A Review Of Realistic 400-251 exam question

Q1. What is the purpose of enabling the IP option selective Drop feature on your network routers?

A. To protect the internal network from IP spoofing attacks.

B. To drop IP fragmented packets.

C. To drop packet with a TTL value of Zero.

D. To protect the network from DoS attacks.

View Answer

Q2. Which Two statement about the PCoIP protocol are true? (Choose two)

A. It support both loss and lossless compression

B. It is a client-rendered, multicast-codec protocol.

C. It is available in both software and hardware.

D. It is a TCP-based protocol.

E. It uses a variety of codec to support different operating system.

View Answer

Q3. Which statement about ICMPv6 filtering is true? 

A)

B)

C)

D)

E)

F)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q4. Refer to the exhibit, which effect of this configuration is true?

A. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes

B. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes

C. The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

D. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

E. The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes

View Answer

Q5. Refer to the exhibit. What IPSec function does the given debug output demonstrate?

A. DH exchange initiation

B. setting SPIs to pass traffic

C. PFS parameter negotiation

D. crypto ACL confirmation

View Answer

Q6. Which two statement about the multicast addresses query message are true?(choose two)

A. They are solicited when a node initialized the multicast process.

B. They are used to discover the multicast group to which listeners on a link are subscribed

C. They are used to discover whether a specified multicast address has listeners

D. They are send unsolicited when a node initializes the multicast process

E. They are usually sent only by a single router on a link

F. They are sent when a node discover a multicast group

View Answer

Q7. IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)

A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.

B. Ikev2 perform TCP intercept on all secure connections

C. IKEv2 only allows symmetric keys for peer authentication

D. IKEv2 interoperates with IKEv1 to increase security in IKEv1

E. IKEv2 only allows certificates for peer authentication

F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie

View Answer

Q8. Which two options are benefits of shortcut Switching Enhancements for NHRP on DMVPN networks? (choose two)

A. Its enables the NHRP FIB lookup process to perform route summarization on the hub.

B. It allows data packets to be fast switched while spoke-to-spoke tunnels are being established.

C. It is most beneficial with partial full-mesh DVMPN setup.

D. It supports layered network topologies with the central hubs and direct spoke-to –spoke tunnels between

spokes on different hubs.

E. It enables spokes to use a summary route to build spoke-to-spoke tunnels.

View Answer

Q9. Refer to the exhibit 

Which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?

A. _65509.?$ 

B. _65503$ 

C. ^65503.* 

D. ^65503$

E. _65503_

F. 65503

View Answer

Q10. Which two statements about role-based access control are true?(Choose two)

A. Server profile administrators have read and write access to all system logs by default.

B. If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.

C. A view is created on the Cisco IOS device to leverage role-based access controls.

D. Network administrators have read and write access to all system logs by default.

E. The user profile on an AAA server is configured with the roles that grant user privileges.

View Answer