Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html
Question No.1
Which two statements about uRPF are true? (Choose two)
-
The administrator can configure the allow-default command to force the routing table to use only the default route
-
In strict mode, only one routing path can be available to reach network devices on a subnet
-
The administrator can use the show cef interface command to determine whether uRPF is enabled
-
The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work through HSRP routing groups
-
It is not supported on the Cisco ASA security appliance
Correct Answer: BC
Explanation:
Reverse Path Forwarding
http://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html
Question No.2
Within Platform as a Service, which two components are managed by the customer? (Choose two.)
-
Data
-
networking
-
middleware
-
applications
-
operating system
Correct Answer: AD
Question No.3
Which two options are benefits of the Cisco ASA Identity Firewall? (Choose two.)
-
It can identify threats quickly based on their URLs.
-
It can operate completely independently of their services.
-
It can apply security policies on an individual user or user-group basis.
-
It decouples security policies from the network topology.
-
It supports an AD server module to verify identity data.
Correct Answer: CD
Question No.4
Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
-
The translation table cannot override the routing table for new connections.
-
Routes to the NuLL0 interface cannot be configured to black-hole traffic.
-
In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors.
-
The ASA supports policy-based routing with route maps.
Correct Answer: A
Question No.5
Which three options are fields in a CoA Request Response code packet? (Choose three.)
-
Length
-
Acct-session-ID
-
Calling-station-ID
-
Identifier
-
Authenticator
-
State
Correct Answer: BCF
Question No.6
Which three statements about VRF-Aware Cisco Firewall are true? (Choose three.)
-
It supports both global and per-VRF commands and DoS parameters.
-
It enables service providers to deploy firewalls on customer devices.
-
It can generate syslog messages that are visible only to individual VPNs.
-
It can support VPN networks with overlapping address ranges without NAT.
-
It enables service providers to implement firewalls on PE devices.
-
It can run as more than one instance.
Correct Answer: CEF
Question No.7
Which two options are unicast address types for IPv6 addressing? (Choose two.)
-
static
-
link-local
-
established
-
dynamic
-
global
Correct Answer: BE
Question No.8
Which two commands would enable secure logging on a Cisco ASA to a syslog server at 10.0.0.1? (Choose two.)
-
logging host inside 10.0.0.1 UDP/500 secure
-
logging host inside 10.0.0.1 TCP/1470 secure
-
logging host inside 10.0.0.1 UDP/447 secure
-
logging host inside 10.0.0.1 UDP/514 secure
-
logging host inside 10.0.0.1 TCP/1500 secure
Correct Answer: BE
Question No.9
Which effect of the crypto key encrypt write rsa command on a router is true?
-
The device locks the encrypted key, but the key is lost when the router is reloaded.
-
The device encrypts and locks the key before authenticating it with an external CA server.
-
The device unlocks the encrypted key, but the key is lost when the router is reloaded.
-
The device locks the encrypted key and saves it to the NVRAM.
-
The device saves the unlocked encrypted key to the NVRAM.
Correct Answer: E
Question No.10
Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three)
-
DTLS can fall back to TLS without enabling dead peer detection.
-
By default, the VPN connection connects with DTLS.
-
Rea-time application performance improves if DTLS is implemented
-
Cisco AnyConnect connections use IKEv2 by default when it is configure as the primary protocol on the client.
-
By default, the ASA uses the Cisco AnyConnect Essentials license.
-
The ASA will verify the remote HTTPS certificate.
Correct Answer: CDE
Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF