Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html

Question No.131

Which command is required for bonnet filter on Cisco ASA to function properly?

1. dynamic-filter inspect tcp /80

2. dynamic-filter whitelist

3. inspect botnet

4. inspect dns dynamic-filter-snoop

Correct Answer: D

Question No.132

Which host attributes can be assigned in compliance white list?

1. Verified unverified and complaint

2. Verified and unverified

3. Verified, unverified and evaluated

4. Complaint, noncompliant and not evaluated

5. Complaint and noncompliant

Correct Answer: E

Question No.133

From the list below, which one is the major benefit of AMP Threat GRID?

1. AMP Threat Gird learns ONLY form data you pass on your network and not form anything else to monitor for suspicious behavior. This makes

2. AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one combined solution.

3. AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral indicators.

4. AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with viruses.

Correct Answer: B

Question No.134

Which command on Cisco ASA you can enter to send debug messages to a syslog server?

1. logging debug-trace

2. logging host

3. logging traps

4. logging syslog

Correct Answer: A

Question No.135

Which three EAP protocols are supported in WPA and WPA2? (Choose three)

1. EAP-PSK

2. EAP-EKE

3. EAP-FAST

4. EAP-AKA

5. EAP-SIM

6. EAP-EEE

Correct Answer: CDE

Question No.136

Which two options are normal functionalities for ICMP? (Choose two)

1. host detection

2. packet filtering

3. relaying traffic statistics to applications

4. path MTU discovery

5. port scanning

6. router discovery

Correct Answer: AD

Question No.137

Which command on Cisco ASA you can enter to send debug messages to a syslog server?

1. logging debug-trace

2. logging host

3. logging traps

4. logging syslog

Correct Answer: A

Question No.138

Which three statements are true after a successful IPsec negotiation has taken place? (Choose

three)

1. After IPsec tunnel is established data is encrypted using one set of DH-generated keying material

2. After the IPsec tunnel is established, data is encrypted using two sets of DH-generated keyring material

3. Two tunnels were established, the first one is for ISAKMP and IPsec negotiation and the second one is for data encryption as a result of IPsec negotiation

4. The ISAKMP tunnel was established to authenticate the peer and discreetly negotiate the IPsec parameters

5. One secure channel and one tunnel were established, the secure channel was established by ISAKMP negotiation followed by an IPsec tunnel for encrypting user data

6. The ISAKMP secure channel was established to authenticate the peer and discretely negotiate the IPsec parameters

Correct Answer: BEF

Question No.139

What are the three configurations in which SSL VPN can be Implemented? (Choose three)

1. WebVPN

2. PVC Tunnel Mode

3. Interactive mode

4. L2TP over IPSec

5. Thin-Client

6. AnyConnect Tunnel Mode

7. Clientless

8. CHAP

Correct Answer: EFG

Question No.140

Which statement about the TRUST action when configure an ACP is true?

1. it allows traffic to pass without inspection only of the source matches with an address defined in the preprocessor list.

2. It allows matched traffic through without inspection.

3. It allows matched traffic to pass without inspection if the traffic source matches exists in the white list.

4. It allows matched traffic through, but reverts to IPS inspection if a file inspection triggers malware alert.

Correct Answer: B

>

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF