Our pass rate is high to 98.9% and the similarity percentage between our 400-251 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco 400-251 exam in just one try? I am currently studying for the Cisco 400-251 exam. Latest Cisco 400-251 Test exam practice questions and answers, Try Cisco 400-251 Brain Dumps First.
2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/
Q1. Which two statements about global ACLs are true? (Choose two)
A. They support an implicit deny
B. They are applied globally instead of being replicated on each interface
C. They override individual interface access rules
D. They require an explicit deny
E. They can filer different packet types than extended ACLs
F. They require class-map configuration
Answer: A,B
Q2. Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?
A. extKeyUsage
B. nameConstrainsts
C. id-pe-ipAddrBlocks
D. Id-pe-autonomousSysldsE. Ia-ad-calssuers
E. keyUsage
Answer: B
Q3. Which two statements about DTLS are true?(Choose two)
A. It uses two simultaneous IPSec tunnels to carry traffic.
B. If DPD is enabled, DTLS can fall back to a TLS connection.
C. Because it requires two tunnels, it may experience more latency issues than SSL connections.
D. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
E. It is disabled by default if you enable SSL VPN on the interface.
Answer: B,C
Q4. What protocol does IPv6 Router Advertisement use for its messages?
A. TCP
B. ICMPv6
C. ARP
D. UDP
Answer: B
Q5. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
A. Network translation mode
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Answer: B
Q6. Refer to the exhibit.
Which effect of this Cisco ASA policy map is true?
A. The Cisco ASA is unable to examine the TLS session.
B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.
C. it prevents a STARTTLS session from being established.
D. The Cisco ASA logs SMTP sessions in clear text.
Answer: B
Q7. What port has IANA assigned to the GDOI protocol?
A. UDP 4500
B. UDP 500
C. UDP 1812
D. UDP 848
Answer: D
Q8. In ISO 27002, access control code of practice for information Security Management servers which of the following objective?
A. Implement protocol control of user, network and application access
B. Optimize the audit process
C. Prevent the physical damage of the resources
D. Educating employees on security requirements and issues
Answer: A
Q9. Which two statements about the ISO are true? (Choose two)
A. The ISO is a government-based organization.
B. The ISO has three membership categories: member, correspondent, and subscribers.
C. Only member bodies have voting rights.
D. Correspondent bodies are small countries with their own standards organization.
E. Subscriber members are individual organizations.
Answer: B,C
Q10. Refer to the exhibit.
A. Modify the tunnel keys to match on the hub and spoke
B. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
C. Modify the NHRP hold times to match on the hub and spoke
D. Modify the NHRP network IDs to match on the hub and spoke
Answer: A