210-260 | Cisco 210-260 Resource 2021
Your success in Cisco 210-260 is our sole target and we develop all our 210-260 braindumps in a way that facilitates the attainment of this target. Not only is our 210-260 study material the best you can find, it is also the most detailed and the most updated. 210-260 Practice Exams for Cisco 210-260 are written to the highest standards of technical accuracy.
Free 210-260 Demo Online For Cisco Certifitcation:
NEW QUESTION 1
Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)
- A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
- B. authenticating administrator access to the router console port, auxiliary port, and vty ports
- C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
- D. tracking Cisco NetFlow accounting statistics
- E. securing the router by locking down all unused services
- F. performing router commands authorization using TACACS+
http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.html Need for AAA Services
Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating back to asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server.
Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes.
AAA information is typically stored in an external database or remote server such as RADIUS or TACACS+. The information can also be stored locally on the access server or router. Remote security servers, such as
RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which
define the access rights with the appropriate user. All authorization methods must be defined through AAA.
NEW QUESTION 2
Which three ESP fields can be encrypted during transmission? (Choose three.)
- A. Security Parameter Index
- B. Sequence Number
- C. MAC Address
- D. Padding
- E. Pad Length
- F. Next Header
NEW QUESTION 3
Which two parameters can you view in the Cisco ASDM Protocol Statistics window? (Choose two )
- A. the number of active tunnels
- B. the number of rejected connection attempts
- C. the number of tunnels that have been established since the Cisco ASA was rebooted
- D. the number of closed tunnels
- E. the user attempting the connection
NEW QUESTION 4
Refer to the exhibit.
Which area represents the data center?
- A. A
- B. B
- C. C
- D. D
NEW QUESTION 5
Diffie-Hellman key exchange question
- A. IKE
- B. IPSEC
- C. SPAN
- D. STP
NEW QUESTION 6
Which NAT option is executed first during in case of multiple nat translations?
- A. dynamic nat with shortest prefix
- B. dynamic nat with longest prefix
- C. static nat with shortest prefix
- D. static nat with longest prefix
NEW QUESTION 7
Which two actions can a zone based firewall take when looking at traffic? (Choose two)
- A. Filter
- B. Forward
- C. Drop
- D. Broadcast
- E. Inspect
NEW QUESTION 8
How can you mitigate attacks in which the attacker attaches more than one VLAN tag to a packet?
- A. Disable EtherChannel on the switch.
- B. Assign an access VLAN to every active port on the switch.
- C. Enable transparent VTP on the switch.
- D. Explicitly identify each VLAN allowed across the trunk.
NEW QUESTION 9
How can you allow bidirational traffic?
- A. static NAT
- B. dynamic NAT
- C. dynamic PAT
- D. multi-NAT
Bidirectional initiation--Static NAT allows connections to be initiated bidirectionally, meaning both to the host and from the host.
NEW QUESTION 10
How does PEAP protect the EAP exchange?
- A. It encrypts the exchange using the server certificate.
- B. It encrypts the exchange using the client certificate.
- C. It validates the server-supplied certificate, and then encrypts the exchange using the client certificate.
- D. It validates the client-supplied certificate, and then encrypts the exchange using the server certificate.
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key.
NEW QUESTION 11
What is the FirePOWER impact flag used for?
- A. A value that indicates the potential severity of an attack.
- B. A value that the administrator assigns to each signature.
- C. A value that sets the priority of a signature.
- D. A value that measures the application awareness.
Impact Flag: Choose the impact level assigned to the intrusion event .
Because no operating system information is available for hosts added to the network map from NetFlow data, the system cannot assign Vulnerable (impact level 1: red) impact levels for intrusion events involving those hosts. In such cases, use the host input feature to manually set the operating system identity for the hosts.
The impact level in this field indicates the correlation between intrusion data, network discovery data, and vulnerability information.
Impact Flag See Impact. Source:
NEW QUESTION 12
What is a possible reason for the error message?Router(config)#aaa server?% Unrecognized command
- A. The command syntax requires a space after the word “server”
- B. The command is invalid on the target device
- C. The router is already running the latest operating system
- D. The router is a new device on which the aaa new-model command must be applied before continuing
Before you can use any of the services AAA network security services provide, you must enable AAA. Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfaaa.html
NEW QUESTION 13
A proxy firewall protects against which type of attack?
- A. cross-site scripting attack
- B. worm traffic
- C. port scanning
- D. DDoS attacks
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.
A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. A proxy firewall may also be called an application firewall or gateway firewall. Proxy firewalls are considered to be the most secure type of firewall because they prevent direct network contact with other systems.
NEW QUESTION 14
How to verify that TACACS+ connectivity to a device?
- A. You successfully log in to the device by using the local credentials.
- B. You connect to the device using SSH and receive the login prompt.
- C. You successfully log in to the device by using ACS credentials.
- D. You connect via console port and receive the login prompt.
NEW QUESTION 15
Drag the hash or algorithm from the left column to its appropriate category on the right.
- A. Mastered
- B. Not Mastered
NEW QUESTION 16
Which two services define cloud networks? (Choose two.)
- A. Infrastructure as a Service
- B. Platform as a Service
- C. Security as a Service
- D. Compute as a Service
- E. Tenancy as a Service
The NIST's definition of cloud computing defines the service models as follows: + Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
+ Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
+ Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
NEW QUESTION 17
In which form of fraud does an attacker try to team information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels?
- A. Hacking
- B. Phishing
- C. Identity Spoofing
- D. Smarting
NEW QUESTION 18
Which command do you enter to verify that a VPN connection is established between two endpoints and that the connection is passing traffic?
- A. Firewall#sh crypto ipsec sa
- B. Firewall#sh crypto isakmp sa
- C. Firewall#debug crypto isakmp
- D. Firewall#sh crypto session
NEW QUESTION 19
A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads.
Which problem is a possible Explanation: of this situation?
- A. insufficient network resources
- B. failure of full packet capture solution
- C. misconfiguration of web filter
- D. TCP injection
NEW QUESTION 20
Which two types of VLANs using PVLANs are valid? (Choose two.)
- A. secondary
- B. community
- C. isolated
- D. promiscuous
- E. backup
Promiscuous (P) :- Usually connects to a router – a type of a port which is allowed to send and receive frames from any other port on the VLAN.
Isolated (I) : This type of port is only allowed to communicate with P ports – they are “stub”. This typ of ports usually connects to hosts.
NEW QUESTION 21
Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?
- A. next IP
- B. round robin
- C. dynamic rotation
- D. NAT address rotation
NEW QUESTION 22
Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?
- A. SDEE
- B. Syslog
- C. SNMP
- D. CSM
IPS produces various types of events including intrusion alerts and status events. IPS communicates events to clients such as management applications using the proprietary RDEP2. We have also developed an IPS- industry leading protocol, SDEE, which is a product-independent standard for communicating security device events. SDEE is an enhancement to the current version of RDEP2 that adds extensibility features that are needed for communicating events generated by various types of security devices.
NEW QUESTION 23
What type of algorithm uses the same key to encrypt and decrypt data?
- A. a symmetric algorithm
- B. an asymmetric algorithm
- C. a Public Key Infrastructure algorithm
- D. an IP security algorithm
A symmetric encryption algorithm, also known as a symmetrical cipher, uses the same key to encrypt the data and decrypt the data.
Source: Cisco Official Certification Guide, p.93
NEW QUESTION 24
Which statement about command authorization and security contexts is true?
- A. If command authorization is configured, it must be enabled on all contexts
- B. The changeto command invokes a new context session with the credentials of the currently logged-in user
- C. AAA settings are applied on a per-context basis
- D. The enable_15 user and admins with changeto permissions have different command authorization levels per context
The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
To move from one context on the ACE to another context, use the changeto command Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
* AAA settings are discrete per context, not shared between contexts.
When configuring command authorization, you must configure each context separately.
* New context sessions started with the changeto command always use the default value “enable_15” username as the administrator identity, regardless of what username was used in the previous context session.
to read more, here’s the link https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/access_manag
NEW QUESTION 25
Which command enable ospf authentication on an interface?
- A. ip ospf authentication message-digest
- B. network 192.168.10.0 0.0.0.255 area 0
- C. area 20 authentication message-digest
- D. ip ospf message-digest-key 1 md5 CCNA
NEW QUESTION 26
What is the transition order of STP states on a Layer 2 switch interface?
- A. listening, learning, blocking, forwarding, disabled
- B. listening, blocking, learning, forwarding, disabled
- C. blocking, listening, learning, forwarding, disabled
- D. forwarding, listening, learning, blocking, disabled
STP switch port states:
+ Blocking - A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state.
Prevents the use of looped paths.
+ Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames.
+ Learning - While the port does not yet forward frames it does learn source addresses from frames received
and adds them to the filtering database (switching database). It populates the MAC address table, but does not forward frames.
+ Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
+ Disabled - Not strictly part of STP, a network administrator can manually disable a port Source: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol
NEW QUESTION 27
P.S. Easily pass 210-260 Exam with 481 Q&As prep-labs.com Dumps & pdf Version, Welcome to Download the Newest prep-labs.com 210-260 Dumps: https://www.prep-labs.com/dumps/210-260/ (481 New Questions)