Which two statements about SCEP are true? (Choose two)
A. CA servers must support GetCACaps response messages in order to implement extended functionality
B. The GetCRL exchange is signed and encrypted only in the response direction.
C. It is vulnerable to downgrade attacks on its cryptographic capabilities
D. The GetCert exchange is signed and encrypted only in the response direction.
E. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm.
Answer: A,C
Question No : 2
Which two events can cause a failover event on an active/standby setup? (Choose two.)
A. The active unit experiences interface failure above the threshold.
B. The unit that was previously active recovers.
C. The stateful failover link fails.
D. The failover link fails.
E. The active unit fails
Answer: A,E
Get
Valid 400-125 Exam Study Material - Cisco 400-125 Braindumps Dumps4Download
Which two statements about the MACsec security protocol are true? (Choose two.)
A. Stations broadcast an MKA heartbeat that contains the key server priority
B. The SAK is secured by 128 bit AES-GCM by default
C. When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM
D. MACsec is not supported in MDA mode.
E. MKA heartbeats are sent at a default interval of 3 seconds.
Answer: A,B
Question No : 4
Which two options are benefits of network summarization? (Choose two.)
A. It can summarize discontiguous IP addresses.
B. It can easily be added to existing networks
C. it can increase the convergence of the network
D. It reduces the number of routes
E. It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable.
Answer: D,E
Verified
Cisco 400-125 Exam Questions - 400-125 Dumps PDF Dumps4Download
Question No : 5
Refer to the exhibit. Which meaning of this error message on a Cisco ASA is true?
A. The route map redistribution is configured incorrectly.
B. The default route is undefined.
C. A packet was denied and dropped by an ACL.
D. The host is connected directly to the firewall
Answer: B
Question No : 6
Which two statements about uRPF are true? (Choose two.)
A. The administrator can configure the allow-default command to force the routing table to use only the default route
B. It is not supported on the Cisco ASA security appliance.
C. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work routing groups.
D. The administrator can use the show cef interface command to determine whether uRPF is enabled
E. In strict mode, only one routing path can be available to reach network devices on a subnet
Answer: D,E
Download
400-125 Exam Dumps - Cisco 400-125 Dumps Questions Dumps4Download
Question No : 7
Which type of header attack is detected by Cisco ASA basic threat detection?
A. connection limit exceeded
B. denial by access list
C. failed application inspection
D. bad packet format
Answer: D
Question No : 8
Refer to the exhibit. A user authenticates to the NAS, which communicates to the VACACS+server authentication. The TACACS+ SERVER Then accesses the Active Directory Server through the ASA firewall to validate the user credentials.Which protocol-port pair must be allowed access through the ASA firewall?
A. SMB over TCP 455
B. DNS over UDP 53
C. LDAP over UDP 389
D. global catalog over UDP 3268
E. TACACS+ over TCP 49
F. DNS over TCP 53
Answer: C
Free
Cisco 400-251 Questions Answers - 400-251 Exam Dumps PDF Dumps4Download
Question No : 9
Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: B,C
Question No : 10
Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
A. L2TP-Encryption
B. Web-VPN-ACL-Filters
C. IPsec-Client-Firewall-Filter-Name
D. Authenticated-User-Idle-Timeout
E. IPsec-Default-Domain
F. Authorization-Type
Answer: B,D,E
