Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 271 – (Topic 2)

Refer to the exhibit Which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?

A. _65509.?$ B. _65503$ C. ^65503.* D. ^65503$ E. _65503_ F. 65503

Answer: C

Question No: 272 DRAG DROP – (Topic 2)

Drag and drop the DNS record types from the left to the matching descriptions to the right

Answer:

Explanation:

DNSkEY: contains a public key for use by the resolver NSEC: Link to the zone#39;s next record name

NSEC3 : contains a hashed link to the zone#39;s next record name PRSIG: contains the record set#39;s DNSSEC signature

NSEC3PARAM : used by authoritative DNS servers when responding to DNSSEC requests

DS : holds the delegated zone#39;s name

Question No: 273 – (Topic 2)

On which two protocols is VNC based?(Choose two)

1. Rdesktop

2. UDP

3. RFB

4. Terminal Services Client

5. CoRD

6. TCP

Answer: C,F

Question No: 274 – (Topic 2)

Refer to the exhibit What is the configuration design to prevent?

1. Man in the Middle Attacks

2. Dynamic payload inspection

3. Backdoor control channels for infected hosts

4. DNS Inspection

Answer: D

Question No: 275 – (Topic 2)

What protocol provides security for datagram protocols?

1. MAB

2. DTLS

3. SCEP

4. GET

5. LDP

Answer: B

Question No: 276 – (Topic 2)

What command specifies the peer from which MSDP SA message are accepted?

1. IP msdpsa-filter in lt;peergt;[listlt;aclgt;] [route-map lt;mapgt; ]

2. Ipmsdp default-peer lt;peergt;

3. Ipmsdp mesh-group

4. Ipmsdp originator-id lt;interfacegt;

Answer: B

Question No: 277 – (Topic 2)

What is the effect of the following command on Cisco IOS router? ip dns spoofing 1.1.1.1

1. The router will respond to the DNS query with its highest loopback address configured

2. The router will respond to the DNS query with 1.1.1.1 if the query id for its own hostname

3. The router will respond to the DNS query with the IP address of its incoming interface for any hostname query

4. The router will respond to the DNS query with the IP address of its incoming interface for its own hostname

Answer: D

Question No: 278 – (Topic 2)

With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP

registration fails Registration will continue to fail until you do which of these?

1. Modify the NHRP network IDs to match on the hub and spoke.

2. configure the ip nhrp caches non-authoritative command on the hub’s tunnel interface.

3. modify the tunnel keys to match on the hub and spoke.

4. modify the NHRP hold time to match on the hub and spoke.

Answer: C

Question No: 279 – (Topic 2)

Refer to the exhibit. If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true?(Choose two)

1. The device will close each connection after 90 seconds even if a connection is actively processing a request.

2. Connections will close after 60 seconds without activity or 90 seconds with activity.

3. Connections will close after 60 seconds or as soon as the first request is processed.

4. When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds.

5. Connections will close after 60 seconds without activity or as soon as the first request is processed.

Answer: C,E

Question No: 280 – (Topic 2)

Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?

1. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors

2. The ASA supports policy-based routing with route maps

3. Routes to the Null0 interface cannot be configured to black-hole traffic

4. The translations table cannot override the routing table for new connections

Answer: C

100% Dumps4cert Free Download!
–400-251 PDF
100% Dumps4cert Pass Guaranteed!
–400-251 Dumps

	Dumps4cert	ExamCollection	Testking
Lowest Price Guarantee	Yes	No	No
Up-to-Dated	Yes	No	No
Real Questions	Yes	No	No
Explanation	Yes	No	No
PDF VCE	Yes	No	No
Free VCE Simulator	Yes	No	No
Instant Download	Yes	No	No