400-251, 8/12/2019

guyc2010

海外，88X 分过的，考试时故意错了几个题。参考了坛子里多个版本 （alomar，lining7， romantictriv等），在这里一并感谢。 感觉Alomar的124Q是最好的，因为有截图。Romantictriv的125Q VCE适合考前练习，没有截图，不便于记忆。
: a7 Y8 {, _3 k! a  w3 E# x针对124Q的一些答案，我有自己的看法，在这里列出来，供后来者参考。记得是参考！！
Q2，Which criteria does ASA use for packet classificaton if multiple contexts share an ingrss interface MAC address?
4 Q0 @) w$ P. d' CF, ASA NAT configuration

7 l$ C$ W$ E% q: c0 t5 N+ V' kQ18, SenderBase reputation scoring?
D, You can configure a custom score threshold for whitelisting messages

" m- d* k# v# N/ OQ19. Router(config)# cts sxp reconsiliation period 180
B, If a peer reconects to the device within 120 seconds of terminating..
& K1 \  V+ \! n6 b/ _; B# N/ j% LC. If a peer re-establiehes a conneciton to the device before hold-down timer expires....
/ K, l& |- t4 t1 ?5 `
# X8 L5 d' q# HQ27. which statement about securing conneciton using MACsee is true?
这个比较纠结，答案F it provides network layer encryption on a wired network 显然是错的，应该是MAC layer的加密
) x, x) N: d. m9 T) t貌似可能的答案：
C. a switch use session keys to calculate encrypted packet ICV value..问题是，交换机是先decrypt packet之后再计算的ICV value
6 W: x$ Q/ ^' Z  N' oD. switch configured for MACSec can accept MACSec frame from the MACSec client. 考前我觉得应该是这个，因为A device that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy associated with the client.但考试的时候答案稍微不同，多了一个字：switch configured for MACSec can ＯNLY accept MACSec frame from the MACSec client.

+ O8 L- _7 d9 j" ?+ RQ41 which statement about Remote Triggerd Black Hoel
E. it drops malicious traffic at the customer edge router by forwading it to a Null0 interface
D显然是错的，因为RTBH可以基于source （RFC5635）或destination （RFC3883）做

Q42 which statement about Cisco VSG functionality
$ R5 a! ^" {/ }2 B# @E. it provides trusted access to VMs in an enterprise data center 其实这个答案也不太对，但别的的答案都是明显错，比如
4 P% L2 b7 r1 F, q; |! Y, ZA it allows..security administrator to author and manage port profile - 应该是network administrato才能管理port profile，所以不对
0 X% i/ L% u% ~  R
Q52 which 3 similarities between container and virtual machines?
: H/ G: r9 r1 J7 O4 B& s0 UA. prviate space for processing, E. private network address F. allow custom routes 这是来自freecodecampe网站的一段原话

; f# D6 o, }" K% I5 X) |Q58 in order to enable CA featue using SCEP, which 3 confguration steps
, P( k! {+ [; B! P7 _B. set an authoritative clock source E. enable ip http server F. issue no shut under the crypto ski CCO上的参考配置

Q74 which security capablility cn best prevent zero-day malware and attacks?
% J. V8 s" |0 h1 i  gB. threat intelligent. 不太可能是A. IPS 因为这里针对的是zero-day的malware
8 K) \$ {/ X6 E0 w# J4 ^
Q90 configuring URL Redirect for Cisco ISE posture validation, you need to create redirect ACL's on switch and WLC, you will
B. Permit traffic to ISE on the switch ACL and deny traffic to ISE in the WLC ACL. 这个应该是实现redirect的标准做法，其它都不对
4 m* v/ }5 H9 I4 a% W/ [
Q99 which of the following statement aobut CisocTrustSec is incorect
A. SXP is required for SGT propogation SGT propogation还有另外一种方式 （硬件支持）

Q109 which statement correctly describe how DMVPN can be used to provide nework segmentation
B DVMPN can be used to transport MPLS packets inside of an mGRC tunnel
$ f! B: v' ]/ f+ ^
; ~( U+ U; V3 K* S6 ?5 O& B再次强调，这个是我个人的判断，仅供参考。祝考试顺利。
1 u3 D7 {0 l) y4 w

8 z# y* f. L0 v! E5 e3 N- I
* X% Q* @$ z5 {$ r6 a5 r) M, m

Bubbly

你好，请问Q124和Q125 VCE以哪个的答案为准？我发现Q124和Q125 VCE里有一些答案不一样

Ritchiiieee

请问Romantictriv的125Q VCE在哪里可以找到，楼主大大可以给个链接么，谢谢

lvjun

lvjun

Ritchiiieee 发表于 2019-12-9 11:13
! E/ l' o. \+ o: w! f; D. d请问Romantictriv的125Q VCE在哪里可以找到，楼主大大可以给个链接么，谢谢

https://bbs.hh010.com/forum.php? ... amp;_dsign=c60a300c

kimura813

Thanks

jamesscooby

CONGRATULATIONS!!!

baiyu3270

Lapot16

Congratulation !!
9 C) \  _# a* D2 ~Thanks for sharing!

ywainam0412

belulh0477

感谢 LZ 分享总结