The Secret of Cisco 400-251 braindumps

Examcollection offers free demo for 400-251 exam. "CCIE Security Written Exam", also known as 400-251 exam, is a Cisco Certification. This set of posts, Passing the Cisco 400-251 exam, will help you answer those questions. The 400-251 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 400-251 exams and revised by experts!

2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/

Q1. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)

A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.

B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.

C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.

D. It disables PMTUD discovery for tunnel interfaces.

E. The DF bit are copied to the GRE IP header.

F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.

Answer: B,E

Q2. Refer to the Exhibit. What is the effect of the given ACL policy ?

A. The policy will deny all IPv6 eBGP session.

B. The policy will disable IPv6 source routing.

C. The policy will deny all IPv6 routing packet.

D. The policy will deny all IPv6 routed packet.

Answer: B

Q3. Refer to the exhibit. Which statement about this debug output is true ?

A. It was generated by a LAN controller when it responded to a join request from an access point

B. It was generated by a LAN controller when it generated a join request to an access point

C. It was generated by an access point when it sent a join reply message to a LAN controller

D. It was generated by an access point when it received a join request message from a LAN controller

Answer: A

Q4. If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?

A. standby

B. active

C. on

D. passive

Answer: B

Q5. Which three statements about the IANA are true? (Choose three.)

A. IANA is a department that is operated by the IETF

B. IANA oversees global IP address allocation.

C. IANA managed the root zone in the DNS.

D. IANA is administered by the ICANN.

E. IANA defines URI schemes for use on the Internet.

Answer: B,C,D

Q6. Which of the following statement is true about the ARP attack?

A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.

B. Attackers sends the ARP request with the MAC address and IP address of its own.

C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.

D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.

Answer: D

Q7. Refer to the exhibit. Which effect of this configuration is true?

A. It enables MLD query messages for all link-local groups.

B. It configures the node to generate a link-local group report when it joins the solicited- node multicast group.

C. It enables hosts to send MLD report messages for groups 224.0.0.0/24.

D. it enables local group membership for MLDv1 and MLDv2.

E. It enables the host to send MLD report messages for nonlink local groups.

Answer: C

Q8. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)

A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any

interface FastEthernet0/0

ipv6 traffic-filter Deny_Loose_Source_Routing in

B. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility –type bind-refresh Permit ipv6 any any

Interface FastEthernet/0 Ipv6 tr

Affic-filter Deny_Loose_Source_Routing in

C. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0

Permit ipv6 any any Interface FastEthernet0/0

Ipv6 traffic –filter Deny_Loose_Routing in

D. Ipv6 access –list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing –type 0

Deny ipv6 any any routing –type 0 Permit ipv6 any any

Interface FastEthernet t0/0

Ipv6 traffic –filter Deny_Loose_Source_Routing in

E. Ipv6 access –list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing –type 0 log-input

Sequence 2 permit ipv6 any any flow –label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in

Answer: C,D

Q9. Which category to protocol mapping for NBAR is correct?

A. Category:internet Protocol:FTP,HTTP,TFTP

B. )Category:Network management Protocol:ICMP,SNMP,SSH,telent

C. Category:network mail services Protocol:mapi,pop3,smtp

D. Category:Enterprise applications Protocal:citrixICA,PCAnywhere,SAP,IMAP

Answer: A

Q10. Which two statement about the IPv6 Hop-by-Hop option extension header (EH. are true?9Choose two)

A. The Hop-by-Hop EH is processed in hardware at the source and the destination devices only.

B. If present, network devices must process the Hop-by-Hop EH first

C. The Hop-by-Hop extension header is processed by the CPU by network devices

D. The Hop-by-Hop EH is processed in hardware by all intermediate network devices

E. The Hop-by-Hop EH is encrypted by the Encapsulating Security Header.

F. If present the Hop-by-Hop EH must follow the Mobility EH.

Answer: B,C

View the entire exam for free: 400-251 Exam Questions List

Related 400-251 posts: