All About 100% Correct 400-251 exam question

Q1. Which two statements about ICMP redirect messages are true? (choose two)

A. By default, configuring HSRP on the interface disables ICMP redirect functionality.

B. They are generated when a packet enters and exits the same router interface.

C. The messages contain an ICMP Type 3 and ICMP code 7.

D. They are generated by the host to inform the router of an alternate route to the destination.

E. Redirects are only punted to the CPU if the packets are also source-routed.

View Answer

Q2. Refer the exhibit. 

Which of the following is the correct output of the above executed command? 

A)

B)

C)

D)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q3. How can the tail drop algorithem support traffic when the queue is filled?

A. It drop older packet with a size of 64 byts or more until queue has more traffic

B. It drop older packet with a size of less than 64 byts until queue has more traffic

C. It drops all new packets until the queue has room for more traffic

D. It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic.

View Answer

Q4. Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.

B. It defines a wide variety of authorization actions, including "reauthenticate."

C. It defines the format for a Change of Authorization packet.

D. It defines a DM.

E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

View Answer

Q5. IANA is responsible for which three IP resources? (Choose three.)

A. IP address allocation

B. Detection of spoofed address

C. Criminal prosecution of hackers

D. Autonomous system number allocation

E. Root zone management in DNS

F. BGP protocol vulnerabilities

View Answer

Q6. Which two statements about SGT Exchange Protocol are true? (Choose two)

A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform

SGT tagging at Layer 2 to devices that support it

B. SXP runs on UDP port 64999

C. A connection is established between a “listener” and a “speaker”

D. SXP is only supported across two hops

E. SXPv2 introduces connection security via TLS

View Answer

Q7. What protocol is responsible for issuing certificates?

A. SCEP

B. DTLS

C. ESP

D. AH

E. GET

View Answer

Q8. Refer to the exhibit. 

After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?

A. R2 received a packet with an incorrect area form the loopback1 interface

B. OSPFv3 area authentication is missing

C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface

D. The SPI and the authentication key are unencrypted

E. The SPI value and the key are the same on both R1 and R2

View Answer

Q9. DRAG DROP

Drag each MACsec term on the left to the right matching statement on the right?

View Answer

Q10. Which of the following two statements apply to EAP-FAST? (Choose two.)

A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.

B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.

C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).

D. EAP-FAST is a client/client security architecture.

View Answer