Cisco 210-260 Exam Dumps 2021
We provide ccna security 210 260 official cert guide pdf in two formats. Download PDF & Practice Tests. Pass Cisco 210-260 Exam quickly & easily. The 210-260 PDF type is available for reading and printing. You can print more and practice many times. With the help of our ccna security 210 260 exam dumps product and material, you can easily pass the 210-260 exam.
Also have 210-260 free dumps questions for you:
NEW QUESTION 1
Which statement represents a difference between an access list on an ASA versus an access list on a router?
- A. The ASA does not support extended access lists
- B. The ASA does not support number access lists
- C. The ASA does not ever use a wildcard mask
- D. The ASA does not support standard access lists
NEW QUESTION 2
Which two options are Private-VLAN secondary VLAN types?
- A. Isolated
- B. Secured
- C. Community
- D. Common
- E. Segregated
NEW QUESTION 3
On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?
- A. used for SSH server/client authentication and encryption
- B. used to verify the digital signature of the IPS signature file
- C. used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate the ISR when accessing it using Cisco Configuration Professional
- D. used to enable asymmetric encryption on IPsec and SSL VPNs
- E. used during the DH exchanges on IPsec VPNs
Explanation: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper0900aecd805c4e Step 1: Downloading IOS IPS files
The first step is to download IOS IPS signature package files and public crypto key from Cisco.com. Step 1.1: Download the required signature files from Cisco.com to your PC
• Location: http://tools.cisco.com/support/downloads/go/Model.x?mdfid=281442967
• Files to download:
IOS-Sxxx-CLI.pkg: Signature package - download the latest signature package.
realm-cisco.pub.key.txt: Public Crypto key - this is the crypto key used by IOS IPS
NEW QUESTION 4
Which IPSec mode is used to encrypt traffic directly between a client and a server VPN endpoint?
- A. transport mode
- B. tunnel mode
- C. quick mode
- D. aggressive mode
NEW QUESTION 5
Which type of encryption technology has the broadcast platform support?
- A. Middleware
- B. Hardware
- C. Software
- D. File-level
NEW QUESTION 6
Which two services define cloud networks? (Choose two.)
- A. Infrastructure as a Service
- B. Platform as a Service
- C. Security as a Service
- D. Compute as a Service
- E. Tenancy as a Service
Explanation: The NIST's definition of cloud computing defines the service models as follows: + Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
+ Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
+ Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
NEW QUESTION 7
With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)
- A. traffic flowing between a zone member interface and any interface that is not a zone member
- B. traffic flowing to and from the router interfaces (the self zone)
- C. traffic flowing among the interfaces that are members of the same zone
- D. traffic flowing among the interfaces that are not assigned to any zone
- E. traffic flowing between a zone member interface and another interface that belongs in a different zone
- F. traffic flowing to the zone member interface that is returned traffic
Explanation: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml Rules For Applying Zone-Based Policy Firewall
Router network interfaces’ membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces:
A zone must be configured before interfaces can be assigned to the zone. An interface can be assigned to only one security zone.
All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.
Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone. In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.
Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones.
Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration.
If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.
From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).
The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.
NEW QUESTION 8
What are characteristics of the Radius Protocol? choose Two
- A. Uses TCP port 49
- B. Uses UDP Port 49
- C. Uses TCP 1812/1813
- D. Uses UDP 1812/1813
- E. Comines authentication and authorization
NEW QUESTION 9
Which command enable ospf authentication on an interface?
- A. ip ospf authentication message-digest
- B. network 192.168.10.0 0.0.0.255 area 0
- C. area 20 authentication message-digest
- D. ip ospf message-digest-key 1 md5 CCNA
NEW QUESTION 10
Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?
- A. no switchport nonnegotiate
- B. switchport
- C. no switchport mode dynamic auto
- D. no switchport
Explanation: The no switchport command makes the interface Layer 3 capable.
NEW QUESTION 11
What is true about the Cisco IOS Resilient Configuration feature?
- A. The feature can be disabled through a remote session
- B. There is additional space required to secure the primary Cisco IOS Image file
- C. The feature automatically detects image and configuration version mismatch
- D. Remote storage is used for securing files
Explanation: The following factors were considered in the design of Cisco IOS Resilient Configuration:
+ The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature was first enabled.
+ The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file.
+ The feature automatically detects image or configuration version mismatch .
+ Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images and configurations on TFTP servers.
+ The feature can be disabled only through a console session Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt- book/sec-resil-config.html
NEW QUESTION 12
Refer to the exhibit.
Which area represents the data center?
- A. A
- B. B
- C. C
- D. D
NEW QUESTION 13
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?
- A. ip ospf authentication message-digest
- B. ip ospf priority 1
- C. neighbor 192.168.0.112 cost md5
- D. ip ospf authentication-key
NEW QUESTION 14
Which type of social engineering attack targets top executives?
- A. baiting
- B. vishing
- C. whaling
- D. spear phishing
NEW QUESTION 15
Which option is a weakness in an information system that an attacker might leverage to gain unauthorized access to the system or its data?
- A. hack
- B. mitigation
- C. risk
- D. vulnerability
- E. exploit
Explanation: vulnerability A flaw or weakness in a system’s design or implementation that could be exploited.
NEW QUESTION 16
Which two features of Cisco Web Reputation tracking can mitigate web-based threats? (Choose Two)
- A. outbreak filter
- B. buffer overflow filter
- C. bayesian filter
- D. web reputation filter
- E. exploit filtering
Explanation: Cisco IronPort Outbreak Filters provide a critical first layer of defense against new outbreaks. With this proven preventive solution, protection begins hours before signatures used by traditional antivirus solutions are in place. Real-world results show an average 14-hour lead time over reactive antivirus solutions.
SenderBase, the world's largest email and web traffic monitoring network, provides real-time protection. The Cisco IronPort SenderBase Network captures data from over 120,000 contributing organizations around the world.
P.S. Certleader now are offering 100% pass ensure 210-260 dumps! All 210-260 exam questions have been updated with correct answers: https://www.certleader.com/210-260-dumps.html (416 New Questions)