Scribd Logo
Upload

Welcome to Scribd!

  • 112 views

    2.PassLeader 210-260 Exam Dumps (31-60)

    Uploaded by

    Shaleh Sen
    This document provides sample exam questions and answers from Cisco's 210-260 Implementing Cisco Network Security (IINS) certification exam. It includes questions 31 through 60 on topics such as VPN technologies, firewalls, IPS, and network access authentication. The document is advertising free exam dumps and questions from PassLeader to help students study and prepare for the 210-260 exam.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    2.PassLeader 210-260 Exam Dumps (31-60)

    Uploaded by

    Shaleh Sen
    112 views8 pages
    This document provides sample exam questions and answers from Cisco's 210-260 Implementing Cisco Network Security (IINS) certification exam. It includes questions 31 through 60 on topics such as VPN technologies, firewalls, IPS, and network access authentication. The document is advertising free exam dumps and questions from PassLeader to help students study and prepare for the 210-260 exam.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides sample exam questions and answers from Cisco's 210-260 Implementing Cisco Network Security (IINS) certification exam. It includes questions 31 through 60 on topics such as VPN technologies, firewalls, IPS, and network access authentication. The document is advertising free exam dumps and questions from PassLeader to help students study and prepare for the 210-260 exam.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    112 views8 pages

    2.PassLeader 210-260 Exam Dumps (31-60)

    Uploaded by

    Shaleh Sen
    This document provides sample exam questions and answers from Cisco's 210-260 Implementing Cisco Network Security (IINS) certification exam. It includes questions 31 through 60 on topics such as VPN technologies, firewalls, IPS, and network access authentication. The document is advertising free exam dumps and questions from PassLeader to help students study and prepare for the 210-260 exam.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 8

    Free VCE and PDF Exam Dumps from PassLeader

     Vendor: Cisco

     Exam Code: 210-260

     Exam Name: Implementing Cisco Network Security (IINS)

     Question 31 – Question 60

    Visit PassLeader and Download Full Version 210-260 Exam Dumps

    QUESTION 31
    A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu
    option for Remote Desktop Protocol on the portal web page. Which action should you take to begin
    troubleshooting?

    A. Ensure that the RDP2 plug-in is installed on the VPN gateway


    B. Reboot the VPN gateway
    C. Instruct the user to reconnect to the VPN gateway
    D. Ensure that the RDP plug-in is installed on the VPN gateway

    Answer: A

    QUESTION 32
    Which security zone is automatically defined by the system?

    A. The source zone


    B. The self zone
    C. The destination zone
    D. The inside zone

    Answer: B

    QUESTION 33
    What are purposes of the Internet Key Exchange in an IPsec VPN? (Choose two.)

    A. The Internet Key Exchange protocol establishes security associations


    B. The Internet Key Exchange protocol provides data confidentiality
    C. The Internet Key Exchange protocol provides replay detection
    D. The Internet Key Exchange protocol is responsible for mutual authentication

    Answer: AD

    QUESTION 34
    Which address block is reserved for locally assigned unique local addresses?

    A. 2002::/16

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader
    B. FD00::/8
    C. 2001::/32
    D. FB00::/8

    Answer: B

    QUESTION 35
    What is a possible reason for the error message? Router(config)#aaa server?% Unrecognized
    command

    A. The command syntax requires a space after the word "server"


    B. The command is invalid on the target device
    C. The router is already running the latest operating system
    D. The router is a new device on which the aaa new-model command must be applied before
    continuing

    Answer: D

    QUESTION 36
    Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)

    A. Smart tunnels can be used by clients that do not have administrator privileges
    B. Smart tunnels support all operating systems
    C. Smart tunnels offer better performance than port forwarding
    D. Smart tunnels require the client to have the application installed locally

    Answer: AD
    Explanation:
    Smart Tunnel is also used to provide remote access to web applications that are difficult to rewrite,
    such as proprietary, non-standards-based Java, Java Script, or Flash animations.
    Smart Tunnel also supports Single Sign-On to web applications that require either form-based
    POST parameters, http basic, FTP, or NTLM authentication
    Smart Tunnel can also co-exist with a Full-Tunnel VPN Client. For example, an employee can
    connect to the company network by using Full-Tunnel VPN Client, while simultaneously connecting
    to a vendor network by using Smart Tunnel. Smart Tunnel Advantages over Port-Forwarding, Plug-
    ins: Smart Tunnel offers better performance than browser Plug-ins.
    Port forwarding is the legacy technology for supporting TCP-based applications over a Clientless
    SSL VPN connection. Unlike port forwarding, Smart Tunnel simplifies the user experience by not
    requiring the user connection of the local application to the local port.
    Smart Tunnel does not require users to have administrator privileges.
    Smart Tunnel does not require the administrator to know application port numbers in advance.

    QUESTION 37
    Which option describes information that must be considered when you apply an access list to a
    physical interface?

    A. Protocol used for filtering


    B. Direction of the access class
    C. Direction of the access group
    D. Direction of the access list

    Answer: C

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader

    QUESTION 38
    Which source port does IKE use when NAT has been detected between two VPN gateways?

    A. TCP 4500
    B. TCP 500
    C. UDP 4500
    D. UDP 500

    Answer: C

    QUESTION 39
    Which of the following are features of IPsec transport mode? (Choose three.)

    A. IPsec transport mode is used between end stations


    B. IPsec transport mode is used between gateways
    C. IPsec transport mode supports multicast
    D. IPsec transport mode supports unicast
    E. IPsec transport mode encrypts only the payload
    F. IPsec transport mode encrypts the entire packet

    Answer: ADE
    Explanation:
    IPSec Transport Mode
    IPSec Transport mode is used for end-to-end communications, for example, for communication
    between a client and a server or between a workstation and a gateway (if the gateway is being
    treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from
    a workstation to a server.
    Transport mode provides the protection of our data, also known as IP Payload, and consists of
    TCP/UDP header + Data, through an AH or ESP header. The payload is encapsulated by the IPSec
    headers and trailers. The original IP headers remain intact, except that the IP protocol field is
    changed to ESP (50) or AH (51), and the original protocol value is saved in the IPsec trailer to be
    restored when the packet is decrypted.
    IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first
    encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec
    protects the GRE tunnel traffic in transport mode.

    QUESTION 40
    Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?

    A. no switchport nonnegotiate
    B. switchport
    C. no switchport mode dynamic auto
    D. no switchport

    Answer: D

    QUESTION 41
    Which command verifies phase 1 of an IPsec VPN on a Cisco router?

    A. show crypto map


    B. show crypto ipsec sa

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader
    C. show crypto isakmp sa
    D. show crypto engine connection active

    Answer: C
    Explanation:
    show crypto ipsec sa verifies Phase 2 of the tunnel.

    QUESTION 42
    What is the purpose of a honeypot IPS?

    A. To create customized policies


    B. To detect unknown attacks
    C. To normalize streams
    D. To collect information about attacks

    Answer: D

    QUESTION 43
    Which type of firewall can act on the behalf of the end device?

    A. Stateful packet
    B. Application
    C. Packet
    D. Proxy

    Answer: D

    QUESTION 44
    Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp as
    command. What does the given output show?

    A. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5


    B. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5
    C. IPSec Phase 1 is down due to a QM_IDLE state
    D. IPSEc Phase 2 is down due to a QM_IDLE state

    Answer: A

    QUESTION 45
    What type of attack was the Stuxnet virus?

    A. cyber warfare
    B. hactivism
    C. botnet
    D. social engineering

    Answer: A

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader
    QUESTION 46
    Which type of secure connectivity does an extranet provide?

    A. remote branch offices to your company network


    B. your company network to the Internet
    C. new networks to your company network
    D. other company networks to your company network

    Answer: D

    QUESTION 47
    After reloading a router, you issue the dir command to verify the installation and observe that the
    image file appears to be missing. For what reason could the image file fail to appear in the dir
    output?

    A. The secure boot-image command is configured.


    B. The secure boot-comfit command is configured.
    C. The confreg 0x24 command is configured.
    D. The reload command was issued from ROMMON.

    Answer: A

    QUESTION 48
    What is a reason for an organization to deploy a personal firewall?

    A. To protect endpoints such as desktops from malicious activity


    B. To protect one virtual network segment from another
    C. To determine whether a host meets minimum security posture requirements
    D. To create a separate, non-persistent virtual environment that can be destroyed after a session
    E. To protect the network from DoS and syn-flood attacks

    Answer: A

    QUESTION 49
    Which FirePOWER preprocessor engine is used to prevent SYN attacks?

    A. Rate-Based Prevention
    B. Portscan Detection
    C. IP Defragmentation
    D. Inline Normalization

    Answer: A

    QUESTION 50
    What VPN feature allows traffic to exit the security appliance through the same interface it entered?

    A. Hairpinning
    B. NAT
    C. NAT traversal
    D. split tunneling

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader
    Answer: A

    QUESTION 51
    When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

    A. Perform a Layer 6 reset


    B. Deploy an antimalware system
    C. Enable bypass mode
    D. Deny the connection inline

    Answer: D

    QUESTION 52
    Which statement about Cisco ACS authentication and authorization is true?

    A. ACS servers can be clustered to provide scalability


    B. ACS can query multiple Active Directory domains
    C. ACS uses TACACS to proxy other authentication servers
    D. ACS can use only one authorization profile to allo or deny requests

    Answer: A

    QUESTION 53
    What is the only permitted operation for processing multicast traffic on zone-based firewalls?

    A. Stateful inspection of multicast traffic is supported only for the self zone
    B. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone
    C. Only control plane policing can protect the control plane against multicast traffic
    D. Stateful inspection of multicast traffic is supported only for the internal zone

    Answer: C

    QUESTION 54
    What is one requirement for locking a wired or wireless device from ISE?

    A. The ISE agent must be installed on the device


    B. The device must be connnected to the network when the lock command is executed
    C. The user must approve the locking action
    D. The organization must implement an acceptable use policy allowing device locking

    Answer: A

    QUESTION 55
    Refer to the exhibit. What type of firewall would use the given cofiguration line?

    A. a stateful firewall
    B. a personal firewall
    C. a proxy firewall

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader
    D. an application firewall
    E. a stateless firewall

    Answer: A

    QUESTION 56
    What are two default Cisco IOS privilege levels? (Choose two)

    A. 0
    B. 5
    C. 1
    D. 7
    E. 10
    F. 15

    Answer: CF

    QUESTION 57
    What is the effect of the given command sequence?

    A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a desstination of 10.100.100.0/24
    B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24
    C. it defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24
    D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24

    Answer: A

    QUESTION 58
    Which tool can an attacker use to attempt a DDos attack?

    A. botnet
    B. Trojan horse
    C. virus
    D. adware

    Answer: A

    QUESTION 59
    how does the Cisco ASA use Active Directory to authorize VPN users?

    A. It queries the Active Directory server for a Specfic attribute for the specific user
    B. It sends the username and password to retire an ACCEPT or Reject message from the Active
    Directory server
    C. It downloads and stores the Active Directory databas to query for future authorization
    D. It redirects requests to the Active Directory server defined for the VPN group

    Answer: A

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html
    Free VCE and PDF Exam Dumps from PassLeader

    QUESTION 60
    Which statement about application blocking is true?

    A. It blocks access to files with specific extensions


    B. It blocks access to specific network addresses
    C. It blocks access to specific programs
    D. It blocks access to specific network services.

    Answer: C

    Visit PassLeader and Download Full Version 210-260 Exam Dumps

    210-260 Exam Dumps 210-260 Exam Questions 210-260 PDF Dumps 210-260 VCE Dumps
    http://www.passleader.com/210-260.html

    You might also like