What Actual 400-251 exam question Is?

Cause all that matters here is passing the Cisco 400-251 exam. Cause all that you need is a high score of 400-251 CCIE Security Written Exam exam. The only one thing you need to do is downloading Ucertify 400-251 exam study guides now. We will not let you down with our money-back guarantee.

2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/

Q1. Refer to the exhibit.

Which two effect of this configuration are true ? (Choose two)

A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.

B. The Cisco ASA use the cisco directory as the starting point for the user search.

C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.

D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.

E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.

F. The admin user is authenticated against the members of the security.cisco.com group.

Answer: C,F

Q2. Which description of a virtual private cloud is true?

A. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation

B. An on-demand configurable pool of shared data resources allocated within a private cloud environment,

which provides assigned DMZ zones

C. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation

D. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation

Answer: D

Q3. Which of the following best describes Chain of Evidence in the context of security forensics?

A. Evidence is locked down, but not necessarily authenticated.

B. Evidence is controlled and accounted for to maintain its authenticity and integrity.

C. The general whereabouts of evidence is known.

D. Someone knows where the evidence is and can say who had it if it is not logged.

Answer: B

Q4. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol Unreachable

B. Destination Unreachable-port Unreachable

C. Time Exceeded-Time to Live exceeded in Transit

D. Redirect-Redirect Datagram for the Host

E. Time Exceeded-Fragment Reassembly Time Exceeded

F. Redirect-Redirect Datagram for the Type of service and Host

Answer: B,C

Q5. What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?

A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater

B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets

C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes

D. It configures the interface to fragment packets on connections with MTUs of 1024 or less

E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes

Answer: E

Q6. On Which encryption algorithm is CCMP based?

A. IDEA

B. BLOWFISH

C. RCS

D. 3DES

E. AES

Answer: E

Q7. Which command sequence can you enter to enable IP multicast for WCCPv2?

A. Router(config)#ip wccp web-cache service-list Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache group-listen

B. Router(config)#ip wccp web-cache group-list Router(config)#interface FastEthernet0/0 Router(config)#ip wccp web-cache group-listen

C. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache redirect in

D. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache group-listen

E. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)#interface FastEthernet0/0

Router(config)#ip wccp web-cache redirect out

Answer: D

Q8. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?

A. The finger service

B. A BOOTp server

C. A TCP small server

D. The PAD service

Answer: C

Q9. when you configure an ASA with RADIUS authentication and authorization, which attribute is used to differentiate user roles?

A. login-ip-host

B. cisco-priv-level

C. service-type

D. termination-action

E. tunnel-type

Answer: C

Q10. Which three statements about the keying methods used by MAC Sec are true (Choose Three)

A. MKA is implemented as an EAPoL packet exchange

B. SAP is enabled by default for Cisco TrustSec in manual configuration mode.

C. SAP is supported on SPAN destination ports

D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA

E. SAP is not supported on switch SVIs .

F. A valid mode for SAP is NULL

Answer: A,B,F

View the entire exam for free: 400-251 Exam Questions List

Related 400-251 posts: