Free & Valid CCNA Security 210-260 Exam Questions and Answers PDF

Buy Cisco CCNA Security 210-260 Exam Test Dumps 2019 (PDF or VCE)

Pass your Cisco CCNA Security 210-260 Exam in First Attempt with the Best Products 2019! What is the best way to stand out in the IT network job market? That is to pass the 210-260 exam or obtain CCNA safety certification. Get latest & updated 274 ccna security 210-260 dumps exam Questions, Accurate & Verified Answers for free in this Premium Bundle! Cisco.geekscerts.210-260.v2017-09-25.by.Marley.130q.vce

QUESTION 1

How can you detect a false negative on an IPS?
A. View the alert on the IPS.
B. Review the IPS log.
C. Review the IPS console.
D. Use a third-party system to perform penetration testing.
E. Use a third-party to audit the next-generation firewall rules.
Correct Answer: D

QUESTION 2

How can FirePOWER block malicious email attachments?
A. It forwards email requests to an external signature engine.
B. It scans inbound email messages for known bad URLs.
C. It sends the traffic through a file policy.
D. It sends an alert to the administrator to verify suspicious email messages.
Correct Answer: C

QUESTION 3

Which tool can an attacker use to attempt a DDoS attack?
A. botnet
B. Trojan horse
C. virus
D. adware
Correct Answer: A

QUESTION 4

Which two statements about stateless firewalls are true? (Choose two.)
A. They compare the 5-tuple of each incoming packet against configurable rules.
B. They cannot track connections.
C. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.
D. Cisco IOS cannot implement them because the platform is stateful by nature.
E. The Cisco ASA is implicitly stateless because it blocks all traffic by default.
Correct Answer: AB

QUESTION 5

Which three ESP fields can be encrypted during transmission? (Choose three.)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header
Correct Answer: DEF

QUESTION 6
In the router ospf 200 command, what does the value 200 stand for?
A. process ID
B. area ID
C. administrative distance value
D. ABR ID Correct Answer: A
QUESTION 7
Refer to the exhibit.

Which statement about the given configuration is true?
A. The single-connection command causes the device to establish one connection for all TACACS transactions.
B. The single-connection command causes the device to process one TACACS request and then move to the next server.
C. The timeout command causes the device to move to the next server after 20 seconds of TACACS inactivity.
D. The router communicates with the NAS on the default port, TCP 1645. Correct Answer: A

QUESTION 8
What is example of social engineering
A. Gaining access to a building through an unlocked door.
B. something about inserting a random flash drive.
C. gaining access to server room by posing as IT
D. Watching other user put in username and password (something around there) Correct Answer: C

QUESTION 9
In which three ways does the TACACS protocol differ from RADIUS? (Choose three.)
A. TACACS uses TCP to communicate with the NAS.
B. TACACS can encrypt the entire packet that is sent to the NAS.
C. TACACS supports per-command authorization.
D. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.
E. TACACS uses UDP to communicate with the NAS.
F. TACACS encrypts only the password field in an authentication packet. Correct Answer: ABC

QUESTION 10
What can the SMTP preprocessor in FirePOWER normalize?
A. It can extract and decode email attachments in client to server traffic.
B. It can look up the email sender.
C. It compares known threats to the email sender.
D. It can forward the SMTP traffic to an email filter server.
E. It uses the Traffic Anomaly Detector.
Correct Answer: A

QUESTION 11
Which option is the most effective placement of an IPS device within the infrastructure?
A. Inline, behind the internet router and firewall
B. Inline, before the internet router and firewall
C. Promiscuously, after the Internet router and before the firewall
D. Promiscuously, before the Internet router and the firewall Correct Answer: A

QUESTION 12
Which two authentication types does OSPF support? (Choose two.)
A. plaintext B. MD5
C. HMAC D. AES 256 E. SHA-1
F. DES Correct Answer: AB

QUESTION 13
Which of the following pairs of statements is true in terms of configuring MD authentication?
A. Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPF
B. Router process (OSPF, EIGRP) must be configured; key chain in EIGRP
C. Router process (only for OSPF) must be configured; key chain in EIGRP
D. Router process (only for OSPF) must be configured; key chain in OSPF Correct Answer: C

QUESTION 14
What feature defines a campus area network?
A. It has a single geographic location.
B. It has limited or restricted Internet access. C. It has a limited number of segments.
D. it lacks external connectivity. Correct Answer: A

QUESTION 15
which term best describes the concept of preventing the modification of data in transit and in storage?
A. Confidentiality
B. Integrity
C. Availability
D. fidelity Correct Answer: B

QUESTION 16
In what type of attack does an attacker virtually change a device\’s burned-in address in an attempt to circumvent access lists and mask the device\’s true identity?
A. gratuitous ARP
B. ARP poisoning
C. IP spoofing
D. MAC spoofing Correct Answer: D
QUESTION 17
Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?
A. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5.
B. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1.
C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5.
D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets. Correct Answer: A

QUESTION 18
Which statement correctly describes the function of a private VLAN?
A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains
B. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains
C. A private VLAN enables the creation of multiple VLANs using one broadcast domain
D. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain Correct Answer: A

QUESTION 19
What are two ways to prevent eavesdropping when you perform device-management tasks? (Choose two.)
A. Use an SSH connection. B. Use SNMPv3.
C. Use out-of-band management. D. Use SNMPv2.
E. Use in-band management. Correct Answer: AB
QUESTION 20
Refer to the exhibit.

What are two effects of the given command? (Choose two.)
A. It configures authentication to use AES 256.
B. It configures authentication to use MD5 HMAC.
C. It configures authorization use AES 256.
D. It configures encryption to use MD5 HMAC.
E. It configures encryption to use AES 256.
Correct Answer: BE

QUESTION 21
SYN flood attack is a form of ?
A. Denial of Service attack
B. Man in the middle attack
C. Spoofing attack Correct Answer: A

QUESTION 22
You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?
A. Enable URL filtering and use URL categorization to block the websites that violate company policy.
B. Enable URL filtering and create a blacklist to block the websites that violate company policy.
C. Enable URL filtering and create a whitelist to block the websites that violate company policy.
D. Enable URL filtering and use URL categorization to allow only the websites that company policy allows users to access.
E. Enable URL filtering and create a whitelist to allow only the websites that company policy allows users to access. Correct Answer: A

QUESTION 23
Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?
A. You must configure two zone pairs, one for each direction.
B. You can configure a single zone pair that allows bidirectional traffic flows for any zone.
C. You can configure a single zone pair that allows bidirectional traffic flows for any zone except the self zone.
D. You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.
Correct Answer: A

QUESTION 24
Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)
A. Smart tunnels can be used by clients that do not have administrator privileges
B. Smart tunnels support all operating systems
C. Smart tunnels offer better performance than port forwarding
D. Smart tunnels require the client to have the application installed locally Correct Answer: AC

QUESTION 25
A proxy firewall protects against which type of attack?
A. cross-site scripting attack
B. worm traffic
C. port scanning
D. DDoS attacks Correct Answer: A

QUESTION 26
Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?
A. Allow with inspection
B. Allow without inspection
C. Block
D. Trust
E. Monitor Correct Answer: A

QUESTION 27
Which statement about zone-based firewall configuration is true?
A. Traffic is implicitly denied by default between interfaces the same zone
B. Traffic that is desired to or sourced from the self-zone is denied by default
C. The zone must be configured before a can be assigned
D. You can assign an interface to more than one interface Correct Answer: C

QUESTION 28
What VPN feature allows traffic to exit the security appliance through the same interface it entered?
A. hairpinning
B. NAT C. NAT traversal
D. split tunneling Correct Answer: A

QUESTION 29
You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not
able to access a certain IP address. What action can you take to allow the user access to the IP address?
A. Create a whitelist and add the appropriate IP address to allow the traffic.
B. Create a custom blacklist to allow the traffic.
C. Create a user based access control rule to allow the traffic.
D. Create a network based access control rule to allow the traffic.
E. Create a rule to bypass inspection to allow the traffic. Correct Answer: A

QUESTION 30
Refer to the exhibit.

What type of firewall would use the given configuration line?
A. a stateful firewall
B. a personal firewall
C. a proxy firewall
D. an application firewall
E. a stateless firewall Correct Answer: A

Tagged: Tags

Leave a Reply

Your email address will not be published. Required fields are marked *