This page was exported from New Lead2pass PDF And VCE Ensure IT Exam Pass 100% [ https://www.dumps4microsoft.com ] Export date:Sun Oct 25 7:33:36 2020 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Free Lead2pass Cisco 400-251 PDF Dumps With The Latest Update Exam Questions (376-400) --------------------------------------------------- 2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! After purchasing the dumps for the 400-251 Exam from Lead2pass, I had no doubt that I'd easily pass the exam. Bundle of thanks to Lead2pass for helping me pass the exam without any troubles. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-251.html QUESTION 376Which two statements about 802.1X components are true? (Choose two.) A.    The access layer switch is the policy enforcement point.B.    The certificates that are used in the client-server authentication process are stored on the access switchC.    The RADIUS server is the policy enforcement point.D.    The RADIUS server is the policy information pointE.    The RADIUS server is the policy decision point.F.    An LDAP server can serve as the policy enforcement point.Answer: AEExplanation:http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01.htmlhttp://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-35/101-aaa-part1.html QUESTION 377A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server application. What TCP dump filter would be best to verify that traffic is reaching the Linux Server eth0 interface? A.    tcpdump -i eth0host 10.10 7.4 and host 11.0.1 9 and port 8080B.    tcpdump -i eth0host 10.10.7.4 and 11.0.1.9C.    tcpdump -i eth0 dst 110 1.9 and dst port 8080D.    tcpdump -i eth0 src 10 10 7.4 and dst 11.0.1.9 and dst port 8080 Answer: D QUESTION 378Within Platform as a Service, which two components are managed by the customer? (Choose two.) A.    DataB.    networkingC.    middlewareD.    applicationsE.    operating system Answer: AD QUESTION 379Which two options are important considerations when you use NetFlow to obtain the full picture of network traffic? (Choose two.) A.    It monitors only TCP connections.B.    It monitors only routed traffic.C.    It monitors only ingress traffic on the interface on which it is deployed.D.    It is unable to monitor over time.E.    It monitors all traffic on the interface on which it is deployed. Answer: BE QUESTION 380Which option is a data modeling language use to model configuration and state data of network elements? A.    RESTCONFB.    YANGC.    SNAMPv4D.    NETCONF Answer: B QUESTION 381Which encryption type is used by WSA for implementing the Email Encryption? A.    PKIB.    S/MMIE EncryptionC.    Identity Based Encryption (IBE)D.    TLSE.    SSL Encryption Answer: B QUESTION 382Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)   A.    User five can execute the show run command.B.    User five can view usernames and passwords.C.    User superuser can change usernames and passwordsD.    User superuser can view the configurationE.    User superuser can view usernames and passwordsF.    User Cisco can view usernames and passwords Answer: AD QUESTION 383Which three commands can you use to configure VXLAN on a Cisco ASA firewall? (Choose three.) A.    sysopt connection tcpmssB.    nve-onlyC.    default-mcast-groupD.    segment-idE.    inspect vxlanF.    set ip next-hop verify-availability Answer: BCD QUESTION 384Which description of SaaS is true? A.    a service offering that allowing developers to build their own applicationsB.    a service offering on-demand software downloadsC.    a service offering a software environment in which applications can be build and deployedD.    a service offering on-demand licensed applications for end users Answer: D QUESTION 385AMP for Endpoints is supported on which of these platforms? A.    Windows , MAC , ANDROIDB.    Windows , MAC , LINUX (SuSE , UBUNTU) , , ANDROIDC.    Windows , ANDROID , LINUX (SuSE . REDHAT)D.    Windows , ANDROID , LINUX (REDHAT, CentOS) , MAC Answer: D QUESTION 386Which of the following is AMP Endpoints offline engine for windows? A.    ClamAVB.    ClamAMPC.    TETRAAMPD.    TETRA Answer: D QUESTION 387Which two options are unicast address types for IPv6 addressing? (Choose two.) A.    link-localB.    establishedC.    globalD.    dynamicE.    static Answer: AC QUESTION 388Which two statements about MAB are true? (Choose two) A.    It requires the administrator to create and maintain an accurate database of MAC addressesB.    It serves at the primary authentication mechanism when deployed in conjunction with 802.1x.C.    It Operates at Layer 2 and Layer 3 of the OSI protocol stack.D.    It can be used to authenticate network devices and users.E.    MAC addresses stored in the MAB database can be spoofed.F.    It is a strong authentication method. Answer: AE QUESTION 389Which option best describes RPL? A.    RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two border routesB.    RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves 3nd the root border router.C.    RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two toot border routersD.    RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the router. Answer: B QUESTION 390Which three statements about 802.1x multiauthentication mode are true? (Choose three ) A.    It requires each connected client to authenticate individuallyB.    Each multi authentication port can support only one voice VI ANC.    It can be deployed in conjunction with MDA functionality on voice VLANs.D.    It is recommended for auth fail VLANs.E.    It is recommended for guest VLANsF.    On non-802.1x devices, it can support only one authentication method on a single port Answer: ABCExplanation:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_2_e/security/configuration_guide/b_sec_1522e_2960x_cg/b_sec_1522e_2960x_cg_chapter_010000.html#ID398 QUESTION 391In which two situations is web authentication appropriate? (Choose two.) A.    When secure connections to the network are unnecessary.B.    When a fallback authentication method is necessaryC.    When devices outside the control of the organization's IT department are permitted to connect to the network.D.    When WEP encryption must be deployed on a large scale.E.    When 802.1x authentication is required. Answer: BC QUESTION 392Which three EAP protocols are supported in WPA and WPA2? (Choose three.) A.    EAP-PSKB.    EAP-EKEC.    EAP-FASTD.    EAP-AKAE.    EAP-SIMF.    EAP-EEE Answer: CDE QUESTION 393In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router? A.    clusteringB.    PIM multicast routingC.    stub multicast routingD.    multicast group concept Answer: C QUESTION 394Which two statements about NetFlow Secure Event Logging on a Cisco ASA are (rue? (Choose two) A.    It tracks configured collectors over TCP.B.    It is supported only in single-context mode.C.    It can export templates through NetFlow.D.    It can be used without collectors.E.    It supports one event type per collector.F.    It can log different event types on the same device to different collectors Answer: CF QUESTION 395Refer to the exhibit. After you applied this EtherChannel configuration to a Cisco ASA, the EtherChannel failed to come up. Which reason for the problem is most likely?   A.    The lacp system-priority and lacp port-priority values are the same.B.    The Ether Channel requires three ports, and only two are configured.C.    The Ether Channel is disabled.D.    The channel-group modes are mismatched Answer: D QUESTION 396Refer to the exhibit. Which effect of this configuration is true?   A.    The downloadable ACL and AV pair ACL are merged after three connection attempts are made to the RADIUS server.B.    The downloadable ACL and AV pair ACL are merged immediately when the RADIUS server is activated.C.    For all users, entries in a downloadable ACL are given priority over entries in an AV pair ACL.D.    The downloadable ACL and the AV pair ACL entries are merged together, one ACE at a time.E.    A downloadable ACL is applied after an AV pair ACL. Answer: E QUESTION 397Which two options are benefits of global ACLs? (Choose two) A.    They only operate on logical interfaces.B.    They are more efficient because they are processed before interface access rulesC.    They save memory because they work without being replicated on each interfaceD.    They can be applied to multiple interfaces.E.    They are flexible because they match source and destination IP addresses for packets that arrive on any interface Answer: CE QUESTION 398Which type of attack uses a large number of spoofed MAC addresses to emulate wireless clients? A.    chopchop attackB.    DoS against an access pointC.    authentication-failure attackD.    Airsnarf attackE.    DoS against a client stationF.    device-probing attack Answer: B QUESTION 399Which two options are normal functionalities for ICMP? (Choose two.) A.    host detectionB.    packet filteringC.    relaying traffic statistics to applicationsD.    path MTU discoveryE.    port scanningF.    router discovery Answer: AD QUESTION 400Which three statements about PKI on Cisco IOS Software are true? (Choose three.) A.    OCSP is well-suited for enterprise PKIs in which CRLs expire frequently.B.    The match certificate and allow expired-certificate commands are ignored unless the router clock is set.C.    If a certificate-based ACL specifies more than one field, any one successful field-to-value fest is treated as a match.D.    OCSP enables a PKI to use a CRL without time limitations.E.    Certificate-based ACLs can be configured to allow expired certificates if the peer is otherwise valid.F.    Different OCSP servers can be configured for different groups of client certificates . Answer: AEF I understood all of the 400-251 questions very easily. I scored 96% on my first try. I am definitely going to spread the dump among friends and colleagues. Keep up the great work. 400-251 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU1JrNmttR1dfUm8 2017 Cisco 400-251 exam dumps (All 636 Q&As) from Lead2pass: https://www.lead2pass.com/400-251.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-10-25 07:02:03 Post date GMT: 2017-10-25 07:02:03 Post modified date: 2017-10-25 07:02:03 Post modified date GMT: 2017-10-25 07:02:03 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com