[Free] Download New Latest (November) Cisco 400-201 Actual Tests 281-290

Ensurepass

QUESTION 281

Which of the following IOS features can prevent IP spoofing attacks?

 

A.

Unicast Reverse Path Forwarding (uRPF)

B.

MPLS traffic Engineering

C.

Cisco Express Forwarding

D.

PPP over Ethernet

E.

IS-IS routing

 

Correct Answer: A

 

 

QUESTION 282

When provisioning for Interactive-Video (e.g. video conferencing traffic) which three statements depicts the correct requirements?

 

A.

Loss should be no more than 1 percent.

B.

One-way latency should be no more than 150 ms

C.

Jitter should be no more than 30 ms

D.

Loss should be no more than 3 percent

E.

One-way latency should be no more than 75 ms

F.

Jitter should be no more than 300 ms

 

Correct Answer: ABC

Explanation:

Interactive Video

When provisioning for Interactive Video (IP Videoconferencing) traffic, the following guidelines are recommended:

Interactive Video traffic should be marked to DSCP AF41; excess Interactive-Video traffic can be marked down by a policer to AF42 or AF43.

Loss should be no more than 1 %.

One-way Latency should be no more than 150 ms.

Jitter should be no more than 30 ms.

Overprovision Interactive Video queues by 20% to accommodate bursts.

Because IP Videoconferencing (IP/VC) includes a G.711 audio codec for voice, it has the same loss, delay, and delay variation requirements as voice, but the traffic patterns of videoconferencing are radically different from voice.

 

 

QUESTION 283

Which of the following IOS commands can detect whether the SQL slammer virus propagates in your networks?

 

A.

access-list 110 permit any any udp eq 69 log

B.

access-list 100 permit any any udp eq 1434 log

C.

access-list 110 permit any any udp eq 69

D.

access-list 100 permit any any udp eq 1434

 

Correct Answer: B

 

 

QUESTION 284

How many messages does Internet Key Exchange (IKE) use to negotiate SA characteristics when running in main mode?

 

A.

3 messages

B.

6 messages

C.

4 messages

D.

2 messages

E.

5 messages

 

Correct Answer: B

Explanation:

3.1.1 Main Mode

The Main Mode is an exchange in the first phase of IKE/ISAKMP (The ISAKMP Identity Protection Exchange) the first two messages are used for negotiating the security policy for the exchange. The next two messages are used for the Diffie-Hellman keying material exchange. The last two messages are used for authenticating the peers with signatures or hashes and optional certificates. Last two authentication messages are encrypted with the previously negotiated key and the identities of the parties are protected from eavesdroppers.

 

 

QUESTION 285

Which three statements about NetFlow are true? (Choose three)

 

A.

NetFlow records unidirectional IP traffic flow.

B.

NetFlow records MPLS frame flow.

C.

NetFlow export is only over TCP.

D.

NetFlow records is only over UDP.

E.

NetFlow records subinterface information of traffic flow.

 

Correct Answer: ABE

 

 

 

 

QUESTION 286

What are two uRPF working modes? (Choose two.)

 

A.

express mode

B.

safe mode

C.

loose mode

D.

strict mode

E.

tight mode

 

Correct Answer: CD

 

 

QUESTION 287

What is a limitation of implementing uRPF?

 

A.

Domain name must be defined.

B.

MPLS LDP must be enabled.

C.

BGP routing protocol must be running.

D.

Symmetrical routing is required.

E.

Named access-lists must be configured.

 

Correct Answer: D

 

 

QUESTION 288

Which three of these statements about the IP service level agreement (SLA) sender are true? (Choose three)

 

A.

SLA sender target can be an IP host

B.

SLA sender sends a probe packet and a response probe packet

C.

SLA sender sends a probe packet

D.

SLA sender target must be a router

E.

SLA sender target can be an IP SLA responder

 

Correct Answer: ACE

 

 

QUESTION 289

What is the port number of the IPsec Authentication Header packet?

 

A.

IP protocol 50

B.

TCP port 51

C.

UDP port 50

D.

IP protocol 51

E.

UDP port 51

F.

TCP port 50

 

Correct Answer: D

Explanation:

6.2. Managed Security services traversing the core

AH operates directly on top of IP, using IP protocol number 51.

ESP operates directly on top of IP, using IP protocol number 50.

 

QUESTION 290

Which of the following descriptions about IP spoofing is correct?

 

A.

IP destination address is forged

B.

IP source address is forged

C.

IP TCP destination port is forged

D.

None of above

E.

IP TCP source port is forged

 

Correct Answer: B

Explanation:

1.13. Security in core

 

Free VCE & PDF File for Cisco 400-201 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Tags: