Verified 210-260 Free Practice Questions 2021

NEW QUESTION 1
Which command do you enter to enable authentication for OSPF on an interface?

• A. router(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
• B. router(config-router)#area 0 authentication message-digest
• C. router(config-router)#ip ospf authentication-key CISCOPASS
• D. router(config-if)#ip ospf authentication message-digest

Answer: A

NEW QUESTION 2
What is the minimum Cisco IOS version that supports zone-based firewalls?

• A. 12.4(6)T
• B. 15.1
• C. 15.0
• D. 12.1T

Answer: A

NEW QUESTION 3
Refer to the exhibit.

What is the effect of the given command?

• A. It merges authentication and encryption methods to protect traffic that matches an ACL.
• B. It configures the network to use a different transform set between peers.
• C. It configures encryption for MD5 HMAC.
• D. It configures authentication as AES 256.

Answer: A

Explanation: A transform set is an acceptable combination of security protocols, algorithms and other settings to apply to IP Security protected traffic. During the IPSec security association negotiation, the peers agree to use a particular transform set when protecting a particular data flow.
Source:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command Explanation:/Reference/srfipsec.html#wp1017694 To define a transform set -- an acceptable combination of security protocols and algorithms -- use the crypto ipsec transform-set global configuration command.
ESP Encryption Transform
+ esp-aes 256: ESP with the 256-bit AES encryption algorithm. ESP Authentication Transform
+ esp-md5-hmac: ESP with the MD5 (HMAC variant) authentication algorithm. (No longer recommended) Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr- c3.html#wp2590984165

NEW QUESTION 4
Which statement correctly describes the function of a private VLAN?

• A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains
• B. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains
• C. A private VLAN enables the creation of multiple VLANs using one broadcast domain
• D. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain

Answer: A

Explanation: Private VLAN divides a VLAN (Primary) into sub-VLANs (Secondary) while keeping existing IP subnet and layer 3 configuration. A regular VLAN is a single broadcast domain, while private VLAN partitions one broadcast domain into multiple smaller broadcast subdomains.
Source: https://en.wikipedia.org/wiki/Private_VLAN

NEW QUESTION 5
Which IDS/IPS solution can monitor system processes and resources?

• A. IDS
• B. HIPS
• C. PROXY
• D. IPS

Answer: B

NEW QUESTION 6
What improvement does EAP-FASTv2 provide over EAP-FAST?

• A. It allows multiple credentials to be passed in a single EAP exchange.
• B. It supports more secure encryption protocols.
• C. It allows faster authentication by using fewer packets.
• D. It addresses security vulnerabilities found in the original protocol.

Answer: A

Explanation: As an enhancement to EAP-FAST, a differentiation was made to have a User PAC and a Machine PAC. After a successful machine-authentication, ISE will issue a Machine-PAC to the client. Then, when processing a user- authentication, ISE will request the Machine-PAC to prove that the machine was successfully authenticated, too. This is the first time in 802.1X history that multiple credentials have been able to be authenticated within a single EAP transaction, and it is known as "EAP Chaining".
Source:
http://www.networkworld.com/article/2223672/access-control/which-eap-types-do-you-need-for-which- identity-projects.html

NEW QUESTION 7
Which command can you enter to verify the status of Cisco IOS Resilient Configuration on a Cisco router?

• A. show binary file
• B. secure boot-config
• C. secure boot-image
• D. show secure bootset

Answer: D

NEW QUESTION 8
Which two actions can a zone-based firewall apply to a packet as it transits a zone pair? (Choose two.)

• A. drop
• B. inspect
• C. queue
• D. quarantine
• E. block

Answer: AB

NEW QUESTION 9
Which is a key security component of MDM deployment?

• A. Using network-specific installer package
• B. Using self-signed certificates to validate the server – generate self-signed certificate to connect to server (Deployed certificates ;Issued certificate to the server likely)
• C. Using application tunnel
• D. Using MS-CHAPv2 as primary EAP method

Answer: B

NEW QUESTION 10
Which two actions can a zone based firewall take when looking at traffic? (Choose two)

• A. Filter
• B. Forward
• C. Drop
• D. Broadcast
• E. Inspect

Answer: CE

NEW QUESTION 11
The purpose of the certificate authority (CA) is to ensure what?

• A. BYOD endpoints are posture checked
• B. BYOD endpoints belong to the organization
• C. BYOD endpoints have no malware installed
• D. BYOD users exist in the corporate LDAP directory

Answer: B

NEW QUESTION 12
The purpose of the RSA SecureID server/application is to provide what?

• A. Authentication, authorization, accounting (AAA) functions
• B. One-time password (OTP) capabilities
• C. 802.1X enforcement
• D. VPN access

Answer: B

NEW QUESTION 13
What command can you use to verify the binding table status?

• A. show ip dhcp snooping database
• B. show ip dhcp snooping binding
• C. show ip dhcp snooping statistics
• D. show ip dhcp pool
• E. show ip dhcp source binding
• F. show ip dhcp snooping

Answer: A

Explanation: A device's burned-in address is its MAC address. So by changing it to something else may trick hosts on the network into sending packets to it.

NEW QUESTION 14
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?

• A. MAC spoofing
• B. ARP spoofing
• C. CAM table overflow
• D. DHCP spoofing

Answer: C

NEW QUESTION 15
Which 2 NAT type allows only objects or groups to reference an IP address?

• A. dynamic NAT
• B. dynamic PAT
• C. static NAT
• D. identity NAT

Answer: AC

Explanation: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_objects.htm

NEW QUESTION 16
Which type of encryption technology has the broadest platform support to protect operating systems?

• A. software
• B. hardware
• C. middleware
• D. file-level

Answer: A

Explanation: Much commercial and free software enables you to encrypt files in an end-user workstation or mobile device. The following are a few examples of free solutions:
+ GPG: GPG also enables you to encrypt files and folders on a Windows, Mac, or Linux system. GPG is free.
+ The built-in MAC OS X Disk Utility: D isk Utility enables you to create secure disk images by encrypting files with AES 128-bit or AES 256-bit encryption.
+ TrueCrypt: A free encryption tool for Windows, Mac, and Linux systems.
+ AxCrypt: A f ree Windows-only file encryption tool.
+ BitLocker: Full disk encryption feature included in several Windows operating systems.
+ Many Linux distributions such as Ubuntu: A llow you to encrypt the home directory of a user with built-in utilities.
+ MAC OS X FileVault: Supports full disk encryption on Mac OS X systems. The following are a few examples of commercial file encryption software:
+ Symantec Endpoint Encryption
+ PGP Whole Disk Encryption
+ McAfee Endpoint Encryption (SafeBoot)
+ Trend Micro Endpoint Encryption
Source: Cisco Official Certification Guide, Encrypting Endpoint Data at Rest, p.501