Act now and download your Cisco 400-251 test today! Do not waste time for the worthless Cisco 400-251 tutorials. Download Refresh Cisco CCIE Security Written Exam exam with real questions and answers and begin to learn Cisco 400-251 with a classic professional.


2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/

Q1. Which three statements about the RSA algorithm are true? (Choose three.)

A. The RSA algorithm provides encryption but not authentication.

B. The RSA algorithm provides authentication but not encryption.

C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.

D. The private key is never sent across after it is generated.

E. The public key is used to decrypt the message that was encrypted by the private key.

F. The private key is used to decrypt the message that was encrypted by the public key.

Answer: C,D,F

Q2. Which of the following best describes Chain of Evidence in the context of security forensics?

A. Evidence is locked down, but not necessarily authenticated.

B. Evidence is controlled and accounted for to maintain its authenticity and integrity.

C. The general whereabouts of evidence is known.

D. Someone knows where the evidence is and can say who had it if it is not logged.

Answer: B

Q3. Refer to the exhibit 

What is the configuration design to prevent?

A. Man in the Middle Attacks

B. Dynamic payload inspection

C. Backdoor control channels for infected hosts

D. DNS Inspection

Answer: D

Q4. Refer to the exhibit. What is the effect of the given configuration?

A. It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.

B. It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to

3600 milliseconds.

C. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.

D. It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.

E. It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.

Answer: E

Q5. In ISO 27002, access control code of practice for information Security Management servers which of the following objective?

A. Implement protocol control of user, network and application access

B. Optimize the audit process

C. Prevent the physical damage of the resources

D. Educating employees on security requirements and issues

Answer: A

Q6. Which two statements about CoPP are true? (Choose two)

A. When a deny rule in an access list is used for MQC is matched, classification continues on the next class

B. It allows all traffic to be rate limited and discarded

C. Access lists that are used with MQC policies for CoPP should omit the log and log-input keywords

D. The mls qos command disables hardware acceleration so that CoPP handles all QoS

E. Access lists that use the log keyword can provide information about the device’s CPU

usage

F. The policy-map command defines the traffic class

Answer: A,C

Q7. Refer to the exhibit. 

Which two effect of this configuration are true ? (Choose two)

A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.

B. The Cisco ASA use the cisco directory as the starting point for the user search.

C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.

D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.

E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.

F. The admin user is authenticated against the members of the security.cisco.com group.

Answer: C,F

Q8. Which two statements about IPsec in a NAT-enabled environment are true? (Choose two)

A. The hashes of each peer’s IP address and port number are compared to determine whether NAT-T is required

B. NAT-T is not supported when IPsec Phase 1 is set to Aggressive Mode

C. The first two messages of IPsec Phase 2 are used to determine whether the remote host supports

NAT-T

D. NAT-T is not supported when IPsec Phase 1 is set to Main Mode

E. IPsec packets are encapsulated in UDP 500 or UDP 10000 packets

F. To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers

Answer: A,D

Q9. What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)

A. IMAP

B. RDP

C. MME

D. ICQ

E. POP3

F. IKE

Answer: A,D,E

Q10. What are two characteristics of RPL, used in loT environments? (Choose two)

A. It is an Exterior Gateway Protocol

B. It is a Interior Gateway Protocol

C. It is a hybrid protocol

D. It is link-state protocol

E. It is a distance-vector protocol

Answer: B,E