Exam Code: 400-251 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Security Written Exam
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 400-251 Exam.


2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/

Q1. Which of the following statement is true about the ARP attack?

A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.

B. Attackers sends the ARP request with the MAC address and IP address of its own.

C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.

D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.

Answer: D

Q2. What are two protocols that HTTP can use to secure sessions? (Choose two)

A. HTTPS

B. AES

C. TLS

D. AH

E. SSL

Answer: A,E

Q3. Refer to the exhibit 

What is the configuration design to prevent?

A. Man in the Middle Attacks

B. Dynamic payload inspection

C. Backdoor control channels for infected hosts

D. DNS Inspection

Answer: D

Q4. Which two statements about NAT-PT with IPv6 are true?(choose twp)

A. It can be configured as dynamic, static, or PAT.

B. It provides end-to-end security.

C. It supports IPv6 BVI configurations.

D. It provides support for Cisco Express Forwarding.

E. It provides ALG support for ICMP and DNS.

F. The router can be a single point of failure on the network.

Answer: A,E

Q5. In which class of applications security threads does HTTP header manipulation reside?

A. Session management

B. Parameter manipulation

C. Software tampering

D. Exception managements

Answer: A

Q6. Which command can you enter on the Cisco ASA to disable SSH?

A. Crypto key generate ecdsa label

B. Crypto key generate rsa usage-keys noconfirm

C. Crypto keys generate rsa general-keys modulus 768

D. Crypto keys generate ecdsa noconfirm

E. Crypto keys zeroize rsa noconfirm

Answer: E

Q7. Which VPN technology is based on GDOI (RFC 3547)?

A. MPLS Layer 3 VPN

B. MPLS Layer 2 VPN

C. GET VPN

D. IPsec VPN

Answer: C

Q8. Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?

A. The signature belongs to the IOS IPS Basic category.

B. The signature belongs to the IOS IPS Advanced category.

C. There is insufficient memory to compile the signature.

D. The signature is retired.

E. Additional signature must be complied during the compiling process.

Answer: C

Q9. DRAG DROP

Drag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right.

Answer:

Explanation:

A-4,B-3,C-1,D-2,E-5,F-7,G-6

Q10. Which option describes the purpose of the RADIUS VAP-ID attribute?

A. It specifies the ACL ID to be matched against the client

B. It specifies the WLAN ID of the wireless LAN to which the client belongs

C. It sets the minimum bandwidth for the connection

D. It sets the maximum bandwidth for the connection

E. It specifies the priority of the client

F. It identifies the VLAN interface to which the client will be associated

Answer: B