Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html

Question No.31

Refer to the exhibit. Which effect of this configuration is true?

1. If the RADIUS server is unreachable, SSH users cannot authenticate.

2. Users must be in the RADIUS server to access the serial console.

3. Users accessing the device via SSH and those accessing enable mode are authenticated against the RADIUS server

4. All commands are validated by the RADIUS server before the device executes them.

5. Only SSH users are authenticated against the RADIUS server.

Correct Answer: C

Question No.32

Refer to the exhibit. You applied this VPN cluster configuration to a Cisco ASA and the cluster failed to form. How do you edit the configuration to correct the problem?

1. Define the maximum allowable number of VPN connections.

2. Define the master/slave relationship.

3. Configure the cluster IP address.

4. Enable load balancing.

Correct Answer: C

Question No.33

Refer to the exhibit. Which effect of this configuration is true?

1. Users attempting to access the console port are authenticated against the TACACS server.

2. The device tries to reach the server every 24 hours and falls back to the LOCAL database if it fails.

3. If TACACS authentication fails, the ASA uses Cisco 123 as its default password.

4. The servers in the TACACS group are reactivated every 1440 seconds.

5. Any VPN user with a session timeout of 24 hours can access the device.

Correct Answer: A

Question No.34

Which option best describes RPL?

1. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route

   between two root border routers.

2. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two root border routers.

3. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.

4. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router.

Correct Answer: D

Question No.35

Which three statements about SCEP are true? (Choose three.)

1. It supports online certification revocation.

2. Cryptographically signed and encrypted messages are conveyed using PKCS#7

3. It supports multiple cryptographic algorithms including RSA.

4. The certificate request format uses PKCS#10.

5. CRL retrieval is supported through CDP(Certificate Distribution Point) queries.

6. It supports synchronous granting.

Correct Answer: BDE

Explanation:

Simple Certificate Enrollment Protocol

http://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/116167- technotescep-00.html

Question No.36

Which statement about deploying policies with the Firepower Management Center is true?

1. All policies are deployed on-demand when the administrator triggers them.

2. Deploy tasks can be scheduled to deploy policies automatically.

3. The leaf domain can deploy changes to all subdomains simultaneously.

4. The global domain can deploy changes to individual subdomains.

5. Policies are deployed automatically when the administrator saves them.

Correct Answer: B

Question No.37

What are three features that are enabled by generating Change of Authorization (CoA) requests in a push model? (Choose three.)

1. session reauthentication

2. session identification

3. host reauthentication

4. MAC identification

5. session termination

6. host termination

Correct Answer: BCE

Question No.38

Which two options are benefits of network summarization? (Choose two.)

1. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.

2. It can increase the convergence of the network.

3. It can summarize discontiguous IP addresses.

4. It can easily be added to existing networks.

5. It reduces the number of routes.

Correct Answer: AE

Question No.39

Which three statement about SXP are true? (Choose three)

1. It resides in the control plane, where connections can be initiated from a listener.

2. Packets can be tagged with SGTs only with hardware support.

3. Each VRF support only one CTS-SXP connection.

4. To enable an access device to use IP device tracking to learn source device IP addresses, DHCP snooping must be configured.

5. The SGA ZBFW uses the SGT to apply forwarding decisions.

6. Separate VRFs require different CTS-SXP peers , but they can use the same source IP addresses.

Correct Answer: BCE

Question No.40

When TCP Intercept is enabled in its default mode, how does it react to a SYN request?

1. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established.

2. It monitors the attempted connection and drops it if it fails to establish within 30 seconds.

3. It allows the connection without inspection.

4. It intercepts the SYN before it reaches the server and responds with a SYN-ACK.

5. It drops the connection.

Correct Answer: D

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF

Related Posts

• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 111-120
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 121-130
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 131-140
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 81-90
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 91-100
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 101-110