Download CCIE Security Written Exam v5-1.pass4sures.400-251.2018-08-02.1e.123q.vcex

Download Dump

File Info

Exam CCIE Security Written Exam v5.1
Number 400-251
File Name CCIE Security Written Exam v5-1.pass4sures.400-251.2018-08-02.1e.123q.vcex
Size 1.86 Mb
Posted August 02, 2018
Downloaded 15



How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase
Coupon: EXAMFILESCOM

Coupon: EXAMFILESCOM
With discount: 20%





Demo Questions

Question 1
Which two statements about the MACsec security protocol are true? (Choose two.)

  • A: MACsec is not supported in MDA mode.
  • B: Stations broadcast an MKA heartbeat that contains the key server priority.
  • C: When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM.
  • D: MKA heartbeats are sent at a default interval of 3 seconds.
  • E: The SAK is secured by 128-bit AES-GCM by default.



Question 2
Which type of header attack is detected by Cisco ASA basic threat detector?

  • A: failed application inspection
  • B: connection limit exceeded
  • C: bad packet format
  • D: denial by access list



Question 3
Which two statements about SCEP are true? (Choose two.)

  • A: The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.
  • B: CA servers must support GetCACaps response message in order to implement extended functionality.
  • C: The GetCert exchange is signed and encrypted only in the response direction.
  • D: It is vulnerable to downgrade attacks on its cryptographic
  • E: The GetCRL exchange is signed and encrypted only in the response direction.



Question 4
Which effect of the ip nhrp map multicast dynamic command is true?

  • A: It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface.
  • B: It enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel.
  • C: It configures a hub router to automatically add spoke routers to the multicast replication list of the hub.
  • D: It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs.



Question 5
View the Exhibit. 

 
 
Refer to the exhibit. A user authenticates to the NAS, which communicates to the TACACS+ server for authentication. The TACACS+ server then accesses the Active Directory Server through the ASA firewall to validate the user credentials. 
Which protocol-port must be allowed access through the ASA firewall?

  • A: DNS over TCP 53
  • B: global catalog over UDP 3268
  • C: LDAP over UDP 389
  • D: DNS over UDP 53
  • E: TACACS+ over TCP 49
  • F: SMB over TCP 455



Question 6
Which effect of the crypto pki authenticate command is true?

  • A: It sets the certificate enrollment method.
  • B: It retrieves and authenticates a CA certificate.
  • C: It displays the current CA certificate.
  • D: It configures a CA trustpoint.



Question 7
View the Exhibit. 

  

Refer to the exhibit. What is the maximum number of site-to-site VPNs allowed by this configuration?

  • A: 10
  • B: 15
  • C: unlimited
  • D: 5
  • E: 0
  • F: 1



Question 8
How does Scavenger-class QoS mitigate DoS and worm attacks?

  • A: It matches traffic from individual hosts against the specific network characteristics of known attack types.
  • B: It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is detected.
  • C: It monitors normal traffic flow and drops burst traffic above the normal rate for a single host.
  • D: It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from multiple hosts.



Question 9
Which three statements about SXP are true? (Choose three.)

  • A: To enable an access device to use IP device tracking to learn source device IP addresses, DHCP snooping must be configured.
  • B: Each VRF supports only one CTS-SXP connection.
  • C: It resides in the control plane, where connections can be initiated from a listener.
  • D: Separate VRFs require different CTS-SXP peers, but they can use the same source IP addresses.
  • E: The SGA ZBPF uses the SGT to apply forwarding decisions.
  • F: Packets can be tagged with SGTs only with hardware support.



Question 10
View the Exhibit. 

  

Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)

  • A: Configuration commands in the router are authorized without checking the TACACS+ server.
  • B: When a user logs in to privilege EXEC mode, the router will track all user activity.
  • C: Requests to establish a reverse AUX connection to the router will be authorized against the TACACS+ server.
  • D: When a user attempts to authenticate on the device, the TACACS+ server will be prompt the user to enter the username stored in the router’s database.
  • E: If a user attempts to log in as a level 15 user, the local database will be used for authentication and TACACS+ server will be used for authorization.
  • F: It configures the router’s local database as the backup authentication method for all TTY, console, and aux logins.









CONNECT US


ProfExam
PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount..

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen



HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset