Our pass rate is high to 98.9% and the similarity percentage between our 400-251 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco 400-251 exam in just one try? I am currently studying for the Cisco 400-251 exam. Latest Cisco 400-251 Test exam practice questions and answers, Try Cisco 400-251 Brain Dumps First.

Q11. Why is the IPv6 type 0 routing header vulnerable to attack?

A. It allows the receiver of a packet to control its flow.

B. It allows the sender to generate multiple NDP requests for each packet.

C. It allows the sender of a packet to control its flow.

D. It allows the sender to generate multiple ARP requests for each packet.

E. It allows the receiver of a packet to modify the source IP address.

Answer: C


Q12. Which two statement about router Advertisement message are true? (Choose two)

A. Local link prefixes are shared automatically.

B. Each prefix included in the advertisement carries lifetime information f Or that prefix.

C. Massage are sent to the miscast address FF02::1

D. It support a configurable number of retransmission attempts for neighbor solicitation massage.

E. Flag setting are shared in the massage and retransmitted on the link.

F. Router solicitation massage are sent in response to router advertisement massage

Answer: A,F


Q13. Which two statements about the ISO are true? (Choose two)

A. The ISO is a government-based organization.

B. The ISO has three membership categories: member, correspondent, and subscribers.

C. Only member bodies have voting rights.

D. Correspondent bodies are small countries with their own standards organization.

E. Subscriber members are individual organizations.

Answer: B,C


Q14. What are feature that can stop man-in-the-middle attacks? (Choose two)

A. ARP sniffing on specific ports

B. ARP spoofing

C. Dynamic ARP inspection

D. DHCP snooping

E. destination MAC ACLs

Answer: C,D


Q15. Refer to the exhibit 

which two statement about the given IPV6 ZBF configuration are true? (Choose two)

A. It provides backward compability with legacy IPv6 inspection

B. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.

C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.

D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.

E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.

F. It provide backward compatibility with legacy IPv4 inseption.

Answer: A,B


Q16. Which three IP resources is the IANA responsible? (Choose three.)

A. IP address allocation

B. detection of spoofed address

C. criminal prosecution of hackers

D. autonomous system number allocation

E. root zone management in DNS

F. BGP protocol vulnerabilities

Answer: A,D,E


Q17. Which two statement about DTLS are true ? (choose two)

A. Unlike TLS,DTLS support VPN connection with ASA.

B. It is more secure that TLS.

C. When DPD is enabled DTLS connection can automatically fall back to TLS.

D. It overcomes the latency and bandwidth problem that can with SSL.

E. IT come reduce packet delays and improve application performance.

F. It support SSL VPNs without requiring an SSL tunnel.

Answer: C,D


Q18. What are the two IPSec modes? (Choose two)

A. Aggressive

B. ISAKMP

C. Transport

D. IKE

E. Main

F. Tunnel

Answer: C,F


Q19. Which protocol does VNC use for remote access to a GUI?

A. RTPS

B. RARP

C. E6

D. SSH

E. RFB

Answer: D


Q20. Which description of a virtual private cloud is true?

A. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation

B. An on-demand configurable pool of shared data resources allocated within a private cloud environment,

which provides assigned DMZ zones

C. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation

D. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation

Answer: D