We provide real 400-251 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco 400-251 Exam quickly & easily. The 400-251 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 400-251 dumps pdf and vce product and material, you can easily pass the 400-251 exam.
2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/
Q1. Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?
A. Configure Unicast RPF Loose Mode on R2 and R3 only.
B. Configure Unicast RPF Loose Mode on R1 only.
C. Configure Unicast RPF Strict Mode on R1 only.
D. Configure Unicast RPF Strict Mode on R1,R2 and R3.
E. Configure Unicast RPF Strict Mode on R2 and R3 only.
Answer: E
Q2. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)
A. FPM
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Answer: D,E
Q3. What IOS feature can prevent header attacks by using packet-header information to classify traffic?
A. CAR
B. FPM
C. TOS
D. LLQ
E. TTL
Answer: B
Q4. Which two statements about the anti-replay feature are true? (Choose two)
A. By default, the sender uses a single 1024-packet sliding window
B. By default, the receiver uses a single 64-packet sliding window
C. The sender assigns two unique sequence numbers to each clear-text packet
D. The sender assigns two unique sequence numbers to each encrypted packet
E. the receiver performs a hash of each packet in the window to detect replays
F. The replay error counter is incremented only when a packet is dropped
Answer: B,D
Q5. Which two OSPF network types support the concept of a designated router? (Choose two.)
A. broadcast
B. NBMA
C. point-to-multipoint
D. point-to-multipoint nonbroadcast
E. loopback
Answer: A,B
Q6. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?
A. The finger service
B. A BOOTp server
C. A TCP small server
D. The PAD service
Answer: C
Q7. Which command can you enter on the Cisco ASA to disable SSH?
A. Crypto key generate ecdsa label
B. Crypto key generate rsa usage-keys noconfirm
C. Crypto keys generate rsa general-keys modulus 768
D. Crypto keys generate ecdsa noconfirm
E. Crypto keys zeroize rsa noconfirm
Answer: E
Q8. From what type of server can you to transfer files to ASA’s internal memory ?
A. SSH
B. SFTP
C. Netlogon
D. SMB
Answer: D
Q9. In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource- limited by default when their context is a member of the default class?(choose three).
A. Telnet sessions
B. ASDM sessions
C. IPSec sessions
D. SSH sessions
E. TCP sessions
F. SSL VPN sessions
Answer: A,B,D
Q10. Refer to the exhibit
Flexible NetFlow is failing to export flow records from RouterA to your flow collector. What action can you take to allow the IPv6 flow records to be sent to the colle
A. Set the NetFlow export protocol to v5
B. Configure the output-features command for the IPV4-EXPORTER
C. Add the ipv6 cef command to the configuration
D. Remove the ip cef command from the configuration
E. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor
Answer: D