connections from previously unknown bad domains and IP addresses.

  2. It requires the Cisco ASA DNS server to perform DNS lookups.

  3. It requires DNS packet inspection to be enabled to filter domain names in the dynamic database.

  4. It checks inbound traffic only.

  5. It can inspect both IPv4 and IPv6 traffic.

  6. It checks inbound and outbound traffic.

Correct Answer: CF

Question No.25

Which two statements about Cisco VSG are true? (Choose two.)

  1. Because it is deployed at Layer 2, it can be inserted without significant reengineering of the network.

  2. According to Cisco best practices, the VSG should use the same VLAN for VSM-VEM control traffic and management traffic.

  3. It uses optional IP-to-virtual machine mappings to simplify management of virtual machines.

  4. It uses the Cisco VSG user agent to register with the Cisco Prime Network Services Controller.

  5. It can be integrated with VMWare vCenter to provide transparent provisioning of policies and profiles.

  6. It has built-in intelligence for redirecting traffic and fast-path offload.

Correct Answer: EF

Question No.26

Which two statements about SPAN sessions are true? (Choose two.)

  1. A single switch stack can support up to 32 source and RSPAN destination sessions.

  2. Source ports and source VLANs can be mixed in the same session

  3. They can monitor sent and received packets in the same session.

  4. Multiple SPAN sessions can use the same destination port.

  5. Local SPAN and RSPAN can be mixed in the same session.

  6. They can be configured on ports in the disabled state before enabling the port.

Correct Answer: CF

Question No.27

Which two statements about MPP (Management Plane Protection) are true? (Choose two.)

  1. It is supported on both distributed and hardware-swithched platforms.

  2. Only out-of-band management interfaces are supported.

  3. Only virtual interfaces associated with physical interfaces are supported.

  4. It is supported on both active and standby management interfaces.

  5. Only in-band management interfaces are supported.

  6. Only virtual interfaces associated with sub-interfaces are supported.

Correct Answer: CE

Question No.28

In OpenStack, which two statements about the NOVA component are true? (Choose two.)

  1. It provides the authentication and authorization services.

  2. It launches virtual machine instances.

  3. It is considered the cloud computing fabric controller.

  4. It provides persistent block storage to running instances of virtual machines.

  5. It tracks cloud usage statistics for billing purposes.

Correct Answer: BC

Question No.29

Which connection mechanism does the eSTREAMER service use to communicate?

  1. IPsec tunnels with 3DES or AES encryption

  2. TCP over SSL only

  3. SSH

  4. EAP-TLS tunnels

  5. TCP with optional SSL encryption

  6. IPsec tunnels with 3DES encryption only

Correct Answer: B

Question No.30

Which four task items need to be performed for an effective nsk assessment and to envaluate network posture? (Choose four.)

  1. discovery

  2. baselining

  3. scanning

  4. notification

  5. validation

  6. escalation

  7. mitigation

  8. profiling

Correct Answer: ACEH

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF

Leave a Reply