[Free] 2017(Aug) EnsurePass Examcollection Cisco 400-251 Dumps with VCE and PDF 131-140

Ensurepass.com : Ensure you pass the IT Exams
2017 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 131 – (Topic 2)

According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?

  1. Allow only POST requests.

  2. Mark all cookies as HTTP only.

  3. Use per-session challenge tokens in links within your web application.

  4. Always use the quot;securequot; attribute for cookies.

  5. Require strong passwords.

Answer: C

Question No: 132 DRAG DROP – (Topic 2)

Drag each Management Frame Protection feature on the Left to the function it performs on the right?




Explanation: Client MFP: Enables access points to drop spoofed management frames. Event reporting: Enables the WLC to aggregate anomaly reports.

Infrastructure Frame validation: Enables and disables MFP protection and validation on selective basis.

Management frame protection: Enables an access point to report management frames with invalid MICs to the WLC.

Management frame validation: Enables an access point to verify that management frame from other access points include a valid MIC IE from the sending access point’s BSSID.

Question No: 133 – (Topic 2)

Which two statements about the DH group are true? (Choose two.)

  1. The DH group is used to provide data authentication.

  2. The DH group is negotiated in IPsec phase-1.

  3. The DH group is used to provide data confidentiality.

  4. The DH group is used to establish a shared key over an unsecured medium.

  5. The DH group is negotiated in IPsec phase-2.

Answer: B,D

Question No: 134 – (Topic 2)

A server with Ip address is protected behind the inside of a cisco ASA or PIX security appliance and the internet on the outside interface .User on the internet need to access the server at any time but the firewall

administrator does not want to apply NAT to the address of the server because it is currently a public address which three of the following command can be used to accomplish this? (Choose three)

A. static (inside,outside) netmask;

B. nat (inside) 1

C. no nat-control

D. nat (inside) 0 209.16S.202.150

E. static (outside.insid) netmask

F. access-tist no-nat permit ip host any nat (inside) 0 access-list no-nat

Answer: A,D,F

Question No: 135 – (Topic 2)

Which category to protocol mapping for NBAR is correct?

  1. Category:internet Protocol:FTP,HTTP,TFTP

  2. )Category:Network management Protocol:ICMP,SNMP,SSH,telent

  3. Category:network mail services Protocol:mapi,pop3,smtp

  4. Category:Enterprise applications Protocal:citrixICA,PCAnywhere,SAP,IMAP

Answer: A

Question No: 136 – (Topic 2)

Refer to the exhibit.


Routers R1, R2, and R3 have IPv6 reachability, and R1 and R3 are able to ping each other with the IPv6 global unicast address. However, R1 and R3 are unable to ping each other with their

link-local addresses. What is a possible reason for the problem?

  1. Link-local addresses can communicate with neighboring interfaces.

  2. Link-local addresses are forwarded by IPv6 routers using loopback interfaces.

  3. Link-local addresses can be used only with a physical interface#39;s local network.

  4. Multicast must be enabled to allow link-local addresses to traverse multiple hops.

Answer: C

Question No: 137 – (Topic 2)

The computer at on your network has been infected by a botnet that directs traffic to a malware site at Assuming that filtering will be performed on a Cisco ASA, What command can you use to block all current and future connections from the infected host?

A. ip access-list extended BLOCK_BOT_OUT deny ip any host

B. shun 6000 80

  1. ip access-list extended BLOCK_BOT_OUT deny ip host host

  2. ip access-list extended BLOCK_BOT_OUT deny ip host host

E. shun 6000 80

Answer: C

Question No: 138 – (Topic 2)


Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)

  1. It is an inbound policy.

  2. It will allow to connect to on an IMAP port.

  3. It will allow to connect to on an RDP port.

  4. It will allow to connect to on an RDP port.

  5. It will allow to connect to on a VNC port.

  6. It is an outbound policy.

Answer: A,C

Question No: 139 – (Topic 2)

Which two u.s government entities are authorized to execute and enforce the penalties for violations of the

Sarbanes-oxley(SOX)act?(choose two)

  1. Federal trade commission (FTC.

  2. internal Revenue service (IRS)

  3. Office of Civil Rights (OCR)

  4. federal reserve board

  5. Securities and exchange commission (SEC.

  6. United states Citizenship and immigration services (USCIS)

Answer: D,E

Question No: 140 – (Topic 2)

Which two statements about role-based access control are true?(Choose two)

  1. Server profile administrators have read and write access to all system logs by default.

  2. If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.

  3. A view is created on the Cisco IOS device to leverage role-based access controls.

  4. Network administrators have read and write access to all system logs by default.

  5. The user profile on an AAA server is configured with the roles that grant user privileges.

Answer: D,E

100% Ensurepass Free Download!
Download Free Demo:400-251 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass 400-251 Dumps
Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply