[Full-Version!]Instant Cisco 400-251 (CCIE Security) Exam Questions and Answers Free Download in Braindump2go[Question26-Question35]

2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now!

2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!

1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Written Exam Questions & Answers:
http://www.braindump2go.com/400-251.html

 

QUESTION 26
You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB
(B) Allocate interfaces G0/0 and G0/1 to contextA
(C) Allocate interfaces G0/0 and G0/2 to contextB
(D) The physical interface name for G0/1 within contextA should be “inside”.
(E) All other context interfaces must be viewable via their physical interface names.
If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

A.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
B.    context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/2 visible
C.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible
allocate-interface GigabitEthernet0/2 invisible
D.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/2
E.    context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible
allocate-interface GigabitEthernet0/1 inside
context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible
allocate-interface GigabitEthernet0/2 visible

Answer: A

QUESTION 27
Which statement about the cisco anyconnect web security module is true ?

A.    It is VPN client software that works over the SSl protocol.
B.    It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.
C.    It operates as an NAC agent when it is configured with the Anyconnect VPN client.
D.    It is deployed on endpoints to route HTTP traffic to SCANsafe

Answer: D

QUESTION 28
Which two statements about the SeND protocol are true? (Choose two)

A.    It uses IPsec as a baseline mechanism
B.    It supports an autoconfiguration mechanism
C.    It must be enabled before you can configure IPv6 addresses
D.    It supports numerous custom neighbor discovery messages
E.    It counters neighbor discovery threats
F.    It logs IPv6-related threats to an external log server

Answer: BE

QUESTION 29
Drag and Drop Question
Drag each attack type on the left to the matching attack category on the right.
 
Answer:
 

QUESTION 30
Refer to the exhibit. You executed the show crypto key mypubkey rsa command to verify that the RSA key is protected and it generated the given output.
What command must you have entered to protect the key?
 

A.    crypto key decrypt rsa name pki.cisco.com passphrase CiscoPKI
B.    crypto key zeroize rsa CiscoPKI
C.    crypto key export ras pki.cisco.com pem url flash: 3des CiscoPKI
D.    crypto key lock rsa name pki.cisco.com passphrase CiscoPKI
E.    crypto key import rsa pki.cisco.com pem url nvram: CiscoPKI

Answer: D

QUESTION 31
Refer to the exhibit. What is the effect of the given command sequence?
 

A.    The HTTP server and client will negotiate the cipher suite encryption parameters.
B.    The server will accept secure HTTP connections from clients with signed security certificates.
C.    The client profile will match the authorization profile defined in the AAA server.
D.    The clients are added to the cipher suite’s profile.
E.    The server will accept secure HTTP connections form clients defined in the AAA server.

Answer: B

QUESTION 32
In ISO 27002, access control code of practice for information Security Management servers which of the following objective?

A.    Implement protocol control of user, network and application access
B.    Optimize the audit process
C.    Prevent the physical damage of the resources
D.    Educating employees on security requirements and issues

Answer: A

QUESTION 33
Which two options are differences between a automation and orchestration? (Choose two)

A.    Automation is an IT workflow composed of tasks, and orchestration is a technical task.
B.    Orchestration is focused on multiple technologies to be integrated together.
C.    Orchestration is focused on an end-to-end process or workflow
D.    Automation is to be used to replace human intervention.
E.    Automation is focused on automating a single or multiple tasks.

Answer: BC

QUESTION 34
What is the first step in performing a risk assessment?

A.    Identifying critical services and network vulnerabilities and determining the potential impact of their compromise or failure.
B.    Investigating reports of data theft or security breaches and assigning responsibility.
C.    Terminating any employee believed to be responsible for compromising security.
D.    Evaluating the effectiveness and appropriateness of the organization’s current risk-management activities.
E.    Establishing a security team to perform forensic examinations of previous known attacks.

Answer: A

QUESTION 35
Which description of a virtual private cloud is true?

A.    An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation
B.    An on-demand configurable pool of shared data resources allocated within a private cloud environment, which provides assigned DMZ zones
C.    An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation
D.    An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation

Answer: D


!!! RECOMMEND!!!

1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Study Guide Video:

https://youtu.be/GSXnXKIh834

         

Comments are closed.