Exam Code: 400-251 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Security Written Exam
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 400-251 Exam.
2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/
Q1. According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Answer: A,B,C,D
Q2. Which two statement about MSDP ate true? (Choose three)
A. It can connect to PIM-SM and PIM-DM domains
B. It announces multicast sources from a group
C. The DR sends source data to the rendezvous point only at the time the source becomes active
D. It can connect only to PIM-DM domains
E. It registers multicast sources with the rendezvous point of a domain
F. It allows domains to discover multicast sources in the same or different domains.
Answer: B,E,F
Q3. when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?
A. 0 to 65535
B. 1 to 1024
C. 0 to 4,294,967,295
D. 1 to 65535
E. 1 to 4,294,967,295
F. 0 to 1024
Answer: C
Q4. DRAG DROP
Drag each MACsec term on the left to the right matching statement on the right?
Answer:
Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange
SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco
Q5. What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?
A. merge rule tool
B. policy simplification tool
C. rule grouping tool
D. object group tool
E. combine rule tool
Answer: E
Q6. When you are configuring QoS on the Cisco ASA appliance Which four are valid traffic selection criteria? (Choose four)
A. default-inspection-traffic
B. qos-group
C. DSCP
D. VPN group
E. tunnel group
F. IP precedence
Answer: A,C,E,F
Q7. Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)
A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.
B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.
C. Infrastructure ACLs are used to block-permit the transit traffic.
D. Infrastructure ACLs only protect device physical management interface.
Answer: B,D
Q8. DRAG DROP
Drag each IPsec term on the left to the definition on the right?
Answer:
Explanation: AH: Provides integrity service only for IP packets ESP: Provides integrity and encryption services for IP packets
SA: The relationship between two peers that determine which algo and keys the peers use to communicate securely
SADB: A container that stores the policy requirements for a security ass to be esta SPD: A container for the parameters of each active security asso
SPI: An identification tag that is added to the packet header of traffic intended to be tunneled
Q9. Which two statements about RFC 2827 are true? (Choose two.)
A. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.
B. A corresponding practice is documented by the IEFT in BCP 38.
C. RFC 2827 defines ingress packet filtering for the multihomed network.
D. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.
E. A corresponding practice is documented by the IEFT in BCP 84.
Answer: B,D
Q10. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?
A. Authentication
B. Passthrough
C. Conditional Web Redirect
D. Splash Page Web Redirect
E. On MAC Filter Failure
Answer: E