[Full-Version!]100% Real Exam Questions-Cisco 400-251 (CCIE Security) Exam PDF Dumps 1106Q&As Download[Question66-Question75]

[Full-Version!]100% Real Exam Questions-Cisco 400-251 (CCIE Security) Exam PDF Dumps 1106Q&As Download[Question66-Question75]

greatexam February 13, 2017

2017 CISCO Official News: 350-018 Exam is Replaced by 400-251 Written Exam Now!

2017 New 400-251: CCIE Security Written Exam v5.1 PDF and VCE Dumps Just Released Today by Braindump2go.com!

1.|2017 NEW 400-251 Written Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Written Exam Questions & Answers:
http://www.braindump2go.com/400-251.html

 

QUESTION 66
What are the two most common methods that security auditors use to assess an organization’s security processes? (Choose two)

A.    social engineering attempts
B.    interviews
C.    policy assessment
D.    penetration testing
E.    document review
F.    physical observations

Answer: AE

QUESTION 67
On Which encryption algorithm is CCMP based?

A.    IDEA
B.    BLOWFISH
C.    RCS
D.    3DES
E.    AES

Answer: E

QUESTION 68
By defaults which amount of time does the ASA add to the TTL value of a DNS entry to determine the amount of time a DNS entry is valid?

A.    60 seconds
B.    30 seconds
C.    0 second
D.    180 seconds
E.    120 seconds
F.    100 seconds

Answer: A

QUESTION 69
Drag and Drop Question
Drag and drop the desktop-security terms from the left onto their right definitions on the right.
 
Answer:
 

QUESTION 70
What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?

A.    merge rule tool
B.    policy simplification tool
C.    rule grouping tool
D.    object group tool
E.    combine rule tool

Answer: E

QUESTION 71
Refer to the exhibit. Which statement about the effect of this configuration is true?
 

A.    reply protection is disable
B.    It prevent man-in-the-middle attacks
C.    The replay window size is set to infinity
D.    Out-of-order frames are dropped

Answer: D

QUESTION 72
when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?

A.    0 to 65535
B.    1 to 1024
C.    0 to 4,294,967,295
D.    1 to 65535
E.    1 to 4,294,967,295
F.    0 to 1024

Answer: C

QUESTION 73
What port has IANA assigned to the GDOI protocol?

A.    UDP 4500
B.    UDP 500
C.    UDP 1812
D.    UDP 848

Answer: D

QUESTION 74
Drag and Drop Question
Drag each Cisco TrustSec feature on the left to its description on the right.
 
Answer:
 

QUESTION 75
Which statement is true about SYN cookies?

A.    The state is kept on the server machine TCP stack
B.    A system has to check every incoming ACK against state tables
C.    NO state is kept on the server machine state but is embedded in the initial sequence number
D.    SYN cookies do not help to protect against SYN flood attacks

Answer: C


!!! RECOMMEND!!!

1.|2017 NEW 400-251 Exam Dumps (PDF & VCE) 1106Q&As  Download:
http://www.braindump2go.com/400-251.html

2.|2017 NEW 400-251 Study Guide Video:

https://youtu.be/GSXnXKIh834