[Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 1-10

Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html

Question No.1

Which two statements about uRPF are true? (Choose two)

  1. The administrator can configure the allow-default command to force the routing table to use only the default route

  2. In strict mode, only one routing path can be available to reach network devices on a subnet

  3. The administrator can use the show cef interface command to determine whether uRPF is enabled

  4. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work through HSRP routing groups

  5. It is not supported on the Cisco ASA security appliance

Correct Answer: BC

Explanation:

Reverse Path Forwarding

http://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html

Question No.2

Within Platform as a Service, which two components are managed by the customer? (Choose two.)

  1. Data

  2. networking

  3. middleware

  4. applications

  5. operating system

Correct Answer: AD

Question No.3

Which two options are benefits of the Cisco ASA Identity Firewall? (Choose two.)

  1. It can identify threats quickly based on their URLs.

  2. It can operate completely independently of their services.

  3. It can apply security policies on an individual user or user-group basis.

  4. It decouples security policies from the network topology.

  5. It supports an AD server module to verify identity data.

Correct Answer: CD

Question No.4

Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?

  1. The translation table cannot override the routing table for new connections.

  2. Routes to the NuLL0 interface cannot be configured to black-hole traffic.

  3. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors.

  4. The ASA supports policy-based routing with route maps.

Correct Answer: A

Question No.5

Which three options are fields in a CoA Request Response code packet? (Choose three.)

  1. Length

  2. Acct-session-ID

  3. Calling-station-ID

  4. Identifier

  5. Authenticator

  6. State

Correct Answer: BCF

Question No.6

Which three statements about VRF-Aware Cisco Firewall are true? (Choose three.)

  1. It supports both global and per-VRF commands and DoS parameters.

  2. It enables service providers to deploy firewalls on customer devices.

  3. It can generate syslog messages that are visible only to individual VPNs.

  4. It can support VPN networks with overlapping address ranges without NAT.

  5. It enables service providers to implement firewalls on PE devices.

  6. It can run as more than one instance.

Correct Answer: CEF

Question No.7

Which two options are unicast address types for IPv6 addressing? (Choose two.)

  1. static

  2. link-local

  3. established

  4. dynamic

  5. global

Correct Answer: BE

Question No.8

Which two commands would enable secure logging on a Cisco ASA to a syslog server at 10.0.0.1? (Choose two.)

  1. logging host inside 10.0.0.1 UDP/500 secure

  2. logging host inside 10.0.0.1 TCP/1470 secure

  3. logging host inside 10.0.0.1 UDP/447 secure

  4. logging host inside 10.0.0.1 UDP/514 secure

  5. logging host inside 10.0.0.1 TCP/1500 secure

Correct Answer: BE

Question No.9

Which effect of the crypto key encrypt write rsa command on a router is true?

  1. The device locks the encrypted key, but the key is lost when the router is reloaded.

  2. The device encrypts and locks the key before authenticating it with an external CA server.

  3. The device unlocks the encrypted key, but the key is lost when the router is reloaded.

  4. The device locks the encrypted key and saves it to the NVRAM.

  5. The device saves the unlocked encrypted key to the NVRAM.

Correct Answer: E

Question No.10

Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three)

  1. DTLS can fall back to TLS without enabling dead peer detection.

  2. By default, the VPN connection connects with DTLS.

  3. Rea-time application performance improves if DTLS is implemented

  4. Cisco AnyConnect connections use IKEv2 by default when it is configure as the primary protocol on the client.

  5. By default, the ASA uses the Cisco AnyConnect Essentials license.

  6. The ASA will verify the remote HTTPS certificate.

Correct Answer: CDE

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF