[Full-Version!]Braindump2go 400-251 (CCIE Security) Exam Questions 1106Q&As Free Offer[Question66-Question75]
2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now! 2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!
1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As Download:
2.|2017 NEW 400-251 Written Exam Questions & Answers:
What are the two most common methods that security auditors use to assess an organization’s security processes? (Choose two)
A. social engineering attempts
C. policy assessment
D. penetration testing
E. document review
F. physical observations
On Which encryption algorithm is CCMP based?
By defaults which amount of time does the ASA add to the TTL value of a DNS entry to determine the amount of time a DNS entry is valid?
A. 60 seconds
B. 30 seconds
C. 0 second
D. 180 seconds
E. 120 seconds
F. 100 seconds
Drag and Drop Question
Drag and drop the desktop-security terms from the left onto their right definitions on the right.
What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?
A. merge rule tool
B. policy simplification tool
C. rule grouping tool
D. object group tool
E. combine rule tool
Refer to the exhibit. Which statement about the effect of this configuration is true?
A. reply protection is disable
B. It prevent man-in-the-middle attacks
C. The replay window size is set to infinity
D. Out-of-order frames are dropped
when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?
A. 0 to 65535
B. 1 to 1024
C. 0 to 4,294,967,295
D. 1 to 65535
E. 1 to 4,294,967,295
F. 0 to 1024
What port has IANA assigned to the GDOI protocol?
A. UDP 4500
B. UDP 500
C. UDP 1812
D. UDP 848
Drag and Drop Question
Drag each Cisco TrustSec feature on the left to its description on the right.
Which statement is true about SYN cookies?
A. The state is kept on the server machine TCP stack
B. A system has to check every incoming ACK against state tables
C. NO state is kept on the server machine state but is embedded in the initial sequence number
D. SYN cookies do not help to protect against SYN flood attacks
1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As Download:
2.|2017 NEW 400-251 Study Guide Video: