Cause all that matters here is passing the Cisco 400-251 exam. Cause all that you need is a high score of 400-251 CCIE Security Written Exam exam. The only one thing you need to do is downloading Actualtests 400-251 exam study guides now. We will not let you down with our money-back guarantee.


2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/

Q1. What functionality is provided by DNSSEC?

A. origin authentication of DNS data

B. data confidentiality of DNS queries and answers

C. access restriction of DNS zone transfers

D. storage of the certificate records in a DNS zone file

Answer: A

Q2. Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?

A. Configure Unicast RPF Loose Mode on R2 and R3 only.

B. Configure Unicast RPF Loose Mode on R1 only.

C. Configure Unicast RPF Strict Mode on R1 only.

D. Configure Unicast RPF Strict Mode on R1,R2 and R3.

E. Configure Unicast RPF Strict Mode on R2 and R3 only.

Answer: E

Q3. Which two statement about the DES algorithm are true?(choose two)

A. It uses a 64-bit key block size and its effective key length is 65 bits

B. It uses a 64-bits key block size and its effective key length is 56 bits

C. It is a stream cripher that can be used with any size input

D. It is more efficient in software implements than hardware implementations.

E. It is vulnerable to differential and linear cryptanalysis

F. It is resistant to square attacks

Answer: B,E

Q4. Which command can you enter to cause the locally-originated Multicast Source Discovery Protocol Source- Active to be prevented from going to specific peers?

A. ip msdp mesh-group mesh-name {<peer-address>|<peer-name>}

B. ip msdp redistribute [list <acl>][asn as-access-list][route-map <map>]

C. ip msdp sa-filter out <peer> [list<acl>] [route-map<map>]

D. ip msdp default-peer {<peer-address> | <peer-name>}[prefix-list<list>]

E. ip msdp sa-filter in <peer> [list<acl>][route-map <map>]

Answer: C

Q5. Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)

A. L2TP-Encryption

B. Web-VPN-ACL-Filters

C. IPsec-Client-Firewall-Filter-Name

D. Authenticated-User-Idle-Timeout

E. IPsec-Default-Domain

F. Authorization-Type

Answer: B,D,E

Q6. Which two statement about MLD version 2 on the ASA are true ? (Choose two)

A. It allows the ASA to function as a multicast router.

B. It enables the ASA to discover multicast address listeners on attached and remote links.

C. It discover other multicast address listeners by listening to multicast listener reports.

D. It enables the ASA to discover multicast address listeners to attached links only.

E. It sends multicast listener reports in response to multicast listener quires.

Answer: D,E

Q7. Refer to the exhibit. What protocol format is illustrated?

A. GR

B. AH

C. ESP

D. IP

Answer: B

Q8. Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)

A. BGP NHT

B. route reflector

C. local preference

D. confederations

E. Virtual peering

Answer: B,D

Q9. Which object table contains information about the clients know to the server in Cisco NHRP MIB

implementaion?

A. NHRP Server NHC Table

B. NHRP Client Statistics Table

C. NHRP Cache Table

D. NHRP Purge Request Table

Answer: A

Q10. Why is the IPv6 type 0 routing header vulnerable to attack?

A. It allows the receiver of a packet to control its flow.

B. It allows the sender to generate multiple NDP requests for each packet.

C. It allows the sender of a packet to control its flow.

D. It allows the sender to generate multiple ARP requests for each packet.

E. It allows the receiver of a packet to modify the source IP address.

Answer: C