[Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 41-50

Get Full Version of the Exam

Question No.41

Which two characteristics of DTLS are true? (Choose two.)

  1. It supports long data transfers and connectionless data transfers.

  2. It includes a retransmission method because it uses an unreliable datagram transport.

  3. It includes a congestion control mechanism.

  4. It is used mostly by applications that use application layer object-security protocols.

  5. It completes key negotiation and bulk data transfer over a single channel.

  6. It cannot be used if NAT exists along the path.

Correct Answer: BC

Question No.42

Refer to the exhibit. Which service of feature must be enabled on to produce the given output?


  1. the Finger service

  2. a BOOTP server

  3. a TCP small server

  4. the PAD service

Correct Answer: C

Question No.43

Which two statements about NVGRE are true? (Choose two.)

  1. It supports up to 32 million virtual segments per instance.

  2. The network switch handles the addition and removal of NVGRE encapsulation.

  3. NVGRE endpoints can reside within a virtual machine.

  4. It allows a virtual machine to retain its MAC and IP addresses when it is moved to a different hypervisor on a different L3 network.

  5. The virtual machines reside on a single virtual network regardless of their physical location.

Correct Answer: CE

Question No.44

A server with IP address is protected behind the inside interface of a Cisco ASA and the Internet on the outside interface. User on the Internet need to access the server ay any time, but the firewall administrator does not want to apply NAT to the address of the server because it is currently a public address. Which three of the following commands can be used to accomplish this? (Choose three.)

A. static (outside, inside) netmask B. nat (inside) 1

C. static (inside, outside) netmask

  1. no nat-control

  2. access-list no-nat permit ip host any nat (inside) 0 access-list no-nat

F. nat (inside) 0

Correct Answer: CEF

Question No.45

Which three statements about the keying methods used by MACSec are true? (Choose three.)

  1. SAP is not supported on switch SVls.

  2. SAP is supported on SPAN destination ports.

  3. MKA is implemented as an EAPoL packet exchange.

  4. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA.

  5. SAP is enabled by default for Cisco TrustSec in manual configuration mode.

  6. A valid mode for SAP is NULL.

Correct Answer: ACF

Question No.46

Which two statements SCEP are true? (Choose two)

  1. CA servers must support GetCACaps response messages in order in implement extended functionality.

  2. The GetCRL exchange is signed and encrypted only in the response direction.

  3. It is vulnerable to downgrade attacks on its cryptographic capabilities.

  4. The GetCACaps response message supports DES encryption and the SHA 128 hashing algorithm.

Correct Answer: AC

Question No.47

Which description of SaaS is true?

  1. a service offering on-demand licensed applications for end users

  2. a service offering that allowing developers to build their own applications

  3. a service offering on-demand software downloads

  4. a service offering a software environment in which applications can be build and deployed.

Correct Answer: A

Question No.48

Refer to the exhibit. What is the effect of the given command? control-plane host

management-interface FastEhternet 0/0 allow ssh snmp

  1. It enables CoPP on the FastEthernet 0/0 interface for SSH and SNMP management traffic.

  2. It enables QoS policing on the control plane of the FastEthernet 0/0 interface.

  3. It enables MPP on the FastEthernet 0/0 interface, allowing only SSH and SNMP management traffic.

  4. It enables MPP on the FastEthernet 0/0 interface by enforcing rate-limiting for SSH and SNMP management traffic.

  5. It enables MPP on the FastEthernet 0/0 interface for SNMP management traffic and CoPP for all other protocols.

Correct Answer: C

Question No.49

Which two statements about a wireless access point configured with the guest-mode command are true? (Choose two.)

  1. It can support more than one guest-mode SSID.

  2. It supports associations by clients that perform passive scans.

  3. It allows clients configured without SSIDs to associate.

  4. It allows associated clients to transmit packets using its SSID.

  5. If one device on a network is configure in guest-mode, clients can use the guest-mode SSID to connect to any device in the same network.

Correct Answer: BC

Question No.50

Which two statements about 6to4 tunneling are true? (Choose two.)

  1. It provides a /128 address block.

  2. It supports static and BGPV4 routing.

  3. It provides a /48 address block.

  4. It supports managed NAT along the path of the tunnel.

  5. The prefix address of the tunnel is determined by the IPv6 configuration of the interface.

  6. It supports multihoming.

Correct Answer: BC

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF