Get Full Version of the Exam
http://www.EnsurePass.com/400-251.html

Question No.91

Which two options are benefits of the Cisco ASA transparent firewall mode? (Choose two)

1. It can establish routing adjacencies.

2. It can perform dynamic routing.

3. It can be added to an existing network without significant reconfiguration.

4. It supports extended ACLs to allow Layer 3 traffic to pass from higher to lower security interfaces.

5. It provides SSL VPN support.

Correct Answer: CD

Question No.92

Refer to the exhibit. What feature must be implemented on the network to produce the given output? (Image missing)

1. CAR

2. PQ

3. WFQ

4. NBAR

5. CQ

Correct Answer: D

Question No.93

Which effect of the ip nhrp map multicast dynamic command is true?

1. It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface.

2. It configures a hub router to automatically add spoke routers to the multicast replication list of the hub.

3. It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs.

4. it enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel.

Correct Answer: B

Question No.94

What are the three scanning engines that the Cisco IronPort dynamic vectoring and streaming engine can use to protect against malware? (Choose three.)

1. McAfee

2. TrendMicro

3. Sophos

4. Webroot

5. F-Secure

6. Symantec

Correct Answer: ACD

Question No.95

Refer to the exhibit. Which two statements about the given IPv6 ZBF configuration are true? (Choose two.)

1. It inspects TCP, UDP, ICMP, and FTP traffic from z1 to z2.

2. It provides backward compatibility with legacy IPv4 inspection.

3. It inspects TCP, UDP, ICMP, and FTP traffic from z2 to z1.

4. It passes TCP, UDP, ICMP, and FTP traffic in both directions between z1 and z2.

5. It provides backward compatibility with legacy IPv6 inspection.

6. It passes TCP, UDP, ICMP, and FTP traffic from z1 to z2.

Correct Answer: AE

Question No.96

Refer to the exhibit. Which effect of this configuration is true?

1. It creates a resource class.

2. It creates a default class.

3. It oversubscribes VPN sessions for the given class.

4. It allows each context to use all available resources.

Correct Answer: A

Question No.97

Which two event can cause a failover event on an active/standby setup? (Choose two)

1. The active unit experiences interface failure above the threshold.

2. The unit that was previously active recovers.

3. The stateful failover link fails.

4. The failover link fails.

5. The active unit fails.

Correct Answer: AE

Question No.98

Which two statements about the MACsec security protocol are true? (Choose two.)

1. When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM.

2. MACsec is not supported in MDA mode.

3. Stations broadcast an MKA heartbeat that contains the key server priority.

4. MKA heartbeats are sent at a default interval of 3 seconds.

5. The SAK is secured by 128 bit AES-GCM by default.

Correct Answer: CE

Question No.99

Which statement about the Cisco AMP Virtual Private Cloud Appliance is true for deployments in air-gap mode?

1. The amp-sync tool syncs the threat-intelligence repository on the appliance directly with the AMP public cloud.

2. The appliance can perform disposition lookup against either the Protect DB or the AMP public cloud.

3. The appliance can perform disposition lookups against the Protect DB without an Internet connection.

4. The appliance evaluates files against the threat intelligence and disposition information residing on the Update Host.

5. The Update Host automatically downloads updates and deploys them to the Protect DB on a daily basis.

Correct Answer: C

Question No.100

What are the major components of a Firepower health monitor alert?

1. The severity level, one or more alert responses, and a remediation policy.

2. A health monitor, one or more alert responses, and a remediation policy.

3. One of more health modules, the severity level, and an alert response.

4. One of more health modules, one or more alert responses, and one or more alert actions.

5. One health modules and one or more alert responses.

Correct Answer: C

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF

Related Posts

• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 111-120
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 121-130
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 131-140
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 81-90
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 101-110
• [Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 51-60