Jump to content
shshank

400-251 CCIE Security written discussion..

Recommended Posts

Dears

Kindly share with me the valid dump and if Adib,Spoto,Crazyfox are still valid kindly share valid link with me urgently please >>>>

Share this post


Link to post
Share on other sites

Is there any chance to get the same questions of the first attempt of the written exam again on the second attempt ?

Share this post


Link to post
Share on other sites

Yes, I have. ... When is your exam date?

FEb 12th.. and Lab on April 22.so how can you share me the Simulator ? Thanks in advance my friend

Share this post


Link to post
Share on other sites

Yes, I have. ... When is your exam date?

FEb 12th.. and Lab on April 22.so how can you share me the Simulator ? Thanks in advance my friend

Share this post


Link to post
Share on other sites

i got the VCE from this forum only.. its a great hearted people around . so if someone who has a exam simulator please do the same for others who share thier Exam dumps.. looking forward to it . as my exam is on feb 12th....

Share this post


Link to post
Share on other sites

I passed today , Adib,Spoto,Crazyfox are still valid.

 

Kindly provide us with this dumps urgently please

Share this post


Link to post
Share on other sites

passed exam today. got 86X marks. i used only crazyfox only and used following answers

QUESTION NO. 2

Which criteria does ASA use for packet classification if multiple contexts share an ingress interface MAC address?

A. ASA ingress interface IP address

B. policy-based routing on ASA

C. destination IP address

D. destination MAC address

E. ASA ingress interface MAC address

F. ASA NAT configuration

G. ASA egress interface IP address

 

Correct Answer : F

Original Answer: E

should be F,

if the question says that they share an interface then E is correct, since they share the MAC, F is correct

 

QUESTION NO. 18

Which statement about SenderBase reputation scoring on an ESA device is true?

A. Application traffic from known bad sites can be throttled or blocked

B. By defaults all messages with a score below zero are dropped or throttled

C. Mail with scores in the medium range can be automatically routed for antimalware scanning

D. You can configure a custom score threshold for whitelisting messages

E. A high score indicates that a message is very likely to be spam

F. Sender reputation scores can be assigned to domains, IP addresses, and MAC addresses

 

Correct Answer : D

Original Answer: A

 

 

QUESTION NO. 19

Router (config) # cts sxp reconciliation period 180

Refer to the exhibit, Which two statements about a device with this configuration are true? (Choose two)

A. When a peer re-establishes a previous connection to the device. CTS retains all existing SGT mapping entries for 3 minutes

B. If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts

C. If a peer re-establishes a connection to the device before the hold-down timer expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes

D. It sets the internal hold-down timer of the device to 3 minutes

E. When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes

F. If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the

reconciliation timer starts

 

Correct Answer. B,C

Original Answer. C,F

Hidden Content

    Give reaction to this post to see the hidden content.

After a peer terminates an SXP connection, an internal hold-down timer starts (120 sec) default statement.If the peer reconnects before the internal hold-down timer expires, the SXP reconciliation period timer starts. (180sec) 3 min which is configured

 

QUESTION NO. 27

Which statement about securing connection using MACsec is true?

A. The ISAKMP protocol is used to manage MACSec encryption keys

B. It is implemented after a successful MAB authentication of supplicant

C. The Switch uses session keys to calculate encrypted packet ICV value for the frame integrity check

D. A Switch configured for MACSec can accept MACSec frames from the MACSec client

E. It secures connection between two supplicant clients

F. It provides network layer encryption on a wired network

 

Correct Answer. C

Original Answer. F

When the switch receives frames from the client, it decrypts them and calculates the correct ICV by using session keys provided by MKA.

Hidden Content

    Give reaction to this post to see the hidden content.

MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices. The Catalyst 4500 series switch supports 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the switch and host devices.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION NO. 41

Which statement about Remote Triggered Black Hole Filtering feature is true?

A. It works in conjunction with QoS to drop the traffic that has a lower priority

B. The Null0 interface used for filtering able to receive the traffic but never forwards it

C. IN RTBH filtering, the trigger device redistributes dynamic routes of the eBGP peers

D. It helps mitigate DDOS attack based only on destination address

E. It drops malicious traffic at the customer edge router by forwarding it to a Null0 interface

F. In RTBH filtering, the trigger device is always an ISP edge router

 

Correct Answer. E

Original Answer. D

RTBH filtering provides a method for quickly dropping undesirable traffic at the edge of the network, based on either source addresses or destination addresses by forwarding it to a null0 interface. Null0 is a pseudointerface that is always up and can never forward or receive traffic. Forwarding packets to null0 is a common way to filter packets to a specific destination.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION NO. 58

In order to enable the Certificate Authority (CA) server feature using Simple Certificate Enrolment Protocol (SCEP) on an IOS devices which three of the following configuration steps are required? (Choose three.)

A. Enable auto-rollover for the pki Server

B. Set an authoritative clock source on the device

C. Set the hostname of the device

D. Generate a self-signed certificate

E. Enable ip http server on the device

F. Issue no shut under the crypto pki server command

 

Correct Answer. A, E, F

Original Answer. A,B,E

Simple Certificate Enrollment Protocol (SCEP), which is a protocol used for enrollment and other Public Key Infrastructure (PKI) operations.

 

 

QUESTION NO. 60

Which of the following IOS IPsec transform-set configuration provides both encryption and integrity protection?

A. esp-sha512-hmac

B. esp-sha256-hmac

C. esp-gcm 128

D. esp-gmac 128

E. esp-aes 256

 

Correct Answer. C

Original Answer. E

Hidden Content

    Give reaction to this post to see the hidden content.

Suite-B-GCM-128-Provides ESP integrity protection, confidentiality, and IPsec encryption algorithms that use the 128-bit AES using Galois and Counter Mode (AES-GCM) described in RFC 4106. This suite should be used when ESP integrity protection and encryption are both needed.

 

 

QUESTION No. 62

A customer has configured a single Policy Set to authenticate and authorize MAB and 802.1x requests on Cisco ISE. The 802.1x authorization rules are on the top of the list and check Active Directory group membership for a match. The MAB results are at the bottom of the list and check local Identity Groups for a match. When a MAB request comes to ISE

A. ISE will drop the request because 802.1x and MAB rules are not allowed in the same Policy Set

B. ISE will not try to find Active Directory group membership based on the 802.1x request

C. ISE will ignore the 802.1x authorization rules on the top

D. ISE will never match the MAB authorization rules at the bottom

E. ISE will try to find the Active Directory group membership based on the MAB request

 

Correct Answer. C

Original Answer. E

 

 

QUESTION NO. 63

What one policy element is mandatory to create a Posture Requirement in ISE?

A. Posture Condition

B. Posture Remediation Action

C. Posture Policy

D. Authorization Profile

 

Correct Answer. A

Original Answer. C

 

 

 

 

QUESTION NO. 74

Which security capability can best prevent zero-day malware and attacks?

A. Intrusion Prevention System

B. Threat Intelligence

C. Identity and Access Management

D. Anti Virus

E. stateful firewall

Correct Answer. B

Original Answer. A

Many persons support B. But threat intelligence can’t prevent Zero day attach, as IPS has this feature to prevent Zero-day attack

 

 

 

QUESTION NO. 84

Which two of the following statements about GETVPN are correct? (Choose two)

A. GETVPN Key Servers uses the stateful HSRP protocol to provide redundancy

B. A GETVPN Key Server can use either IKEv1 or IKEv2 protocol to authenticate Group Members

C. GETVPN uses transport mode IPsec encapsulation

D. GETVPN does not provide a tunnel overlay

E. GETVPN requires multicast enabled Group Members for group SA rekey

Correct Answer. B,D

Original Answer. D,E

 

 

 

QUESTION NO. 93

ISE is configured to use MsCHAPv2 inner method for PEAP authentication of users. What set of credentials needs to be exchanged between ISE and the client for successful establishment of the PEAP tunnel and subsequent authentication?

A. Username and Password from ISE and the client

B. Identify certificate from ISE, Machine Identify certificate from the client and username and Password of the user

C. Identify Certificate from ISE and user Identity certificate from the client

D. Identify certificate from ISE and Username and password of the user from the client

Correct Answer. D

Original Answer. B

 

 

 

 

QUESTION NO. 109

Which of the following statements correctly describe how DMVPN can be used to provide network

segmentation over public transport networks?

A. The DMVPN hub and spokes must use the same VRF for a given DMVPN cloud

B. DMVPN can be used to transport MPLS packets inside of an mGRE tunnel

C. The front door VRF for DMVPN is defined under the isakmp profile

D. The tunnel vrf command under the tunnel interface is used to associate clear text data packets with a VRF

E. The vrf forwarding command under the tunnel interface is used to associate encrypted packets with a VRF

Correct Answer. A

Original Answer.

  • Like 1
  • Thanks 2

Share this post


Link to post
Share on other sites

I passed yesterday. score was 88X and cutline 825, crazyfox's dump vaild.

all questions from dump. but dump answers are not fully correct. so score was 88X .

thanks for all sharer!!!

Edited by net2hack

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...