Actualtests 400-251 Questions are updated and all 400-251 answers are verified by experts. Once you have completely prepared with our 400-251 exam prep kits you will be ready for the real 400-251 exam without a problem. We have Avant-garde Cisco 400-251 dumps study guide. PASSED 400-251 First attempt! Here What I Did.

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-251 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-251 Exam Dumps (PDF & VCE):
Available on:

Q1. Which option describes the purpose of the RADIUS VAP-ID attribute?

A. It specifies the ACL ID to be matched against the client

B. It specifies the WLAN ID of the wireless LAN to which the client belongs

C. It sets the minimum bandwidth for the connection

D. It sets the maximum bandwidth for the connection

E. It specifies the priority of the client

F. It identifies the VLAN interface to which the client will be associated

Answer: B

Q2. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)

A. Destination Unreachable-protocol Unreachable

B. Destination Unreachable-port Unreachable

C. Time Exceeded-Time to Live exceeded in Transit

D. Redirect-Redirect Datagram for the Host

E. Time Exceeded-Fragment Reassembly Time Exceeded

F. Redirect-Redirect Datagram for the Type of service and Host

Answer: B,C

Q3. Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)

A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute

B. It uses AD attribute maps to assign users to group policies configured under the WebVPN context

C. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies

D. It can assign a group policy to a user based on access credentials

E. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA

F. It is a closed standard that manages directory-information services over distributed networks

Answer: A,B

Q4. According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)

A. Router Renumbering(Type 138)

B. Node Information Query(Type 139)

C. Router Solicitation(Type 133)

D. Node information Response(Type

E. Router Advertisement(Type 134)

F. Neighbor Solicitaion(Type 135)

Answer: A,B,D

Q5. What is an example of a WEP cracking attack ?

A. SQL injection attack

B. Café latte attack

C. directory traversal attack

D. Reflected XSS attack

Answer: B

Q6. Which object table contains information about the clients know to the server in Cisco NHRP MIB


A. NHRP Server NHC Table

B. NHRP Client Statistics Table

C. NHRP Cache Table

D. NHRP Purge Request Table

Answer: A

Q7. Which two statement about the IPv6 Hop-by-Hop option extension header (EH. are true?9Choose two)

A. The Hop-by-Hop EH is processed in hardware at the source and the destination devices only.

B. If present, network devices must process the Hop-by-Hop EH first

C. The Hop-by-Hop extension header is processed by the CPU by network devices

D. The Hop-by-Hop EH is processed in hardware by all intermediate network devices

E. The Hop-by-Hop EH is encrypted by the Encapsulating Security Header.

F. If present the Hop-by-Hop EH must follow the Mobility EH.

Answer: B,C

Q8. Which command sets the Key-length for the IPv6 send protocol?

A. IPv6 nd ns-interval

B. Ipv6 ndra-interval

C. IPv6 nd prefix

D. IPv6 nd inspection

E. IPv6 nd secured

Answer: E

Q9. Which two statements about the anti-replay feature are true? (Choose two)

A. By default, the sender uses a single 1024-packet sliding window

B. By default, the receiver uses a single 64-packet sliding window

C. The sender assigns two unique sequence numbers to each clear-text packet

D. The sender assigns two unique sequence numbers to each encrypted packet

E. the receiver performs a hash of each packet in the window to detect replays

F. The replay error counter is incremented only when a packet is dropped

Answer: B,D

Q10. Which of the following statement is true about the ARP attack?

A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.

B. Attackers sends the ARP request with the MAC address and IP address of its own.

C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.

D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.

Answer: D