aiotestking uk

400-251 Exam Questions - Online Test


400-251 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Refer to the exhibit 

which two statement about the given IPV6 ZBF configuration are true? (Choose two)

A. It provides backward compability with legacy IPv6 inspection

B. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.

C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.

D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.

E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.

F. It provide backward compatibility with legacy IPv4 inseption.

Answer: A,B

Q2. What are the three response types for SCEP enrollment requests? (Choose three.)

A. PKCS#7

B. Reject

C. Pending

D. PKCS#10

E. Success

F. Renewal

Answer: B,C,E

Q3. When you are configuring QoS on the Cisco ASA appliance Which four are valid traffic selection criteria? (Choose four)

A. default-inspection-traffic

B. qos-group

C. DSCP

D. VPN group

E. tunnel group

F. IP precedence

Answer: A,C,E,F

Q4. What IOS feature can prevent header attacks by using packet-header information to classify traffic?

A. CAR

B. FPM

C. TOS

D. LLQ

E. TTL

Answer: B

Q5. Which two statements about VPLS and VPWS are true? (Choose two)

A. VPLS Layer 2 VPNs support both full-mesh and hub-and-spoke implementations

B. VPWS only sends the data payload over an MPLS core

C. VPLS is intended for applications that require point-to-point access

D. VPWS supports multicast using a hub-and-spoke architecture

E. VPLS is intended for applications that require multipoint or broadcast access

F. VPWS supports point-to-point integration of Layer 2 and Layer 3 services over an MPLS cloud

Answer: E,F

Q6. When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(Choose two)

A. at the trusted and untrusted interfaces in the inbound direction.

B. at the trusted interface in the inbound direction.

C. at the trusted and untrusted interfaces in the outbound direction.

D. at the untrusted interface in the inbound direction.

E. at the trusted interface in the outbound direction.

F. at the trusted interface in the outbound direction.

Answer: B,F

Q7. What command specifies the peer from which MSDP SA message are accepted?

A. IP msdpsa-filter in <peer>[list<acl>] [route-map <map> ]

B. Ipmsdp default-peer <peer>

C. Ipmsdp mesh-group

D. Ipmsdp originator-id <interface>

Answer: B

Q8. Refer to the exhibit. 

Which effect of this Cisco ASA policy map is true?

A. The Cisco ASA is unable to examine the TLS session.

B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.

C. it prevents a STARTTLS session from being established.

D. The Cisco ASA logs SMTP sessions in clear text.

Answer: B

Q9. Refer to the exhibit. What protocol format is illustrated?

A. GR

B. AH

C. ESP

D. IP

Answer: B

Q10. Which command can you enter to cause the locally-originated Multicast Source Discovery Protocol Source- Active to be prevented from going to specific peers?

A. ip msdp mesh-group mesh-name {<peer-address>|<peer-name>}

B. ip msdp redistribute [list <acl>][asn as-access-list][route-map <map>]

C. ip msdp sa-filter out <peer> [list<acl>] [route-map<map>]

D. ip msdp default-peer {<peer-address> | <peer-name>}[prefix-list<list>]

E. ip msdp sa-filter in <peer> [list<acl>][route-map <map>]

Answer: C