Cisco CCNA Security 210-260 Exam Preparation

December 19, 2019 admin Cisco Exams Answers

The 210-260 exam demands a strong preparation to get the CCNA Security certification. DumpsSchool CCNA Security exam questions meet all your needs and provide you useful knowledge about Implementing Cisco network security to pass the 210-260 exam in the first take.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

If a personal Firewall specifically blocks NTP, which type of blocking is the firewall performing?

A. service
B. file
C. application
D. network

Answer: C

Question No. 2

Where does ip dhcp snooping trust command use?

A. Where the dhcp server is connected
B. At the aggregation point
C. At access layer

Answer: A

Question No. 3

Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own?

A. white hat hacker
B. hacktivist
C. phreaker
D. script kiddy

Answer: D

Question No. 4

Which two descriptions of TACACS+ are true? (Choose two.)

A. It uses TCP as its transport protocol.
B. It combines authentication and authorization.
C. Only the password is encrypted.
D. The TACACS+ header is unencrypted
E. It uses UDP as its transport protocol.

Answer: A, D

Question No. 5

How many crypto map sets can you apply to a router interface?

A. 3
B. 2
C. 4
D. 1

Answer: D

You must assign a crypto map set to an interface before that interface can provide IPSec services. Only one crypto map set can be assigned to an interface. If multiple crypto map entries have the same map-name but a different seq-num, they are considered to be part of the same set and will all be applied to the interface.

Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command

Question No. 6

Which two features are commonly used by CoPP and CPPr to protect the control plane?

A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding

Answer: A, B

For example, you can specify that management traffic, such as SSH/HTTPS/SSL and so on, can be ratelimited (policed) down to a specific level or dropped completely.

Another way to think of this is as applying quality of service (QoS) to the valid management traffic and policing to the bogus management traffic.

Source: Cisco Official Certification Guide, Table 10-3 Three Ways to Secure the Control Plane, p.269

Question No. 7

Refer to the exhibit.

A network security administrator checks the ASA firewall NAT policy table with the show nat command. Which statement is false?

A. There are only reverse transalation matches for the REAL_SERVER object.
B. First policy in the Section 1 is as dynamic nat entry defined in the object configuration.
C. NAT policy in Section 2 is a static entry defined in the obkect configuration
D. Transalation in Section 3 used when a connection does not match any entries in first two sections.

Answer: A

Question No. 8

When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?

A. STP elects the root bridge
B. STP selects the root port
C. STP selects the designated port
D. STP blocks one of the ports

Answer: A

First when the switches are powered on all the ports are in Blocking state (20 sec), during this time the + Root Bridge is elected by exchanging BPDUs

+ The other switches will elect their Root ports

+ Every network segment will choosee their Designated port

Source: https://learningnetwork.cisco.com/thread/7677

Question No. 9

In which two models can the Cisco Web Security Appliance be deployed? (Choose two.)

A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the HyperText Transfer Protocol
C. explicit active mode
D. as a transparent proxy using the Web Cache Communication Protocol
E. explicit proxy mode

Answer: D, E

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Cisco CCNA Security 210-260 Exam Preparation

December 7, 2019 admin Cisco Exams Answers

Experienced professionals have prepared CCNA Security exam questions of DumpsSchool. These 210-260 exam questions are according to the industry standards and provide rich knowledge of Implementing Cisco network security topics. Like multiple candidates, you can succeed in the 210-260 exam by using DumpsSchool CCNA Security exam questions.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

You have just deployed SNMPv3 in your environment. Your manager asks you make sure that your agents can only talk to the SNMP Manager.

What would you configure on your SNMP agnets to satisfy this request?

A. Routng Filter with the SNMP managers in it applied outbound
B. A SNMP View containing the SNMP managers
C. A standard ACL containing the SNMP managers applied to the SNMMP confguration.
D. A SNMP Group containing the SNMP managers.

Answer: D

Question No. 2

Refer to the exhibit.

What is the effect of the given command?

A. It merges authentication and encryption methods to protect traffic that matches an ACL.
B. It configures the network to use a different transform set between peers.
C. It configures encryption for MD5 HMAC.
D. It configures authentication as AES 256.

Answer: A

A transform set is an acceptable combination of security protocols, algorithms and other settings to apply to IP Security protected traffic. During the IPSec security association negotiation, the peers agree to use a particular transform set when protecting a particular data flow.

Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command

Explanation/Reference/srfipsec.html#wp1017694 To define a transform set — an acceptable combination of security protocols and algorithms — use the crypto ipsec transform-set global configuration command.

ESP Encryption Transform

+ esp-aes 256: ESP with the 256-bit AES encryption algorithm.

ESP Authentication Transform

+ esp-md5-hmac: ESP with the MD5 (HMAC variant) authentication algorithm. (No longer recommended) Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr- c3.html#wp2590984165

Question No. 3

Which two statements about hardware based encryption are true? (Choose two.)

A. It is widely accessible.
B. It is highly cost-effective.
C. It is potentially easier to compromise than software based encryption
D. It requires minimal configuration
E. It can be implemented without impacting performance

Answer: A, B

Question No. 4

Which technology could be used on top of an MPLS VPN to add confidentity.

A. SSL
B. 3DES
C. AES
D. IPsec

Answer: D

Question No. 5

Which type of firewall can serve as the intermediary between a client and a server?

A. Application firewall
B. stateless firewall
C. Personal firewall
D. Proxy firewall

Answer: D

http://searchsecurity.techtarget.com/definition/proxy-firewall

Question No. 6

Which quantifiable item should you consider when your organization adopts new technologies?

A. threats
B. vulnerability
C. risk
D. exploits

Answer: B

Question No. 7

After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output?

A. The secure boot-image command is configured.
B. The secure boot-comfit command is configured.
C. The confreg 0x24 command is configured.
D. The reload command was issued from ROMMON.

Answer: A

autocommand: (Optional) Causes the specified command to be issued automatically after the user logs in.

When the command is complete, the session is terminated. Because the command can be any length and can contain embedded spaces, commands using the autocommand keyword must be the last option on the line.

So after successfully logs in the Admin user sees the running configuration and immediately after is disconnected by the router. So removing the command lets keeps him connected.

Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe- 3se-3850-cr-book_chapter_0110.html

Question No. 8

Refer to the exhibit.