This page was exported from Collection of Latest Microsoft Exam Questions and Hot Exam Dumps [ ] Export date:Thu Nov 15 0:52:06 2018 / +0000 GMT ___________________________________________________ Title: [Full-Version!]Braindump2go 400-251 (CCIE Security) Exam Dump Free Instant Download[Question16-Question25] --------------------------------------------------- 2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now! 2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by! 1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download: 2.|2017 NEW 400-251 Written Exam Questions & Answers:   QUESTION 16Which three statements about the keying methods used by MAC Sec are true (Choose Three) A.    MKA is implemented as an EAPoL packet exchangeB.    SAP is enabled by default for Cisco TrustSec in manual configuration mode.C.    SAP is supported on SPAN destination portsD.    Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKAE.    SAP is not supported on switch SVIs .F.    A valid mode for SAP is NULL Answer: ABF QUESTION 17Which two statements about Cisco ASA authentication using LDAP are true? (Choose two) A.    It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attributeB.    It uses AD attribute maps to assign users to group policies configured under the WebVPN contextC.    The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policiesD.    It can assign a group policy to a user based on access credentialsE.    It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASAF.    It is a closed standard that manages directory-information services over distributed networks Answer: AB QUESTION 18Drag and Drop QuestionDrag each IPS signature engine on the left to its description on the right. Answer:   QUESTION 19With this configuration you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails Registration will continue to fail until you do which of these?  A.    Modify the NHRP network IDs to match on the hub and spoke.B.    configure the ip nhrp caches non-authoritative command on the hub's tunnel interface.C.    modify the tunnel keys to match on the hub and spoke.D.    modify the NHRP hold time to match on the hub and spoke. Answer: C QUESTION 20Which three statements are true regarding Security Group Tags? (Choose three.) A.    When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.B.    When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.C.    Security Group Tags are a supported network authorization result using Cisco ACS 5.x.D.    Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication.E.    A Security Group Tag is a variable length string that is returned as an authorization result. Answer: ACD QUESTION 21Refer to the exhibit which two statement about the given IPV6 ZBF configuration are true? (Choose two)  A.    It provides backward compability with legacy IPv6 inspectionB.    It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.C.    It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.D.    It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.E.    It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.F.    It provide backward compatibility with legacy IPv4 inseption. Answer: AB QUESTION 22In which class of applications security threads does HTTP header manipulation reside? A.    Session managementB.    Parameter manipulationC.    Software tamperingD.    Exception managements Answer: A QUESTION 23What is the most commonly used technology to establish an encrypted HTTP connection? A.    the HTTP/1.1 Upgrade headerB.    the HTTP/1.0 Upgrade headerC.    Secure Hypertext Transfer ProtocolD.    HTTPS Answer: D QUESTION 24What functionality is provided by DNSSEC? A.    origin authentication of DNS dataB.    data confidentiality of DNS queries and answersC.    access restriction of DNS zone transfersD.    storage of the certificate records in a DNS zone file Answer: A QUESTION 25What are the two mechanism that are used to authenticate OSPFv3 packets?(Choose two) A.    MD5B.    ESPC.    PLAIN TEXTD.    AHE.    SHA Answer: BD !!! RECOMMEND!!! 1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download: 2.|2017 NEW 400-251 Study Guide Video: YouTube Video: --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-02-10 09:37:46 Post date GMT: 2017-02-10 09:37:46 Post modified date: 2017-02-10 09:37:46 Post modified date GMT: 2017-02-10 09:37:46 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from