It is more faster and easier to pass the 400-251 dumps by using 400-251 dumps. Immediate access to the 400-251 dumps and find the same core area 400-251 dumps with professionally verified answers, then PASS your exam with a high score now.

Online 400-251 free questions and answers of New Version:

NEW QUESTION 1
Which two statements about ICMP redirect messages are true? (Choose two.)

  • A. Redirects are only punted to the CPU if the packets are also source-routed.
  • B. The messages contain an ICMP Type 3 and ICMP code 7.
  • C. By default, configuring HSRP on the interface disables ICMP redirect functionality.
  • D. They are generated when a packet enters and exits the same route interface.
  • E. They are generated by the host to inform the router of an temate route to the destination.

Answer: CD

NEW QUESTION 2
Refer to the exhibit.
400-251 dumps exhibit
Which two configurations must you perform to enable the device to use this class map? (Choose two)

  • A. Configure PDLM
  • B. Configure the ip nbar custom command
  • C. Configure the ip nbar protocol discovery command
  • D. Configure the transport hierarchy
  • E. Configure the DSCP value

Answer: BC

NEW QUESTION 3
Refer to the exhibit.
400-251 dumps exhibit
A customer reports to Cisco TAC that one of the Windows clients that is supposed to log in to the network using MAB can no longer access any allowed resources. Which possible cause of the MAB failure is true?

  • A. MAB is disabled on port Gi1/0/9.
  • B. AAA authorization is incorrectly configured on the switch.
  • C. CTS is configured incorrectly on the switch.

Answer: A

NEW QUESTION 4
Which two characteristics of DTLS are true? (Choose two.)

  • A. It supports long data transfers and connectionless data transfers.
  • B. It includes a retransmission method because it uses an unreliable datagram transport.
  • C. It includes a congestion control mechanism.
  • D. It is used mostly by applications that use application layer object-security protocols.
  • E. It completes key negotiation and bulk data transfer over a single channel.
  • F. It cannot be used if NAT exists along the path.

Answer: BC

NEW QUESTION 5
Which two statements about EVPN are true? (Choose two.)

  • A. EVPN route exchange enables PEs to discover one another and elect a DF.
  • B. EVPN routes can advertise backbone MAC reachability.
  • C. EVLs allow you to map traffic on one or more VLANs or ports to a Bridge Domain.
  • D. EVPN routes can advertise VLAN membership and verify the reachability of Ethernet segments.
  • E. It is a next-generation Ethernet L2VPN solution that supports load balancing at the individual flow leveland provider advanced access redundancy.
  • F. It is a next-generation Ethernet L3VPN solution that simplifies control-plane operations and enhances scalability.

Answer: AB

NEW QUESTION 6
Which option best describes RPL?

  • A. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
  • B. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two root border routers.
  • C. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
  • D. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router.

Answer: D

NEW QUESTION 7
Which statement is correct regarding Cisco VSG functionality?

  • A. It allows Active-Active failover operation mode when deployed as HA pair.
  • B. It applies security profile only after VM instantiation.
  • C. It allows third-party orchestration tool to interact with XML API's for its provisioning.
  • D. It does not allow to extend Zone-based firewall capabilities to VMs on VXLAN.
  • E. It allows administrative segregation due to which Security Administration can author and manage port profiles.
  • F. It does not provide trusted access to VMs in an enterprise data center.

Answer: C

NEW QUESTION 8
Which criteria does ASA use for packet classification if multiple contexts share an ingress interlace MAC address?

  • A. ASA ingress interface IP address
  • B. policy-based routing on ASA
  • C. destination IP address
  • D. destination MAC address
  • E. ASA ingress interface MAC address
  • F. ASA NAT configuration
  • G. ASA egress interface IP address

Answer: E

NEW QUESTION 9
Which statement correctly describes 3DES encryption algorithm?

  • A. It uses a set of three keys for encryption and a different set of three keys for decryption.
  • B. It is a block Cipher algorithm but weaker than DES due to smaller key size.
  • C. It is an asymmetric algorithm with a key size of 168 bits.
  • D. It does decryption in reverse order with the same set of keys used during encryption.
  • E. It is a block cipher algorithm with a key size of 56 bits.
  • F. It is a stream cipher algorithm with a key size of 168 bits.

Answer: D

NEW QUESTION 10
Refer to the exhibit. ASA# sh nat detail
Auto NAT Policies (Section 1)
1 (inside) to (outside) source static servers server1_t translate_hits = 0 untranslate_hits = 5
Source = Origin 192.168.1.3/32. Translated 19.16.1.3/32 2 (inside) to (outside) source static servers server2_t translate_hits = 0 untranslate_hits = 24
Source = Origin 192.168.2.3/32. Translated 19.16.2.3/32 ASA# sh access-list
access-list trustsec line 1 extended permit tcp security-group name employee (tag=16) any security-group name engineering_int(tag=20) any eq 8080 (hitcnt=1) access-list trustsec line 2 extended permit tcp security-group name guest
(tag=17) any security-group name intranet_int(tag=10) any eq 8080 (hitcnt=1) ASA# sh cts exp sge-map
SGT 17
IPv4 60.1.1.1
PeerIP 161.1.7.14
InsNum 1 Status Active SGT 18
IPv4 19.16.1.1
PeerIP 161.1.7.14
InsNum 1 Status Active SGT 20
IPv4 192.168.1.3
PeerIP 161.1.7.14
InsNum 1 Status Active SGT 19
IPv4 19.16.2.3
PeerIP 161.1.7.14
InsNum 1 Status Active SGT 15
IPv4 192.168.2.3
PeerIP 161.1.7.14
InsNum 1 Status Active SGT 16
IPv4 50.1.3.4
PeerIP 161.1.7.14
InsNum 1 Status Active
Destination address with name "engineering_int" is visible to the outside as which of the following addresses?

  • A. 19.16.1.3
  • B. 192.168.1.3
  • C. 50.1.1.1
  • D. 161.1.7.14
  • E. 60.1.1.1
  • F. 19.16.2.3
  • G. 192.168.2.3

Answer: A

NEW QUESTION 11
When TCP Intercept is enabled in its default mode, how does it react to a SYN request?

  • A. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established.
  • B. It monitors the attempted connection and drops it if it fails to establish within 30 seconds.
  • C. It allows the connection without inspection.
  • D. It intercepts the SYN before it reaches the server and responds with a SYN-ACK.
  • E. It drops the connection.

Answer: D

NEW QUESTION 12
In FMC the correlation rule could be based on which two elements? (Choose two.)

  • A. Authorization rule
  • B. Intrusion event
  • C. CoA (Change of Authorization)
  • D. Traffic profile variation
  • E. NDAC (Network Device Admission Control)
  • F. SGT (Security Group Tag) mapping
  • G. Database type
  • H. Authentication condition

Answer: BD

NEW QUESTION 13
What are the three configurations in which SSL VPN can be implemented? (Choose three.)

  • A. WebVPN
  • B. PVC TunnelMode
  • C. Interactivemode
  • D. L2TP overIPSec
  • E. Thin-Client
  • F. AnyConnect TunnelMode
  • G. Clientless
  • H. CHAP

Answer: EFG

NEW QUESTION 14
Which statement is true regarding the wireless security technologies?

  • A. WPA2 is more secure than WPA because it uses TKIP for encryption
  • B. WPA provides message integrity using AES
  • C. WPA2-PSK mode allows passphrase to store locally on thedevice
  • D. WEP is more secure than WPA2 because it uses AES forencryption
  • E. WPA-ENT mode does not require RADIUS forauthentication
  • F. WPÁ2-PSKmodeprovidesbettersecuritybyhavingsamepassphraseacrossthenetwork

Answer: B

NEW QUESTION 15
What are two important guidelines to follow when implementing VTP? (Choose two.)

  • A. When using secure mode VTP, only configure management domain passwords on VTP servers.
  • B. Enabling VTP pruning on a server will enable the feature for the entire management domain.
  • C. All switches in the VTP domain must run the same version of VTP.
  • D. CDP must be enabled on all switches in the VTP management domain.
  • E. Use of the VTP multi-domain feature should be restricted to migration and temporary implementation.

Answer: BC

NEW QUESTION 16
Which two commands would enable secure logging on a Cisco ASA to a syslog server at 10.0.0.1? (Choose two.)

  • A. logging host inside 10.0.0.1 UDP/500 secure
  • B. logging host inside 10.0.0.1 TCP/1470 secure
  • C. logging host inside 10.0.0.1 UDP/447 secure
  • D. logging host inside 10.0.0.1 UDP/514 secure
  • E. logging host inside 10.0.0.1 TCP/1500 secure

Answer: BE

NEW QUESTION 17
Refer to the exhibit.
400-251 dumps exhibit
There is no ICMP connectivity from VPN PC to Server 1 and Server2. What could be the possible cause?

  • A. The destination port configuration missing in the access rule
  • B. The server network has incorrect mask in the access rule
  • C. The VLAN tags configuration missing in the access rule
  • D. The action is incorrect in the access rule
  • E. The source network is incorrect in the access rule
  • F. The zone configuration missing in the access rule

Answer: E

Recommend!! Get the Full 400-251 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/400-251/ (New 414 Q&As Version)