Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html
Question No.131
Which command is required for bonnet filter on Cisco ASA to function properly?
-
dynamic-filter inspect tcp /80
-
dynamic-filter whitelist
-
inspect botnet
-
inspect dns dynamic-filter-snoop
Correct Answer: D
Question No.132
Which host attributes can be assigned in compliance white list?
-
Verified unverified and complaint
-
Verified and unverified
-
Verified, unverified and evaluated
-
Complaint, noncompliant and not evaluated
-
Complaint and noncompliant
Correct Answer: E
Question No.133
From the list below, which one is the major benefit of AMP Threat GRID?
-
AMP Threat Gird learns ONLY form data you pass on your network and not form anything else to monitor for suspicious behavior. This makes
-
AMP Threat Grid combines Static, and Dynamic Malware analysis with threat intelligence into one combined solution.
-
AMP Threat Grid analyzes suspicious behavior in your network against exactly 400 behavioral indicators.
-
AMP Threat Grid collects file information from customer servers and run tests on them to see if they are infected with viruses.
Correct Answer: B
Question No.134
Which command on Cisco ASA you can enter to send debug messages to a syslog server?
-
logging debug-trace
-
logging host
-
logging traps
-
logging syslog
Correct Answer: A
Question No.135
Which three EAP protocols are supported in WPA and WPA2? (Choose three)
-
EAP-PSK
-
EAP-EKE
-
EAP-FAST
-
EAP-AKA
-
EAP-SIM
-
EAP-EEE
Correct Answer: CDE
Question No.136
Which two options are normal functionalities for ICMP? (Choose two)
-
host detection
-
packet filtering
-
relaying traffic statistics to applications
-
path MTU discovery
-
port scanning
-
router discovery
Correct Answer: AD
Question No.137
Which command on Cisco ASA you can enter to send debug messages to a syslog server?
-
logging debug-trace
-
logging host
-
logging traps
-
logging syslog
Correct Answer: A
Question No.138
Which three statements are true after a successful IPsec negotiation has taken place? (Choose
three)
-
After IPsec tunnel is established data is encrypted using one set of DH-generated keying material
-
After the IPsec tunnel is established, data is encrypted using two sets of DH-generated keyring material
-
Two tunnels were established, the first one is for ISAKMP and IPsec negotiation and the second one is for data encryption as a result of IPsec negotiation
-
The ISAKMP tunnel was established to authenticate the peer and discreetly negotiate the IPsec parameters
-
One secure channel and one tunnel were established, the secure channel was established by ISAKMP negotiation followed by an IPsec tunnel for encrypting user data
-
The ISAKMP secure channel was established to authenticate the peer and discretely negotiate the IPsec parameters
Correct Answer: BEF
Question No.139
What are the three configurations in which SSL VPN can be Implemented? (Choose three)
-
WebVPN
-
PVC Tunnel Mode
-
Interactive mode
-
L2TP over IPSec
-
Thin-Client
-
AnyConnect Tunnel Mode
-
Clientless
-
CHAP
Correct Answer: EFG
Question No.140
Which statement about the TRUST action when configure an ACP is true?
-
it allows traffic to pass without inspection only of the source matches with an address defined in the preprocessor list.
-
It allows matched traffic through without inspection.
-
It allows matched traffic to pass without inspection if the traffic source matches exists in the white list.
-
It allows matched traffic through, but reverts to IPS inspection if a file inspection triggers malware alert.