[Free] 2019(Nov) EnsurePass Cisco 400-251 Dumps with VCE and PDF 51-60

By | November 3, 2019

Get Full Version of the Exam

Question No.51

In a Cisco ASA multiple-context mode of operation configuration, what three session types are resourcelimited by default when their context is a member of the default class? (Choose three.)

  1. SSL VPN sessions

  2. Telnet sessions

  3. TCP session

  4. IPSec sessions

  5. ASDM sessions

  6. SSH sessions

Correct Answer: BDF

Question No.52

Refer to the exhibit. What are two effects of the given configuration? (Choose two.)


  1. It enables the ASA to download the static botnet filter database.

  2. It enables the ASA to download the dynamic botnet filter database.

  3. It enables botnet filtering in single context mode.

  4. It enables botnet filtering in mutiple context mode.

  5. It enables multiple context mode.

  6. It enables single context mode.

Correct Answer: BD

Question No.53

Which OpenStack project has orchestration capabilities?

  1. Cinder

  2. Horizon

  3. Sahara

  4. Heat

Correct Answer: D

Question No.54

What is the purpose of the BGP TTL security check?

  1. to check for a TTL value in packet header of less than or equal to for successful peering

  2. to protect against routing table corruption

  3. to use for iBGP session

  4. to protect against CPU utilization-based attacks

  5. to authenticate a peer

Correct Answer: D

Question No.55

Refer to the exhibit. A user authenticates to the NAS , which communicates to the TACACS sever for authentication. The TACACS server then accesses the Active Directory Server through the firewall to validate the user credentials. Which protocol-port pair must be allow access through the ASA Firewall?


  1. SMB over TCP 455

  2. DNS over UDP 53

  3. LDAP over UDP 389

  4. global catalog over UDP 3268

  5. TACACS over TCP 49

  6. DNS over TCP 53

Correct Answer: C

Question No.56

Which three of these are properties of RC4? (Choose three.)

  1. It is a block cipher.

  2. It is a stream cipher.

  3. It is used in AES.

  4. It is a symmetric cipher.

  5. It is used in SSL.

  6. It is an asymmetric cipher.

Correct Answer: BDE

Question No.57

Refer to the exhibit. Which effect of this command is true?


  1. The route immediately deletes its current public key from the cache and generates a new one.

  2. The public key of the remote peer is deleted from the router cache.

  3. The CA revokes the public key certificate of the router.

  4. The current public key of the router is deleted from the cache when the router reboots, and the router generates a new one.

  5. The router sends a request to the CA to delete the router certificate from its configuration.

Correct Answer: B

Question No.58

Which two statements about the Cisco AnyConnect VPN Client are true? (Choose two.)

  1. It can use an SSL tunnel and a DTLS tunnel simultaneously.

  2. It enables users to manage their own profiles.

  3. It can be configured to download automatically without prompting the user.

  4. By default, DTLS connections can fall back to TLS.

  5. To improve security, keepalives are disabled by default.

Correct Answer: AC

Question No.59

Which two statements about EVPN are true? (Choose two.)

  1. EVPN route exchange enables PEs to discover one another and elect a DF.

  2. EVPN routes can advertise backbone MAC reachability.

  3. EVLs allow you to map traffic on one or more VLANs or ports to a Bridge Domain.

  4. EVPN routes can advertise VLAN membership and verify the reachability of Ethernet segments.

  5. It is a next-generation Ethernet L2VPN solution that supports load balancing at the individual flow level and provider advanced access redundancy.

  6. It is a next-generation Ethernet L3VPN solution that simplifies control-plane operations and enhances scalability.

Correct Answer: AB

Question No.60

Which three statements about Dynamic ARP inspection on Cisco switches are true? (Choose three)

  1. The trusted database can be manually configured using the CLI

  2. Dynamic ARP inspection is supported only on access ports

  3. Dynamic ARP inspection does no perform ingress security checking

  4. DHCP snooping is used to dynamically build the trusted database

  5. Dynamic ARP inspection checks ARP packets against the trusted database

  6. Dynamic ARP inspection checks ARP packets on trusted and untrusted ports

Correct Answer: ADE

Get Full Version of the Exam
400-251 Dumps
400-251 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.