210-260 | Cisco 210-260 Resource 2021

Your success in Cisco 210-260 is our sole target and we develop all our 210-260 braindumps in a way that facilitates the attainment of this target. Not only is our 210-260 study material the best you can find, it is also the most detailed and the most updated. 210-260 Practice Exams for Cisco 210-260 are written to the highest standards of technical accuracy.

Free 210-260 Demo Online For Cisco Certifitcation:


Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)

  • A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
  • B. authenticating administrator access to the router console port, auxiliary port, and vty ports
  • C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
  • D. tracking Cisco NetFlow accounting statistics
  • E. securing the router by locking down all unused services
  • F. performing router commands authorization using TACACS+

Answer: ABF

http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.html Need for AAA Services
Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating back to asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server.
Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes.
AAA information is typically stored in an external database or remote server such as RADIUS or TACACS+. The information can also be stored locally on the access server or router. Remote security servers, such as
RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which
define the access rights with the appropriate user. All authorization methods must be defined through AAA.


Which three ESP fields can be encrypted during transmission? (Choose three.)

  • A. Security Parameter Index
  • B. Sequence Number
  • C. MAC Address
  • D. Padding
  • E. Pad Length
  • F. Next Header

Answer: DEF


Which two parameters can you view in the Cisco ASDM Protocol Statistics window? (Choose two )

  • A. the number of active tunnels
  • B. the number of rejected connection attempts
  • C. the number of tunnels that have been established since the Cisco ASA was rebooted
  • D. the number of closed tunnels
  • E. the user attempting the connection

Answer: AE


Refer to the exhibit.
210-260 dumps exhibit
Which area represents the data center?

  • A. A
  • B. B
  • C. C
  • D. D

Answer: A


Diffie-Hellman key exchange question

  • A. IKE
  • B. IPSEC
  • C. SPAN
  • D. STP

Answer: A


Which NAT option is executed first during in case of multiple nat translations?

  • A. dynamic nat with shortest prefix
  • B. dynamic nat with longest prefix
  • C. static nat with shortest prefix
  • D. static nat with longest prefix

Answer: D


Which two actions can a zone based firewall take when looking at traffic? (Choose two)

  • A. Filter
  • B. Forward
  • C. Drop
  • D. Broadcast
  • E. Inspect

Answer: CE


How can you mitigate attacks in which the attacker attaches more than one VLAN tag to a packet?

  • A. Disable EtherChannel on the switch.
  • B. Assign an access VLAN to every active port on the switch.
  • C. Enable transparent VTP on the switch.
  • D. Explicitly identify each VLAN allowed across the trunk.

Answer: B


How can you allow bidirational traffic?

  • A. static NAT
  • B. dynamic NAT
  • C. dynamic PAT
  • D. multi-NAT

Answer: A

Bidirectional initiation--Static NAT allows connections to be initiated bidirectionally, meaning both to the host and from the host.
Source: http://www.cisco.com/c/en/us/td/docs/securi


How does PEAP protect the EAP exchange?

  • A. It encrypts the exchange using the server certificate.
  • B. It encrypts the exchange using the client certificate.
  • C. It validates the server-supplied certificate, and then encrypts the exchange using the client certificate.
  • D. It validates the client-supplied certificate, and then encrypts the exchange using the server certificate.

Answer: A

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key.
Source: https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol


What is the FirePOWER impact flag used for?

  • A. A value that indicates the potential severity of an attack.
  • B. A value that the administrator assigns to each signature.
  • C. A value that sets the priority of a signature.
  • D. A value that measures the application awareness.

Answer: A

Impact Flag: Choose the impact level assigned to the intrusion event .
Because no operating system information is available for hosts added to the network map from NetFlow data, the system cannot assign Vulnerable (impact level 1: red) impact levels for intrusion events involving those hosts. In such cases, use the host input feature to manually set the operating system identity for the hosts.
http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/ Correlation_Policies.html
The impact level in this field indicates the correlation between intrusion data, network discovery data, and vulnerability information.
Impact Flag See Impact. Source:
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower- module-user-guide-v541/ViewingEvents.html


What is a possible reason for the error message?Router(config)#aaa server?% Unrecognized command

  • A. The command syntax requires a space after the word “server”
  • B. The command is invalid on the target device
  • C. The router is already running the latest operating system
  • D. The router is a new device on which the aaa new-model command must be applied before continuing

Answer: D

Before you can use any of the services AAA network security services provide, you must enable AAA. Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfaaa.html


A proxy firewall protects against which type of attack?

  • A. cross-site scripting attack
  • B. worm traffic
  • C. port scanning
  • D. DDoS attacks

Answer: A

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.
Source: https://en.wikipedia.org/wiki/Cross-site_scripting
A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. A proxy firewall may also be called an application firewall or gateway firewall. Proxy firewalls are considered to be the most secure type of firewall because they prevent direct network contact with other systems.


How to verify that TACACS+ connectivity to a device?

  • A. You successfully log in to the device by using the local credentials.
  • B. You connect to the device using SSH and receive the login prompt.
  • C. You successfully log in to the device by using ACS credentials.
  • D. You connect via console port and receive the login prompt.

Answer: B


Drag the hash or algorithm from the left column to its appropriate category on the right.
210-260 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A



Which two services define cloud networks? (Choose two.)

  • A. Infrastructure as a Service
  • B. Platform as a Service
  • C. Security as a Service
  • D. Compute as a Service
  • E. Tenancy as a Service

Answer: AB

The NIST's definition of cloud computing defines the service models as follows:[2] + Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
+ Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
+ Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
Source: https://en.wikipedia.org/wiki/Cloud_computing#Service_models


In which form of fraud does an attacker try to team information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels?

  • A. Hacking
  • B. Phishing
  • C. Identity Spoofing
  • D. Smarting

Answer: B


Which command do you enter to verify that a VPN connection is established between two endpoints and that the connection is passing traffic?

  • A. Firewall#sh crypto ipsec sa
  • B. Firewall#sh crypto isakmp sa
  • C. Firewall#debug crypto isakmp
  • D. Firewall#sh crypto session

Answer: A


A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads.
Which problem is a possible Explanation: of this situation?

  • A. insufficient network resources
  • B. failure of full packet capture solution
  • C. misconfiguration of web filter
  • D. TCP injection

Answer: D


Which two types of VLANs using PVLANs are valid? (Choose two.)

  • A. secondary
  • B. community
  • C. isolated
  • D. promiscuous
  • E. backup

Answer: CD

210-260 dumps exhibit Promiscuous (P) :- Usually connects to a router – a type of a port which is allowed to send and receive frames from any other port on the VLAN.
210-260 dumps exhibit Isolated (I) : This type of port is only allowed to communicate with P ports – they are “stub”. This typ of ports usually connects to hosts.


Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?

  • A. next IP
  • B. round robin
  • C. dynamic rotation
  • D. NAT address rotation

Answer: B


Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?

  • A. SDEE
  • B. Syslog
  • C. SNMP
  • D. CSM

Answer: A

IPS produces various types of events including intrusion alerts and status events. IPS communicates events to clients such as management applications using the proprietary RDEP2. We have also developed an IPS- industry leading protocol, SDEE, which is a product-independent standard for communicating security device events. SDEE is an enhancement to the current version of RDEP2 that adds extensibility features that are needed for communicating events generated by various types of security devices.
http://www.cisco.com/c/en/us/td/docs/security/ips/6-1/configuration/guide/ime/imeguide/ ime_system_architecture.html


What type of algorithm uses the same key to encrypt and decrypt data?

  • A. a symmetric algorithm
  • B. an asymmetric algorithm
  • C. a Public Key Infrastructure algorithm
  • D. an IP security algorithm

Answer: A

A symmetric encryption algorithm, also known as a symmetrical cipher, uses the same key to encrypt the data and decrypt the data.
Source: Cisco Official Certification Guide, p.93


Which statement about command authorization and security contexts is true?

  • A. If command authorization is configured, it must be enabled on all contexts
  • B. The changeto command invokes a new context session with the credentials of the currently logged-in user
  • C. AAA settings are applied on a per-context basis
  • D. The enable_15 user and admins with changeto permissions have different command authorization levels per context

Answer: B

The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
To move from one context on the ACE to another context, use the changeto command Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/ reference/ACE_cr/execmds.html
* AAA settings are discrete per context, not shared between contexts.
When configuring command authorization, you must configure each context separately.
* New context sessions started with the changeto command always use the default value “enable_15” username as the administrator identity, regardless of what username was used in the previous context session.
to read more, here’s the link https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/access_manag


Which command enable ospf authentication on an interface?

  • A. ip ospf authentication message-digest
  • B. network area 0
  • C. area 20 authentication message-digest
  • D. ip ospf message-digest-key 1 md5 CCNA

Answer: A



What is the transition order of STP states on a Layer 2 switch interface?

  • A. listening, learning, blocking, forwarding, disabled
  • B. listening, blocking, learning, forwarding, disabled
  • C. blocking, listening, learning, forwarding, disabled
  • D. forwarding, listening, learning, blocking, disabled

Answer: C

STP switch port states:
+ Blocking - A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state.
Prevents the use of looped paths.
+ Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames.
+ Learning - While the port does not yet forward frames it does learn source addresses from frames received
and adds them to the filtering database (switching database). It populates the MAC address table, but does not forward frames.
+ Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
+ Disabled - Not strictly part of STP, a network administrator can manually disable a port Source: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol


P.S. Easily pass 210-260 Exam with 481 Q&As prep-labs.com Dumps & pdf Version, Welcome to Download the Newest prep-labs.com 210-260 Dumps: https://www.prep-labs.com/dumps/210-260/ (481 New Questions)