Our pass rate is high to 98.9% and the similarity percentage between our 400-251 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco 400-251 exam in just one try? I am currently studying for the Cisco 400-251 exam. Latest Cisco 400-251 Test exam practice questions and answers, Try Cisco 400-251 Brain Dumps First.
2026 New 400-251 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-251/
Q1. MWhich three are RFC 5735 addresses? (Choose three.)
A. 171.10.0.0/24
B. 0.0.0.0/8
C. 203.0.113.0/24
D. 192.80.90.0/24
E. 172.16.0.0/12
F. 198.50.100.0/24
Answer: B,C,E
Q2. Which three options are methods of load-balancing data in an ASA cluster environment?(Choose three)
A. HSRP
B. spanned EtherChannel
C. distance-vector routing
D. PBR
E. floating static routes
F. ECMP
Answer: B,D,F
Q3. The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA, What command can you use to block all current and future connections from the infected host?
A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4
B. shun 10.10.10.4 168.65.201.120 6000 80
C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120
D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4
E. shun 168.65.201.120 10.10.10.4 6000 80
Answer: C
Q4. Which configuration is the correct way to change VPN key Encryption key lifetime to 10800 seconds on the key server?
A)
B)
C)
D)
E)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Q5. Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)
A. BGP NHT
B. route reflector
C. local preference
D. confederations
E. Virtual peering
Answer: B,D
Q6. Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
A. L2TP-Encryption
B. Web-VPN-ACL-Filters
C. IPsec-Client-Firewall-Filter-Name
D. Authenticated-User-Idle-Timeout
E. IPsec-Default-Domain
F. Authorization-Type
Answer: B,D,E
Q7. IANA is responsible for which three IP resources? (Choose three.)
A. IP address allocation
B. Detection of spoofed address
C. Criminal prosecution of hackers
D. Autonomous system number allocation
E. Root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q8. Which two statement about MLD version 2 on the ASA are true ? (Choose two)
A. It allows the ASA to function as a multicast router.
B. It enables the ASA to discover multicast address listeners on attached and remote links.
C. It discover other multicast address listeners by listening to multicast listener reports.
D. It enables the ASA to discover multicast address listeners to attached links only.
E. It sends multicast listener reports in response to multicast listener quires.
Answer: D,E
Q9. What are three ways you can enforce a BCP38 policy on an internet edge policy?(choose three)
A. Avoid RFC1918 internet addressing.
B. Implement Cisco Express Forwarding.
C. Implement Unicast RPF.
D. Apply ingress filters for RFC1918 addresses.
E. Apply ingress ACL filters for BOGON routes.
F. Implement source NAT.
Answer: B,C,E
Q10. DRAG DROP
Drag each IP transmission and fragmentation term on the left to the matching statement on the right?
Answer:
Explanation: DF bit: A value in the IP header that indicates whether packet fragmentation is permitted.
Fragment offset: A value in the IP packet that indicates the location of a fragment in the datagram.
MF bit: Indicates that this is last packet with the biggest offset.
MSS: The amount of data that the receiving host can accept in each TCP segment. MTU: A value representing the maximum acceptable length of a packet to be transmitted over a link. PMTUD: A technology used to prevent fragmentation as data travels between two end points.
Tunnel: A logical interface allows packet to be encapsulated inside a passenger protocol for transmission across a
different carrier protocol.