Want to Pass 210-260 Exam In Next HOURS? Download Now →
November 21, 2018

The only cisco 210 260 dump resources for you


Free Instant Download NEW 210-260 Exam Dumps (PDF & VCE):
Available on: https://www.certshared.com/exam/210-260/


P.S. Certified 210-260 paper are available on Google Drive, GET MORE: https://drive.google.com/open?id=1vkyWuCceSS4_Yw83isWjMHMxw-tsQUcW


New Cisco 210-260 Exam Dumps Collection (Question 8 - Question 17)

Question No: 8

Which two features do CoPP and CPPr use to protect the control plane? (Choose two.)

A. QoS

B. traffic classification

C. access lists

D. policy maps

E. class maps

F. Cisco Express Forwarding

Answer: A,B


Question No: 9

Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.

B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.

D. IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

Answer: A


Question No: 10

Which two authentication types does OSPF support? (Choose two.)

A. plaintext

B. MD5

C. HMAC

D. AES 256

E. SHA-1

F. DES

Answer: A,B


Question No: 11

Which statement about the communication between interfaces on the same security level is true?

A. Interfaces on the same security level require additional configuration to permit inter- interface communication.

B. Configuring interfaces on the same security level can cause asymmetric routing.

C. All traffic is allowed by default between interfaces on the same security level.

D. You can configure only one interface on an individual security level.

Answer: A


Question No: 12

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

A. Deny the connection inline.

B. Perform a Layer 6 reset.

C. Deploy an antimalware system.

D. Enable bypass mode.

Answer: A


Question No: 13

Which type of firewall can serve as the intermediary between a client and a server?

A. Application firewall

B. stateless firewall

C. Personal firewall

D. Proxy firewall

Answer: D

Explanation: http://searchsecurity.techtarget.com/definition/proxy-firewall


Question No: 14

When AAA login authentication is configured on Cisco routers, which two authentication methods should be used as the final method to ensure that the administrator can still log in to the router in case the external AAA server fails? (Choose two.)

A. group RADIUS

B. group TACACS+

C. local

D. krb5

E. enable

F. if-authenticated

Answer: C,E

Explanation:

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.htmlTACACS+ Authentication Examples

The following example shows how to configure TACACS+ as the security protocol for PPP authentication:

aaa new-model

aaa authentication ppp test group tacacs+ local tacacs-server host 10.1.2.3

tacacs-server key goaway interface serial 0

ppp authentication chap pap test

The lines in the preceding sample configuration are defined as follows:

u2022The aaa new-model command enables the AAA security services.

u2022The aaa authentication command defines a method list, "test," to be used on serial interfaces running PPP.

The keyword group tacacs+ means that authentication will be done through TACACS+. If TACACS+ returns an ERROR of some sort during authentication, the keyword local indicates that authentication will be attempted using the local database on the network access server. http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml Authentication Start to configure TAC+ on the router.

Enter enable mode and type configure terminal before the command set. This command syntax ensures that you are not locked out of the router initially, providing the tac_plus_executable is not running:

!--- Turn on TAC+. aaa new-model

enable password whatever

!--- These are lists of authentication methods.

!--- "linmethod", "vtymethod", "conmethod", and

!--- so on are names of lists, and the methods

!--- listed on the same lines are the methods

!--- in the order to be tried. As used here, if

!--- authentication fails due to the

!--- tac_plus_executable not being started, the

!--- enable password is accepted because

!--- it is in each list.

!

aaa authentication login linmethod tacacs+ enable aaa authentication login vtymethod tacacs+ enable aaa authentication login conmethod tacacs+ enable


Question No: 15

You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address?

A. Create a whitelist and add the appropriate IP address to allow the traffic.

B. Create a custom blacklist to allow the traffic.

C. Create a user based access control rule to allow the traffic.

D. Create a network based access control rule to allow the traffic.

E. Create a rule to bypass inspection to allow the traffic.

Answer: A


Question No: 16

A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0.

By default, without any access list configured, which five types of traffic are permitted? (Choose five.)

A. outbound traffic initiated from the inside to the DMZ

B. outbound traffic initiated from the DMZ to the outside

C. outbound traffic initiated from the inside to the outside

D. inbound traffic initiated from the outside to the DMZ

E. inbound traffic initiated from the outside to the inside

F. inbound traffic initiated from the DMZ to the inside

G. HTTP return traffic originating from the inside network and returning via the outside interface

H. HTTP return traffic originating from the inside network and returning via the DMZ interface

I. HTTP return traffic originating from the DMZ network and returning via the inside interface

J. HTTP return traffic originating from the outside network and returning via the inside interface

Answer: A,B,C,G,H

Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/intparam.html Security Level

Overview

Each interface must have a security level from 0 (lowest) to 100 (highest). For example, you should assign your most secure network, such as the inside host network, to level 100. While the outside network connected to the Internet can be level 0. Other networks, such as DMZs can be in between. You can assign interfaces to the same security level. See the "Allowing Communication Between Interfaces on the Same Security Level" section for more information.

The level controls the following behavior:

u2022Network access u2014 By default, there is an implicit permit from a higher security interface to a lower security interface (outbound). Hosts on the higher security interface can access any host on a lower security interface. You can limit access by applying an access list to the interface. If you enable communication for same security interfaces (see the "Allowing Communication Between Interfaces on the Same Security Level" section), there is an implicit permit for interfaces to access other interfaces on the same security level or lower.

u2022Inspection engines u2014 Some inspection engines are dependent on the security level. For same security interfaces, inspection engines apply to traffic in either direction.

u2013NetBIOS inspection engineu2014Applied only for outbound connections.

u2013OraServ inspection engine u2014 If a control connection for the OraServ port exists between a pair of hosts, then only an inbound data connection is permitted through the security appliance.

u2022Filteringu2014HTTP(S) and FTP filtering applies only for outbound connections (from a higher level to a lower level).

For same security interfaces, you can filter traffic in either direction.

u2022NAT control u2014 When you enable NAT control, you must configure NAT for hosts on a higher security interface (inside) when they access hosts on a lower security interface (outside).

Without NAT control, or for same security interfaces, you can choose to use NAT between

any interface, or you can choose not to use NAT. Keep in mind that configuring NAT for an outside interface might require a special keyword.

u2022established command u2014 This command allows return connections from a lower security host to a higher security host if there is already an established connection from the higher level host to the lower level host.

For same security interfaces, you can configure established commands for both directions.


Question No: 17

Which wildcard mask is associated with a subnet mask of /27?

A. 0.0.0.31

B. 0.0.027

C. 0.0.0.224

D. 0.0.0.255

Answer: A


Recommend!! Get the Certified 210-260 dumps in VCE and PDF From Examcollectionplus, Welcome to download: https://www.examcollectionplus.net/vce-210-260/ (New 310 Q&As Version)