Prepare for Cisco 210-260 exam with best Cisco CCNA Security 210-260 dumps pdf practice materials free try. Helpful latest Cisco CCNA Security 210-260 dumps vce youtube demo update free shared. “Implementing Cisco Network Security” is the name of Cisco CCNA Security https://www.leads4pass.com/210-260.html exam dumps which covers all the knowledge points of the real Cisco exam.
With the help of latest and authentic Cisco CCNA Security 210-260 dumps exam questions, you can find the best 210-260 exam preparation kit here. Lead4pass is the best site for providing online preparation material for 210-260 exam. CCNA Security 210-260 exam preparation kit contains all the necessary 210-260 questions that you need to know. 100% success and guarantee to pass Cisco 210-260 exam.
Useful Cisco CCNA Security 210-260 Dumps Exam Practice Questions And Answers (1-30)
QUESTION 1
Which three ESP fields can be encrypted during transmission? (Choose three.)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header
Correct Answer: DEF
QUESTION 2
What mechanism does asymmetric cryptography use to secure data?
A. a public/private key pair
B. shared secret keys
C. an RSA nonce
D. an MD5 hash
Correct Answer: A
QUESTION 3
Whit which type of Leyer 2 attack can you “do something” for one host:
A. MAC spoofing
B. CAM overflow….
Correct Answer: A
QUESTION 4
Refer to the exhibit.
How many times was a read-only string used to attempt a write operation?
A. 9
B. 6
C. 4
D. 3
E. 2
Correct Answer: A
QUESTION 5
Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
Correct Answer: B
QUESTION 6
Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own?
A. white hat hacker
B. hacktivist
C. phreaker
D. script kiddy
Correct Answer: D
QUESTION 7
When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? 210-260 dumps (Choose three.)
A. pass
B. police
C. inspect
D. drop
E. queue
F. shape
Correct Answer: ACD
Explanation:
Zone-Based Policy Firewall Actions
ZFW provides three actions for traffic that traverses from one zone to another:
Drop — This is the default action for all traffic, as applied by the “class class-default” that terminates every inspect-type policy-map. Other class-maps within a policy-map can also be configured to drop unwanted traffic.
Traffic that is handled by the drop action is “silently” dropped (i.e., no notification of the drop is sent to the relevant end-host) by the ZFW, as opposed to an ACL’s behavior of sending an ICMP “host unreachable” message to the host that sent the denied traffic. Currently, there is not an option to change the “silent drop” behavior. The log option can be added with drop for syslog notification that traffic was dropped by the firewall.
Pass — This action allows the router to forward traffic from one zone to another. The pass action does not track the state of connections or sessions within the traffic. Pass only allows the traffic in one direction. A corresponding policy must be applied to allow return traffic to pass in the opposite direction. The pass action is useful for protocols such as IPSec ESP, IPSec AH, ISAKMP, and other inherently secure protocols with predictable behavior. However, most application traffic is better handled in the ZFW with the inspect action.
Inspect–The inspect action offers state-based traffic control. For example, if traffic from the private zone to the Internet zone in the earlier example network is inspected, the router maintains connection or session information for TCP and User Datagram Protocol (UDP) traffic. Therefore, the router permits return traffic sent from Internet-zone hosts in reply to private zone connection requests. Also, inspect can provide application inspection and control for certain service protocols that might carry vulnerable or sensitive application traffic.
Audit-trail can be applied with a parameter-map to record connection/session start, stop, duration, the data volume transferred, and source and destination addresses.
QUESTION 8
Which type of security control is defense in depth?
A. Threat mitigation
B. Risk analysis
C. Botnet mitigation
D. Overt and covert channels
Correct Answer: A
QUESTION 9
Which statement about a PVLAN isolated port configured on a switch is true?
A. The isolated port can communicate only with the promiscuous port.
B. The isolated port can communicate with other isolated ports and the promiscuous port.
C. The isolated port can communicate only with community ports.
D. The isolated port can communicate only with other isolated ports.
Correct Answer: A
QUESTION 10
Which statement about Cisco ACS authentication and authorization is true?
A. ACS servers can be clustered to provide scalability.
B. ACS can query multiple Active Directory domains.
C. ACS uses TACACS to proxy other authentication servers.
D. ACS can use only one authorization profile to allow or deny requests.
Correct Answer: A
QUESTION 11
Refer to the exhibit.
If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond?
A. The supplicant will fail to advance beyond the webauth method.
B. The switch will cycle through the configured authentication methods indefinitely.
C. The authentication attempt will time out and the switch will place the port into the unauthorized state.
D. The authentication attempt will time out and the switch will place the port into VLAN 101.
Correct Answer: A
QUESTION 12
What configure mode you used for the command ip ospf authentication-key c1$c0?
A. global
B. privileged
C. in-line
D. Interface
Correct Answer: D
Explanation:
ip ospf authentication-key is used under interface configuration mode, so it’s in interface level, under global configuration mode. If it asks about interface level then choose that.
interface Serial0
ip address 192.16.64.1 255.255.25
QUESTION 13
Which two features are commonly used CoPP and CPPr to protect the control plane? (Choose two.)
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
Correct Answer: AB
QUESTION 14
What is one requirement for locking a wired or wireless device from ISE? 210-260 dumps
A. The ISE agent must be installed on the device.
B. The device must be connected to the network when the lock command is executed.
C. The user must approve the locking action.
D. The organization must implement an acceptable use policy allowing device locking.
Correct Answer: A
QUESTION 15
Which three statements are characteristics of DHCP Spoofing? (choose three)
A. Arp Poisoning
B. Modify Traffic in transit
C. Used to perform man-in-the-middle attack
D. Physically modify the network gateway
E. Protect the identity of the attacker by masking the DHCP address
F. can access most network devices
Correct Answer: ABC
QUESTION 16
Which statement correctly describes the function of a private VLAN?
A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains
B. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains
C. A private VLAN enables the creation of multiple VLANs using one broadcast domain
D. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain
Correct Answer: A
QUESTION 17
which feature allow from dynamic NAT pool to choose next IP address and not a port on a used IP address?
A. next IP
B. round robin
C. Dynamic rotation
D. Dynamic PAT rotation
Correct Answer: B
QUESTION 18
Which type of encryption technology has the broadcast platform support?
A. Middleware
B. Hardware
C. Software
D. File-level
Correct Answer: C
QUESTION 19
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A. Deny the connection inline.
B. Perform a Layer 6 reset.
C. Deploy an antimalware system.
D. Enable bypass mode.
Correct Answer: A
QUESTION 20
Which four tasks are required when you configure Cisco IOS IPS using the Cisco Configuration Professional IPS wizard? (Choose four.)
A. Select the interface(s) to apply the IPS rule.
B. Select the traffic flow direction that should be applied by the IPS rule.
C. Add or remove IPS alerts actions based on the risk rating.
D. Specify the signature file and the Cisco public key.
E. Select the IPS bypass mode (fail-open or fail-close).
F. Specify the configuration location and select the category of signatures to be applied to the selected interface(s).
Correct Answer: ABDF
QUESTION 21
Which ports need to be active for AAA server and a Microsoft server to permit Active Directory authentication?
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
Correct Answer: A
QUESTION 22
DRAG DROP
Drag the hash or algorithm from the left column to its appropriate category on the right.
Select and Place:
Correct Answer:
QUESTION 23
If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use?
A. root guard
B. EtherChannel guard
C. loop guard
D. BPDU guard
Correct Answer: A
QUESTION 24
Which two are valid types of VLANs using PVLANs? 210-260 dumps (Choose two.)
A. Backup VLAN
B. Secondary VLAN
C. Promiscuous VLAN
D. Community VLAN
E. Isolated VLAN
Correct Answer: DE
QUESTION 25
Which two are the default settings for port security? (Choose two.)
A. Violation is Protect
B. Maximum number of MAC addresses is 1
C. Violation is Restrict
D. Violation is Shutdown
E. Maximum number of MAC addresses is 2
Correct Answer: BD
QUESTION 26
Refer to the exhibit.
Which area represents the data center?
A. A
B. B
C. C
D. D
Correct Answer: A
QUESTION 27
Refer to the exhibit.
A network security administrator checks the ASA firewall NAT policy table with the show nat command.
Which statement is false?
A. First policy in the Section 1 is dynamic nat entry defined in the object configuration.
B. There are only reverse translation matches for the REAL_SERVER object.
C. NAT policy in Section 2 is a static entry defined in the object configuration.
D. Translation in Section 3 is used when a connection does not match any entries in first two sections.
Correct Answer: D
QUESTION 28
Which two are characteristics of RADIUS? (Choose two.)
A. Uses TCP ports 1812/1813
B. Uses UDP port 49
C. Encrypts only the password between user and server
D. Uses TCP port 49
E. Uses UDP ports 1812/1813
Correct Answer: CE
QUESTION 29
Which two types of firewalls work at layer 4 and above? (Choose two.)
A. Application level firewall
B. Circuit-level gateway
C. Static packet filter
D. Network Address Translation
E. Stateful inspection
Correct Answer: AB
QUESTION 30
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map? (Choose two.)
A. nat
B. peer
C. pfs
D. reverse-route
E. transform-set
Correct Answer: BE
Here Are Some Reviews From Our Customers:
You can click here to have a review about us: https://www.resellerratings.com/store/lead4pass
Latest Cisco CCNA Security 210-260 dumps pdf materials: https://drive.google.com/open?id=0B_7qiYkH83VRcnI0SE83bHBvQ1k
Latest Cisco CCNA Security 210-060 dumps pdf materials: https://drive.google.com/open?id=0B_7qiYkH83VRSHJTTV9NMjQ0dmc
Newest Cisco CCNA Security 210-260 dumps exam practice files and study guides in PDF format free download from lead4pass. High quality Cisco CCNA Security https://www.leads4pass.com/210-260.html dumps pdf training resources which are the best for clearing 210-260 exam test, and to get certified by Cisco CCNA Security. 100% passing guarantee and full refund in case of failure.
Why Select Lead 4 pass?
Lead4pass is the best provider of IT learning materials and the right choice for you to prepare for Cisco 210-260 exam. Other brands started earlier, but the price is relatively expensive and the questions are not the newest. Lead4pass provide the latest real questions and answers with lowest prices, help you pass Cisco 210-260 exam easily at first try.