Cisco 210-260 Exam Dumps 2021

We provide ccna security 210 260 official cert guide pdf in two formats. Download PDF & Practice Tests. Pass Cisco 210-260 Exam quickly & easily. The 210-260 PDF type is available for reading and printing. You can print more and practice many times. With the help of our ccna security 210 260 exam dumps product and material, you can easily pass the 210-260 exam.

Also have 210-260 free dumps questions for you:

Which statement represents a difference between an access list on an ASA versus an access list on a router?

  • A. The ASA does not support extended access lists
  • B. The ASA does not support number access lists
  • C. The ASA does not ever use a wildcard mask
  • D. The ASA does not support standard access lists

Answer: C

Which two options are Private-VLAN secondary VLAN types?

  • A. Isolated
  • B. Secured
  • C. Community
  • D. Common
  • E. Segregated

Answer: AC

On Cisco ISR routers, for what purpose is the public encryption key used?

  • A. used for SSH server/client authentication and encryption
  • B. used to verify the digital signature of the IPS signature file
  • C. used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate the ISR when accessing it using Cisco Configuration Professional
  • D. used to enable asymmetric encryption on IPsec and SSL VPNs
  • E. used during the DH exchanges on IPsec VPNs

Answer: B

Explanation: Step 1: Downloading IOS IPS files
The first step is to download IOS IPS signature package files and public crypto key from Step 1.1: Download the required signature files from to your PC
• Location:
• Files to download:
IOS-Sxxx-CLI.pkg: Signature package - download the latest signature package. Public Crypto key - this is the crypto key used by IOS IPS

Which IPSec mode is used to encrypt traffic directly between a client and a server VPN endpoint?

  • A. transport mode
  • B. tunnel mode
  • C. quick mode
  • D. aggressive mode

Answer: A

Which type of encryption technology has the broadcast platform support?

  • A. Middleware
  • B. Hardware
  • C. Software
  • D. File-level

Answer: C

Which two services define cloud networks? (Choose two.)

  • A. Infrastructure as a Service
  • B. Platform as a Service
  • C. Security as a Service
  • D. Compute as a Service
  • E. Tenancy as a Service

Answer: AB

Explanation: The NIST's definition of cloud computing defines the service models as follows:[2] + Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
+ Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
+ Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)

  • A. traffic flowing between a zone member interface and any interface that is not a zone member
  • B. traffic flowing to and from the router interfaces (the self zone)
  • C. traffic flowing among the interfaces that are members of the same zone
  • D. traffic flowing among the interfaces that are not assigned to any zone
  • E. traffic flowing between a zone member interface and another interface that belongs in a different zone
  • F. traffic flowing to the zone member interface that is returned traffic

Answer: BCD

Explanation: Rules For Applying Zone-Based Policy Firewall
Router network interfaces’ membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces:
A zone must be configured before interfaces can be assigned to the zone. An interface can be assigned to only one security zone.
All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.
Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone. In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.
Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones.
Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration.
If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.
From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).
The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.

What are characteristics of the Radius Protocol? choose Two

  • A. Uses TCP port 49
  • B. Uses UDP Port 49
  • C. Uses TCP 1812/1813
  • D. Uses UDP 1812/1813
  • E. Comines authentication and authorization

Answer: DE

Which command enable ospf authentication on an interface?

  • A. ip ospf authentication message-digest
  • B. network area 0
  • C. area 20 authentication message-digest
  • D. ip ospf message-digest-key 1 md5 CCNA

Answer: A


Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?

  • A. no switchport nonnegotiate
  • B. switchport
  • C. no switchport mode dynamic auto
  • D. no switchport

Answer: D

Explanation: The no switchport command makes the interface Layer 3 capable.

What is true about the Cisco IOS Resilient Configuration feature?

  • A. The feature can be disabled through a remote session
  • B. There is additional space required to secure the primary Cisco IOS Image file
  • C. The feature automatically detects image and configuration version mismatch
  • D. Remote storage is used for securing files

Answer: C

Explanation: The following factors were considered in the design of Cisco IOS Resilient Configuration:
+ The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature was first enabled.
+ The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file.
+ The feature automatically detects image or configuration version mismatch .
+ Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images and configurations on TFTP servers.
+ The feature can be disabled only through a console session Source: book/sec-resil-config.html

Refer to the exhibit.
210-260 dumps exhibit
Which area represents the data center?

  • A. A
  • B. B
  • C. C
  • D. D

Answer: A

Which command can you enter to configure OSPF to use hashing to authenticate routing updates?

  • A. ip ospf authentication message-digest
  • B. ip ospf priority 1
  • C. neighbor cost md5
  • D. ip ospf authentication-key

Answer: D

Which type of social engineering attack targets top executives?

  • A. baiting
  • B. vishing
  • C. whaling
  • D. spear phishing

Answer: A

Which option is a weakness in an information system that an attacker might leverage to gain unauthorized access to the system or its data?

  • A. hack
  • B. mitigation
  • C. risk
  • D. vulnerability
  • E. exploit

Answer: D

Explanation: vulnerability A flaw or weakness in a system’s design or implementation that could be exploited.

Which two features of Cisco Web Reputation tracking can mitigate web-based threats? (Choose Two)

  • A. outbreak filter
  • B. buffer overflow filter
  • C. bayesian filter
  • D. web reputation filter
  • E. exploit filtering

Answer: AD

Explanation: Cisco IronPort Outbreak Filters provide a critical first layer of defense against new outbreaks. With this proven preventive solution, protection begins hours before signatures used by traditional antivirus solutions are in place. Real-world results show an average 14-hour lead time over reactive antivirus solutions.
SenderBase, the world's largest email and web traffic monitoring network, provides real-time protection. The Cisco IronPort SenderBase Network captures data from over 120,000 contributing organizations around the world.

P.S. Certleader now are offering 100% pass ensure 210-260 dumps! All 210-260 exam questions have been updated with correct answers: (416 New Questions)