Cisco 400-251 Certification Exam Sample Questions and Answers

CCIE Security Dumps, 400-251 Dumps, Cisco CCIE S PDF, 400-251 PDF, CCIE Security VCE, Cisco CCIE Security Questions PDF, Cisco Exam VCE, Cisco 400-251 VCE, CCIE Security Cheat SheetBefore you write the Cisco CCIE Security (400-251) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Cisco Certified Internetwork Expert Security (CCIE S) sample questions and demo exam help you in removing these doubts and prepare you to take the test.

The best approach to pass your Cisco 400-251 exam is to challenge and improve your knowledge. To test your learning and identify improvement areas with actual exam format, we suggest you practice with Premium Cisco 400-251 Certification Practice Exam. The practice test is one of the most important elements of your Cisco CCIE Security Written Exam (CCIE S) exam study strategy to discover your strengths and weaknesses, to improve your time management skills and to get an idea of the score you can expect.

Cisco 400-251 (CCIE S) Sample Questions:

01. In the IOS Firewall Feature Set, CBAC does not?
a) Maintain state information for individual connections
b) Use state information to allow or deny network traffic
c) Inspect ICMP
d) Dynamically create and delete openings in the firewall
02. What is a limitation of Unicast RPF?
a) Cisco express switching (CES) must be enabled.
b) Multiple access-lists must be configured.
c) A CA is required.
d) Symmetrical routing is required.
03. How would you see the default IKE policy?
a) show running
b) wr t
c) show crypto isakmp policy
d) show crypto ike policy
e) wr m
04. According to RFC 1700, what well-known ports are used for DNS?
a) TCP and UDP 23.
b) UDP 53 only.
c) TCP and UDP 53.
d) UDP and TCP 69.
05. How can you tell what hosts are on your local network?
a) The IP address of your host.
b) The subnet mask of your host.
c) The remote router's IP address.
d) Your hub's IP address.
06. What does split horizon do?
a) Keeps the router from sending routes out the same interface they came in.
b) Sends a "route delete" back down the same interface that the route came in.
c) Ignores routing updates.
d) Waits for the next update to come in before declaring the route unreachable.
07. Crypto maps do which of the following?
(Choose four.)
a) Define whether sa's are manual or via IKE.
b) Define the transform set to be used.
c) Define who the remote peer is.
d) Define the local address.
e) Define which IP source addresses, destination addresses, ports, and protocols are to be encrypted.
08. For the following options, which security reporting system is analogous to CS-MARS?
a) Security Incident Response System SIRT
b) Security Information Management System SIM
c) Security Reporting and Response System SRRS
d) Security Threat Mitigation System STM
09. What is the purpose of a CA?
(Choose two.)
a) Manage and issue certificates.
b) Simplify administration of IPSec devices.
c) Define traffic flow.
d) Help IPSec configurations to scale.
e) Monitor IPSec statistics between sa's.
10. At which layers of the OIS model do firewalls typically operate?
(Choose three.)
a) Application
b) Network
c) Transport
d) Session
e) Physical


Question: 01

Answer: c

Question: 02

Answer: d

Question: 03

Answer: c

Question: 04

Answer: c

Question: 05

Answer: b

Question: 06

Answer: a

Question: 07

Answer: a, b, c, d

Question: 08

Answer: d

Question: 09

Answer: a, b

Question: 10

Answer: a, b, c

Note: If you find any error in these Cisco CCIE Security Written Exam (CCIE S) sample questions, you can update us by write an email on

Rating: 4.9 / 5 (31 votes)