Pass Cisco 210-260 Exam With 100% Guarantee: Implementing Cisco Network Security

https://www.lead4pass.com/210-260.
html
2019 Latest lead4pass 210-260 PDF and VCE dumps Download
210-260Q&As
Implementing Cisco Network Security
Pass Cisco 210-260 Exam with 100% Guarantee
Free Download Real Questions & Answers PDF and VCE file from:
https://www.lead4pass.com/210-260.html
100% Passing Guarantee

100% Money Back Assurance
Following Questions and Answers are all new published by Cisco

Official Exam Center
Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 1 / 16

QUESTION 1
Which command should be used to enable AAA authentication to determine if a user can access the privilege command
level?
A. aaa authentication enable level
B. aaa authentication enable default local
C. aaa authentication enable method default
D. aaa authentication enable local
Correct Answer: B
QUESTION 2
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?
A. It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January
1, 2014 and continue using the key indefinitely.
B. It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on
December 31, 2013 and continue using the key indefinitely.
C. It configures the device to begin accepting the authentication key from other devices immediately and stop accepting
the key at 23:59:00 local time on December 31, 2013.
D. It configures the device to generate a new authentication key and transmit it to other devices at 23:59:00 local time
on December 31, 2013.
E. It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on
December 31, 2013 and continue accepting the key indefinitely.
F. It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on
January 1, 2014 and continue accepting the key indefinitely.
Correct Answer: B
QUESTION 3
What information does the key length provide in an encryption algorithm?
A. the packet size
B. the number of permutations
C. the hash block size

D. the cipher block size
Correct Answer: C
QUESTION 4
Which wildcard mask is associated with a subnet mask of /27?
A. 0.0.0.31
B. 0.0.027
C. 0.0.0.224
D. 0.0.0.255
Correct Answer: A
QUESTION 5
What show command can see vpn tunnel establish with traffic passing through.
A. (config)# show crypto ipsec sa
B. #show crypto ipsec sa
C. (config-if)#
Correct Answer: A
QUESTION 6
What is the purpose of the Integrity component of the CIA triad?
A. to ensure that only authorized parties can modify data
B. to determine whether data is relevant
C. to create a process for accessing data
D. to ensure that only authorized parties can view data
Correct Answer: A
QUESTION 7
Refer to the exhibit.

Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16.1.0 0.0.0.255 any, what would be the
resulting dynamically configured ACL for the return traffic on the outside ACL?
A. permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300
B. permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300
C. permit tcp any eq 80 host 192.168.1.11 eq 2300
D. permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300
Correct Answer: A
QUESTION 8
In which stage of an attack does the attacker discover devices on a target network?
A. Reconnaissance
B. Covering tracks
C. Gaining access
D. Maintaining access
Correct Answer: A
QUESTION 9
Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two.)
A. FTP
B. SSH
C. Telnet
D. AAA

E. HTTPS
F. HTTP
Correct Answer: BE
QUESTION 10
Which option describes information that must be considered when you apply an access list to a physical interface?
A. Protocol used for filtering
B. Direction of the access class
C. Direction of the access group
D. Direction of the access list
Correct Answer: C
QUESTION 11
Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)
A. Smart tunnels can be used by clients that do not have administrator privileges
B. Smart tunnels support all operating systems
C. Smart tunnels offer better performance than port forwarding
D. Smart tunnels require the client to have the application installed locally
Correct Answer: AC
QUESTION 12
Which two types of VLANs using PVLANs are valid? (Choose two.)
A. secondary
B. community
C. isolated
D. promiscuous
E. backup
Correct Answer: CD
Promiscuous (P) :- Usually connects to a router – a type of a port which is allowed to send and receive frames from any

other port on the VLAN. Isolated (I) : This type of port is only allowed to communicate with P ports – they are “stub”.
This type of ports usually connects to hosts.
https://learningnetwork.cisco.com/docs/DOC-16110
QUESTION 13
If the native VLAN on a trunk is different on each end of the link, what is a potential consequence?
A. The interface on both switches may shut down
B. STP loops may occur
C. The switch with the higher native VLAN may shut down
D. The interface with the lower native VLAN may shut down
Correct Answer: B
QUESTION 14
Which three ESP fields can be encrypted during transmission? (Choose three.)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header
Correct Answer: DEF
QUESTION 15
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?
A. split tunneling
B. hairpinning
C. tunnel mode
D. transparent mode
Correct Answer: A

QUESTION 16
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A. Deny the connection inline.
B. Perform a Layer 6 reset.
C. Deploy an antimalware system.
D. Enable bypass mode.
Correct Answer: A
QUESTION 17
Which two authentication types does OSPF support? (Choose two.)
A. plaintext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES
Correct Answer: AB
QUESTION 18
Which feature filters CoPP packets?
A. access control lists
B. class maps
C. policy maps
D. route maps
Correct Answer: A
QUESTION 19
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured

under crypto map? (Choose two.)
A. nat
B. peer
C. pfs
D. reverse-route
E. transform-set
Correct Answer: BE
QUESTION 20
Which two characteristics of the TACACS+ protocol are true? (Choose two.)
A. uses UDP ports 1645 or 1812
B. separates AAA functions
C. encrypts the body of every packet
D. offers extensive accounting capabilities
E. is an open RFC standard protocol
Correct Answer: BC
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
Packet Encryption RADIUS encrypts only the password in the access-request packet, from the client to the server. The
remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can
be captured by a third party. TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header.
Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to
have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted
for more secure communications. Authentication and Authorization RADIUS combines authentication and authorization.
The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it
difficult to decouple authentication and authorization.
TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still
use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos
authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests
authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+
server that it has successfully authenticated on a Kerberos server, and the server then provides authorization
information.
During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to
determine if the user is granted permission to use a particular command. This provides greater control over the
commands that can be executed on the access server while decoupling from the authentication mechanism.

QUESTION 21
Which type of attack can exploit design flaws in the implementation of an application without going noticed?
A. Volume-based DDoS attacks.
B. Application DDoS flood attacks.
C. DHCP starvation attacks.
D. Low-rate DoS attacks.
Correct Answer: D
QUESTION 22
Which two ESA services are available for incoming and outgoing mails? (Choose two.)
A. DLP
B. reputation filter
C. content filter
D. anti-Dos
E. antispam
Correct Answer: AC
QUESTION 23
Which type of attack is directed against the network directly:
A. Denial of Service
B. phishing
C. trojan horse
Correct Answer: A
QUESTION 24
What do you use when you have a network object or group and want to use an IP address?
A. Static NAT

B. Dynamic NAT
C. identity NAT
D. Static PAT
Correct Answer: B
QUESTION 25
Which three statements about Cisco host-based IPS solutions are true? (Choose three.)
A. It can view encrypted files.
B. It can have more restrictive policies than network-based IPS.
C. It can generate alerts based on behavior at the desktop level.
D. It can be deployed at the perimeter.
E. It uses signature-based policies.
F. It works with deployed firewalls.
Correct Answer: ABC
QUESTION 26
Which sensor mode can deny attackers inline?
A. IPS
B. fail-close
C. IDS
D. fail-open
Correct Answer: A
QUESTION 27
Which syslog severity level is level number 7?
A. Warning
B. Informational
C. Notification
D. Debugging

Correct Answer: D
QUESTION 28
After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to
be missing. For what reason could the image file fail to appear in the dir output?
A. The secure boot-image command is configured.
B. The secure boot-comfit command is configured.
C. The confreg 0x24 command is configured.
D. The reload command was issued from ROMMON.
Correct Answer: A
QUESTION 29
On an ASA, the policy that indicates that traffic should not be translated is often referred to as which of the following?
A. NAT zero
B. NAT forward
C. NAT null
D. NAT allow
Correct Answer: A
QUESTION 30
What is the most common Cisco Discovery Protocol version 1 attack?
A. Denial of Service
B. MAC-address spoofing
C. CAM-table overflow
D. VLAN hopping
Correct Answer: A
QUESTION 31

How does a zone pair handle traffic if the policy definition of the zone pair is missing?
A. It permits all traffic without logging.
B. It drops all traffic.
C. It inspects all traffic.
D. It permits and logs all traffic.
Correct Answer: B
QUESTION 32
Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?
A. Allow with inspection
B. Allow without inspection
C. Block
D. Trust
E. Monitor
Correct Answer: A
QUESTION 33
What is a reason for an organization to deploy a personal firewall?
A. To protect endpoints such as desktops from malicious activity.
B. To protect one virtual network segment from another.
C. To determine whether a host meets minimum security posture requirements.
D. To create a separate, non-persistent virtual environment that can be destroyed after a session.
E. To protect the network from DoS and syn-flood attacks.
Correct Answer: A
QUESTION 34
Which IPS detection method can you use to detect attacks that based on the attackers IP addresses?
A. Policy-based

B. Anomaly-based
C. Reputation-based
D. Signature-based
Correct Answer: C
QUESTION 35
Which two features do CoPP and CPPr use to protect the control plane? (Choose two.)
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
Correct Answer: AB
QUESTION 36
SSL certificates are issued by Certificate Authority(CA) are?
A. Trusted root
B. Not trusted
Correct Answer: A
QUESTION 37
Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?
A. no switchport nonnegotiate
B. switchport
C. no switchport mode dynamic auto
D. no switchport
Correct Answer: D

QUESTION 38
Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two.)
A. start-stop
B. stop-record
C. stop-only
D. stop
Correct Answer: AC
QUESTION 39
When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose
three.)
A. pass
B. police
C. inspect
D. drop
E. queue
F. shape
Correct Answer: ACD
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080 8bc994.shtml
Zone-Based Policy Firewall Actions
ZFW provides three actions for traffic that traverses from one zone to another:
Drop -- This is the default action for all traffic, as applied by the andquot;class class-defaultandquot; that terminates
every inspect-type policy-map. Other class-maps within a policy-map can also be configured to drop unwanted traffic.
Traffic that is handled by the drop action is andquot;silentlyandquot; dropped (i.e., no notification of the drop is sent to
the relevant end-host) by the ZFW, as opposed to an ACL\\'s behavior of sending an ICMP andquot;host
unreachableandquot; message to the host that sent
the denied traffic. Currently, there is not an option to change the andquot;silent dropandquot; behavior. The log option
can be added with drop for syslog notification that traffic was dropped by the firewall.
Pass -- This action allows the router to forward traffic from one zone to another. The pass action does not track the state
of connections or sessions within the traffic. Pass only allows the traffic in one direction. A corresponding policy must
be
applied to allow return traffic to pass in the opposite direction. The pass action is useful for protocols such as IPSec
ESP, IPSec AH, ISAKMP, and other inherently secure protocols with predictable behavior. However, most application

traffic is
better handled in the ZFW with the inspect action.
Inspect--The inspect action offers state-based traffic control. For example, if traffic from the private zone to the Internet
zone in the earlier example network is inspected, the router maintains connection or session information for TCP and
User
Datagram Protocol (UDP) traffic. Therefore, the router permits return traffic sent from Internet-zone hosts in reply to
private zone connection requests. Also, inspect can provide application inspection and control for certain service
protocols
that might carry vulnerable or sensitive application traffic.
Audit-trail can be applied with a parameter-map to record connection/session start, stop, duration, the data volume
transferred, and source and destination addresses.
QUESTION 40
Which 2 NAT type allows only objects or groups to reference an IP address?
A. dynamic NAT
B. dynamic PAT
C. static NAT
D. identity NAT
Correct Answer: AC
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co
nfig/nat_objects.html#18425
Latest 210-260 Dumps 210-260 VCE Dumps 210-260 Exam Questions

To Read the Whole Q&As, please purchase the Complete Version from Our website.
Try our product !
100% Guaranteed Success

100% Money Back Guarantee
365 Days Free Update
Instant Download After Purchase
24x7 Customer Support
Average 99.9% Success Rate
More than 800,000 Satisfied Customers Worldwide
Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle
We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications.
You can view Vendor list of All Certification Exams offered:
https://www.lead4pass.com/allproducts
Need Help
Please provide as much detail as possible so we can best assist you.
To update a previously submitted ticket:
Any charges made through this site will appear as Global Simulators Limited.
All trademarks are the property of their respective owners.
Copyright © lead4pass, All Rights Reserved.
Powered by TCPDF (www.tcpdf.org)

Pass Cisco 210-260 Exam With 100% Guarantee: Implementing Cisco Network Security

Uploaded by

Copyright:

Available Formats

Pass Cisco 210-260 Exam With 100% Guarantee: Implementing Cisco Network Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pass Cisco 210-260 Exam With 100% Guarantee: Implementing Cisco Network Security

Uploaded by

Copyright:

Available Formats

https://www.lead4pass.com/210-260.

Pass Cisco 210-260 Exam with 100% Guarantee

100% Passing Guarantee

Following Questions and Answers are all new published by Cisco

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 1 / 16

A. aaa authentication enable level

B. aaa authentication enable default local

C. aaa authentication enable method default

D. aaa authentication enable local

What information does the key length provide in an encryption algorithm?

A. the packet size

B. the number of permutations

C. the hash block size

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 2 / 16

D. the cipher block size

Which wildcard mask is associated with a subnet mask of /27?

A. (config)# show crypto ipsec sa

B. #show crypto ipsec sa

What is the purpose of the Integrity component of the CIA triad?

A. to ensure that only authorized parties can modify data

B. to determine whether data is relevant

C. to create a process for accessing data

D. to ensure that only authorized parties can view data

Refer to the exhibit.

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 3 / 16

A. permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300

B. permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300

C. permit tcp any eq 80 host 192.168.1.11 eq 2300

D. permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 4 / 16

A. Protocol used for filtering

B. Direction of the access class

C. Direction of the access group

D. Direction of the access list

B. Smart tunnels support all operating systems

C. Smart tunnels offer better performance than port forwarding

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 5 / 16

A. The interface on both switches may shut down

B. STP loops may occur

A. Security Parameter Index

Correct Answer: DEF

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 6 / 16

A. Deny the connection inline.

B. Perform a Layer 6 reset.

C. Deploy an antimalware system.

D. Enable bypass mode.

Which two authentication types does OSPF support? (Choose two.)

Which feature filters CoPP packets?

A. access control lists

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 7 / 16

under crypto map? (Choose two.)

A. uses UDP ports 1645 or 1812

B. separates AAA functions

C. encrypts the body of every packet

D. offers extensive accounting capabilities

E. is an open RFC standard protocol

Latest 210-260 Dumps | 210-260 VCE Dumps | 210-260 Exam Questions 8 / 16

A. Volume-based DDoS attacks.

B. Application DDoS flood attacks.