[Free] 2017(Aug) EnsurePass Examcollection Cisco 400-251 Dumps with VCE and PDF 211-220

Ensurepass.com : Ensure you pass the IT Exams
2017 Aug Cisco Official New Released 400-251
100% Free Download! 100% Pass Guaranteed!

CCIE Security Written Exam (v5.0)

Question No: 211 – (Topic 2)

What is the purpose of enabling the IP option selective Drop feature on your network routers?

  1. To protect the internal network from IP spoofing attacks.

  2. To drop IP fragmented packets.

  3. To drop packet with a TTL value of Zero.

  4. To protect the network from DoS attacks.

Answer: D

Question No: 212 – (Topic 2)

What are two action you can take to protect against DDOS attacks on cisco router and switches?(Choose two)

  1. Rate limit SYN packets

  2. Filter the RFC-1918 address space

  3. configuration IP snooping

  4. implement MAC address filtering

  5. Configuration PIM-SM

Answer: A,B

Question No: 213 – (Topic 2)


Refer to the Exhibit. which service or feature must be enabled on produce the given output?

  1. The finger service

  2. A BOOTp server

  3. A TCP small server

  4. The PAD service

Answer: C

Question No: 214 – (Topic 2)


Refer to the exhibit, what Is the effect of the given command sequence?

  1. The router telnet to the on port 2002

  2. The AP console port is shut down.

  3. A session is opened between the router console and the AP.

  4. The router telnet to the router on port 2002.

Answer: C

Question No: 215 – (Topic 2)


-map nbar_rtp

Match protocol rtp payload-type 鈥?,1,4-0x10, 10001b 鈥?10010b,64鈥?/p>

The above NBAR configuration matches RTP traffic with which payload types? A)








  1. Option A

  2. Option B

  3. Option C

  4. Option D Answer: A

Question No: 216 – (Topic 2)

Which VPN technology is based on GDOI (RFC 3547)?

  1. MPLS Layer 3 VPN

  2. MPLS Layer 2 VPN

  3. GET VPN

  4. IPsec VPN

Answer: C

Question No: 217 – (Topic 2)


Refer to the exhibit you have configured two route-map instances on R1 which passes traffic from switch 1 on both VLAN 1 and VLAN 2.You wish to ensure that*the first route- map instance matches packets from VLAN 1 and sets next hop to 3232::2/128.* the second route-map instance matches packets from VLAN 2 and sets the next hop to

3232::3/128 What feature can you implement on R1 to make this configuration possible?

  1. PBR

  2. BGP local-preference

  3. BGP next-hop

  4. VSSP

  5. GLBP

Answer: C

Question No: 218 DRAG DROP – (Topic 2)

Drag each step in the SCEP workflow on the left into the correct order of operations on the right?





Step 1: Obtain and validate CA cert.

Step 2: Generate a certificate signing request for the CA.

Step 3: Sent a request to SCEP server to confirm that the cert was signed. Step 4: Re- enroll the client and replace the existing certificate.

Step 5: Check Certificate revocation list.

Question No: 219 DRAG DROP – (Topic 2)

Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.






Question No: 220 – (Topic 2)

Which of these is a core function of the risk assessment process? (Choose one.)

  1. performing regular network upgrades

  2. performing network optimization

  3. performing network posture validation

  4. establishing network baselines

  5. prioritizing network roll-outs

Answer: C

100% Ensurepass Free Download!
Download Free Demo:400-251 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass 400-251 Dumps
Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply