We provide real 400-251 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco 400-251 Exam quickly & easily. The 400-251 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 400-251 dumps pdf and vce product and material, you can easily pass the 400-251 exam.
2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/
Q1. All of these Cisco security products provide event correlation capabilities excepts which one?
A. Cisco Security MARS
B. Cisco Guard/Detector
C. Cisco ASA adaptive security appliance
D. Cisco IPS
E. Cisco Security Agent.
Answer: C
Q2. What is the purpose of the vulnerability risk method for assessing risk?
A. It directs the actions an organization can take in response to a reported vulnerability
B. It evaluates the effectiveness and appropriateness of an organization’s current risk management activities
C. It directs the actions an organization can take to ensure perimeter security
D. It prevents and protects against security vulnerabilities in an organization
E. It establishes a security team to perform forensic examinations of known attacks
Answer: C
Q3. Which three IP resources is the IANA responsible? (Choose three.)
A. IP address allocation
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q4. What IOS feature can prevent header attacks by using packet-header information to classify traffic?
A. CAR
B. FPM
C. TOS
D. LLQ
E. TTL
Answer: B
Q5. Refer to the exhibit, which configuration prevents R2 from become a PIM neighbor with R1?
A. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 1
B. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ipigmp access-group 10
C. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0 Ippimneighbour-filter 10
D. Access-list 10 permit 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 10
Answer: D
Q6. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)
A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.
B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.
C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.
D. It disables PMTUD discovery for tunnel interfaces.
E. The DF bit are copied to the GRE IP header.
F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.
Answer: B,E
Q7. How can the tail drop algorithem support traffic when the queue is filled?
A. It drop older packet with a size of 64 byts or more until queue has more traffic
B. It drop older packet with a size of less than 64 byts until queue has more traffic
C. It drops all new packets until the queue has room for more traffic
D. It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic.
Answer: C
Q8. DRAG DROP
Drag and drop ESP header field on the left to the appropriate field length on the right
Answer:
Q9. DRAG DROP
Drag and drop each step in the SCEP process on the left into the correct order of operations on the right.
Answer:
Explanation:
A:5,B:4,C:2,D:3,E:1,F:6.
Q10. Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)
A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.
B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.
C. Infrastructure ACLs are used to block-permit the transit traffic.
D. Infrastructure ACLs only protect device physical management interface.
Answer: B,D