Shortcuts To 400-251(91 to 100)

Your success in Cisco 400-251 is our sole target and we develop all our 400-251 braindumps in a way that facilitates the attainment of this target. Not only is our 400-251 study material the best you can find, it is also the most detailed and the most updated. 400-251 Practice Exams for Cisco CCIE Security 400-251 are written to the highest standards of technical accuracy.


Free VCE & PDF File for Cisco 400-251 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:

Q91. What are the two IPSec modes? (Choose two)

A. Aggressive


C. Transport


E. Main

F. Tunnel

Answer: C,F

Q92. Which option describes the purpose of the RADIUS VAP-ID attribute?

A. It specifies the ACL ID to be matched against the client

B. It specifies the WLAN ID of the wireless LAN to which the client belongs

C. It sets the minimum bandwidth for the connection

D. It sets the maximum bandwidth for the connection

E. It specifies the priority of the client

F. It identifies the VLAN interface to which the client will be associated

Answer: B

Q93. Refer to the exhibit, which effect of this configuration is true?

A. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes

B. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes

C. The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

D. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

E. The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

Answer: D

Q94. If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?

A. standby

B. active

C. on

D. passive

Answer: B

Q95. Which object table contains information about the clients know to the server in Cisco NHRP MIB


A. NHRP Cache Table

B. NHRP Client Statistics Table

C. NHRP Purge Request Table

D. NHRP Server NHC Table

Answer: D

Q96. Which two statement about DTLS are true ? (choose two)

A. Unlike TLS,DTLS support VPN connection with ASA.

B. It is more secure that TLS.

C. When DPD is enabled DTLS connection can automatically fall back to TLS.

D. It overcomes the latency and bandwidth problem that can with SSL.

E. IT come reduce packet delays and improve application performance.

F. It support SSL VPNs without requiring an SSL tunnel.

Answer: C,D

Q97. Which two statements about SGT Exchange Protocol are true? (Choose two)

A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform

SGT tagging at Layer 2 to devices that support it

B. SXP runs on UDP port 64999

C. A connection is established between a “listener” and a “speaker”

D. SXP is only supported across two hops

E. SXPv2 introduces connection security via TLS

Answer: A,C

Q98. What functionality is provided by DNSSEC?

A. origin authentication of DNS data

B. data confidentiality of DNS queries and answers

C. access restriction of DNS zone transfers

D. storage of the certificate records in a DNS zone file

Answer: A

Q99. when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?

A. 0 to 65535

B. 1 to 1024

C. 0 to 4,294,967,295

D. 1 to 65535

E. 1 to 4,294,967,295

F. 0 to 1024

Answer: C

Q100. Which feature can you implement to protect against SYN-flooding DoS attacks?

A. the ip verify unicast reverse-path command

B. a null zero route

C. CAR applied to icmp packets

D. TCP Intercept

Answer: B