Valid 400-251 Dumps shared by EduDump.com for Helping Passing 400-251 Exam! EduDump.com now offer the newest 400-251 exam dumps, the EduDump.com 400-251 exam questions have been updated and answers have been corrected get the newest EduDump.com 400-251 dumps with Test Engine here:
Access 400-251 Dumps Premium Version
(125 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 47/133
Which best practice can limit inbound TTL expiry attacks?
Correct Answer: C
Explanation/Reference:
Explanation:
Security controls should filter packets with low TTL values to protect an enterprise network from TTL expiry attacks. In practice, filtering packets whereby TTL value is less than the value that is needed to traverse the longest path across the network will completely mitigate this attack vector. For example, if the width of a network is six routed hops, an enterprise should filter packets that enter the network with TTL values of six and below.
Reference:http://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.html
Explanation:
Security controls should filter packets with low TTL values to protect an enterprise network from TTL expiry attacks. In practice, filtering packets whereby TTL value is less than the value that is needed to traverse the longest path across the network will completely mitigate this attack vector. For example, if the width of a network is six routed hops, an enterprise should filter packets that enter the network with TTL values of six and below.
Reference:http://www.cisco.com/c/en/us/about/security-center/ttl-expiry-attack.html
- Question List (133q)
- Question 1: Which two options are important considerations when you use ...
- Question 2: From the list below, which one is the major benefit of AMP T...
- Question 3: Which of these command sequences will send an email to holly...
- Question 4: Which effect of the ip nhrp map multicast dynamic command is...
- Question 5: Which three ISAKMP SA Message States can be output from the ...
- Question 6: Which two options are benefits of global ACLs? (Choose two.)...
- Question 7: (Exhibit) Refer to the exhibit. What are two effects of the ...
- Question 8: Which three statements about SCEP are true? (Choose three.)...
- Question 9: View the Exhibit. monitor session 1 source interface gigabit...
- Question 10: Which two design options are best to reduce security concern...
- Question 11: View the Exhibit. (Exhibit) Refer to the exhibit. What is th...
- Question 12: Which two options are normal functionalities for ICMP? (Choo...
- Question 13: What are three features that are enabled by generating Chang...
- Question 14: Which two statements about ICMP redirect messages are true? ...
- Question 15: Which two statements about NetFlow Secure Event Logging on a...
- Question 16: What are the three scanning engines that the Cisco IronPort ...
- Question 17: Which three Cisco attributes for LDAP authorization are supp...
- Question 18: (Exhibit) Refer to the exhibit. Which two effects of this co...
- Question 19: Which three statements about RLDP are true? (Choose three.)...
- Question 20: Which three EAP protocols are supported in WPA and WPA2? (Ch...
- Question 21: Which three types of addresses can the Botnet Traffic Filter...
- Question 22: Which three authorization technologies does Cisco TrustSec s...
- Question 23: Which two options are benefits of the Cisco ASA Identity Fir...
- Question 24: A new computer is not getting its IPv6 address assigned by t...
- Question 25: Which three ESMTP extensions are supported by the Cisco ASA?...
- Question 26: Which command on Cisco ASA you can enter to send debug messa...
- Question 27: In which two situations is web authentication appropriate? (...
- Question 28: Which three statements about WCCP are true? (Choose three.)...
- Question 29: View the Exhibit. (Exhibit) Refer to the exhibit. You applie...
- Question 30: Which encryption type is used by ESA for implementing the Em...
- Question 31: View the Exhibit. (Exhibit) Refer to the exhibit. What are t...
- Question 32: Which three statements about 802.1x multiauthentication mode...
- Question 33: When TCP Intercept is enabled in its default mode, how does ...
- Question 34: What IOS feature can prevent header attacks by using packet-...
- Question 35: Which two options are unicast address types for IPv6 address...
- Question 36: View the Exhibit. (Exhibit) Refer to the exhibit. Which data...
- Question 37: Which two events can cause a failover event on an active/sta...
- Question 38: Which type of attack uses a large number of spoofed MAC addr...
- Question 39: View the Exhibit. (Exhibit) Refer to the exhibit. Which effe...
- Question 40: Which three statements about the keying methods used by MACS...
- Question 41: In which type of multicast does the Cisco ASA forward IGMP m...
- Question 42: Which file extensions are supported on the Firesight Managem...
- Question 43: Which two statements about Cisco ASA authentication using LD...
- Question 44: In OpenStack, which two statements about the NOVA component ...
- Question 45: Which of the following is AMP Endpoints office engine for wi...
- Question 46: View the Exhibit. (Exhibit) Refer to the exhibit. Which effe...
- Question 47: Which best practice can limit inbound TTL expiry attacks?...
- Question 48: In a Cisco ASA multiple-context mode of operation configurat...
- Question 49: Which are two important guidelines to follow when implementi...
- Question 50: Which command is used to enable 802.1x authorization on an i...
- Question 51: Which effect of the crypto pki authenticate command is true?...
- Question 52: (Exhibit) Refer to the exhibit. Which two statements about t...
- Question 53: Which statement about MDM with the Cisco ISE is true?...
- Question 54: Which two statements about the TTL value in an IPv4 header a...
- Question 55: View the Exhibit. (Exhibit) Refer to the exhibit. After you ...
- Question 56: Which three transports have been defined for SNMPv3? (Choose...
- Question 57: Which two statements about SCEP are true? (Choose two.)...
- Question 58: AMP for Endpoints is supported on which of these platforms?...
- Question 59: Which three statements about SXP are true? (Choose three.)...
- Question 60: Which option is a data modeling language used to model confi...
- Question 61: View the Exhibit. (Exhibit) Refer to the exhibit. Which effe...
- Question 62: Which option best describes RPL?...
- Question 63: Which OpenStack project has orchestration capabilities?...
- Question 64: View the Exhibit. (Exhibit) Refer to the exhibit. Which two ...
- Question 65: Which Cisco ISE profiler service probe can collect informati...
- Question 66: View the Exhibit. %ASA-6-110001: No route to <desr_addres...
- Question 67: What is the purpose of the BGP TTL security check?...
- Question 68: Which three statements about VRF-Aware Cisco Firewall are tr...
- Question 69: Within Platform as a Service, which two components are manag...
- Question 70: View the Exhibit. (Exhibit) Refer to the exhibit. Which thre...
- Question 71: View the Exhibit. (Exhibit) Refer to the exhibit. Which leve...
- Question 72: When applying MD5 route authentication on routers running RI...
- Question 73: Which two statements about MAB are true? (Choose two.)...
- Question 74: Which two options are benefits of network summarization? (Ch...
- Question 75: DRAG DROP Drag and drop the protocols on the left onto their...
- Question 76: Which effect of the crypto key encrypt write rsa command on ...
- Question 77: Which two statements about EVPN are true? (Choose two.)...
- Question 78: (Exhibit) Refer to the exhibit. What feature must be impleme...
- Question 79: What are the two most common methods that security auditors ...
- Question 80: View the Exhibit. (Exhibit) Refer to the exhibit. A user aut...
- Question 81: Which two statements about SPAN sessions are true? (Choose t...
- Question 82: Which two characteristics of DTLS are true? (Choose two.)...
- Question 83: DRAG DROP Drag each component of an Adaptive Wireless IPS de...
- Question 84: Which connection mechanism does the eSTREAMER service use to...
- Question 85: View the Exhibit. Switch-A (config)# cgmp leave-processing R...
- Question 86: What are two of the valid IPv6 extension headers? (Choose tw...
- Question 87: Which three messages are part of the SSL protocol? (Choose t...
- Question 88: Which three statements about PKI on Cisco IOS Software are t...
- Question 89: View the Exhibit. (Exhibit) Refer to the exhibit. For which ...
- Question 90: Which two statements about Cisco VSG are true? (Choose two.)...
- Question 91: (Exhibit) Refer to the exhibit. Which two statements about a...
- Question 92: You are considering using RSPAN to capture traffic between s...
- Question 93: What ate the two different modes in which Private AMP cloud ...
- Question 94: Which two statements about Botnet Traffic Filter snooping ar...
- Question 95: Which two statements about the MACsec security protocol are ...
- Question 96: Which three VSA attributes are present in a RADIUS WLAN Acce...
- Question 97: Witch two statements about ping flood attacks are true? (Cho...
- Question 98: Which two statements about Cisco AMP for Web Security are tr...
- Question 99: Which two statements about a wireless access point configure...
- Question 100: Which type of header attack is detected by Cisco ASA basic t...
- Question 101: Which three statements about Cisco AnyConnect SSL VPN with t...
- Question 102: Which statement about VRF-aware GDOI group members is true?...
- Question 103: Which two statements about 6to4 tunneling are true? (Choose ...
- Question 104: A server with IP address 209.165.202.150 is protected behind...
- Question 105: Which description of SaaS is true?...
- Question 106: (Exhibit) Refer to the exhibit. Which effect of this command...
- Question 107: Which two commands would enable secure logging on a Cisco AS...
- Question 108: (Exhibit) Refer to the exhibit. What is the effect of the gi...
- Question 109: Which three commands can you use to configure VXLAN on a Cis...
- Question 110: If an ASA device is configured as a remote access IPsec serv...
- Question 111: Which two statements about role-based access control are tru...
- Question 112: What are the major components of a Firepower health monitor ...
- Question 113: Which two statements about 802.1X components are true? (Choo...
- Question 114: Which statement about the Cisco AMP Virtual Private Cloud Ap...
- Question 115: Which two statements about Cisco AnyConnect VPN Client are t...
- Question 116: What are three technologies that can be used to trace the so...
- Question 117: View the Exhibit. class-map match-any unknown match protocol...
- Question 118: Which two statements about the SeND protocol are true? (Choo...
- Question 119: Which two statements about MPP (Management Plane Protection)...
- Question 120: How does Scavenger-class QoS mitigate DoS and worm attacks?...
- Question 121: A client computer at 10.10.7.4 is trying to access a Linux s...
- Question 122: Which statement about managing Cisco ISE Guest Services is t...
- Question 123: View the Exhibit. (Exhibit) Refer to the exhibit. Which two ...
- Question 124: Which three of these are properties of RC4? (Choose three.)...
- Question 125: (Exhibit) Refer to the exhibit. Which effect of this configu...
- Question 126: What are two features that help to mitigate man-in-the-middl...
- Question 127: View the Exhibit. (Exhibit) Refer to the exhibit. Which two ...
- Question 128: Which two statements about NVGRE are true? (Choose two.)...
- Question 129: Which statement regarding the routing functions of the Cisco...
- Question 130: Which statement about deploying policies with the Firepower ...
- Question 131: Which WEP configuration can be exploited by a weak IV attack...
- Question 132: Which four task items need to be performed for an effective ...
- Question 133: View the Exhibit. (Exhibit) Refer to the exhibit Which effec...
