The Renew Guide To 400-251 examcollection

Q1. Which feature can you implement to protect against SYN-flooding DoS attacks?

A. the ip verify unicast reverse-path command

B. a null zero route

C. CAR applied to icmp packets

D. TCP Intercept

View Answer

Q2. Which three statements about the Cisco IPS sensor are true? (Choose three.)

A. You cannot pair a VLAN with itself.

B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.

C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can

be a member of an inline VLAN pair on more than one sensing interface.

D. The order in which you specify the VLANs in a inline pair is significant.

E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

View Answer

Q3. DRAG DROP

Drag and drop the desktop-security terms from the left onto their right definitions on the right?

View Answer

Q4. What port has IANA assigned to the GDOI protocol ?

A. UDP 4500

B. UDP 1812

C. UDP 500

D. UDP 848

View Answer

Q5. Which two statements about the anti-replay feature are true? (Choose two)

A. By default, the sender uses a single 1024-packet sliding window

B. By default, the receiver uses a single 64-packet sliding window

C. The sender assigns two unique sequence numbers to each clear-text packet

D. The sender assigns two unique sequence numbers to each encrypted packet

E. the receiver performs a hash of each packet in the window to detect replays

F. The replay error counter is incremented only when a packet is dropped

View Answer

Q6. From what type of server can you to transfer files to ASA’s internal memory ?

A. SSH

B. SFTP

C. Netlogon

D. SMB

View Answer

Q7. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)

A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any

interface FastEthernet0/0

ipv6 traffic-filter Deny_Loose_Source_Routing in

B. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility –type bind-refresh Permit ipv6 any any

Interface FastEthernet/0 Ipv6 tr

Affic-filter Deny_Loose_Source_Routing in

C. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0

Permit ipv6 any any Interface FastEthernet0/0

Ipv6 traffic –filter Deny_Loose_Routing in

D. Ipv6 access –list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing –type 0

Deny ipv6 any any routing –type 0 Permit ipv6 any any

Interface FastEthernet t0/0

Ipv6 traffic –filter Deny_Loose_Source_Routing in

E. Ipv6 access –list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing –type 0 log-input

Sequence 2 permit ipv6 any any flow –label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in

View Answer

Q8. Refer to the exhibit. What type of attack is represented in the given Wireshark packet capture?

A. a SYN flood

B. spoofing

C. a duplicate ACK

D. TCP congestion control

E. a shrew attack

View Answer

Q9. You have discovered unwanted device with MAC address 001c.0f12.badd on port FastEthernet1/1 on

VLAN 4.what command or command sequence can you enter on the switch to prevent the

MAC address from passing traffic on VLAN 4? 

A)

B)

C)

D)

E)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q10. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?

A. Allow only POST requests.

B. Mark all cookies as HTTP only.

C. Use per-session challenge tokens in links within your web application.

D. Always use the "secure" attribute for cookies.

E. Require strong passwords.

View Answer