Cisco 210-260 Free Practice Questions 2021

It is more faster and easier to pass the ccna security 210 260 book by using ccna security 210 260 exam dumps. Immediate access to the examcollection 210 260 and find the same core area cisco 210 260 dump with professionally verified answers, then PASS your exam with a high score now.

Free demo questions for Cisco 210-260 Exam Dumps Below:

NEW QUESTION 1
What is the most common Cisco Discovery Protocol version 1 attack?

  • A. Denial of Service
  • B. MAC-address spoofing
  • C. CAM-table overflow
  • D. VLAN hopping

Answer: A

Explanation: CDP contains information about the network device, such as the software version, IP address, platform, capabilities, and the native VLAN. When this information is available to an attacker computer, the attacker from that computer can use it to find exploits to attack your network, usually in the form of a Denial of Service (DoS) attack.
Source: https://howdoesinternetwork.com/2011/cdp-attack

NEW QUESTION 2
Which two characteristics of symmetric encryption are true? (Choose two)

  • A. It uses digital certificates.
  • B. It uses a public key and a private key to encrypt and decrypt traffic.
  • C. it requires more resources than asymmetric encryption
  • D. it is faster than asymmetric encryption
  • E. It uses the same key to encrypt and decrypt the traffic.

Answer: BE

Explanation: http://searchsecurity.techtarget.com/definition/secret-key-algorithm

NEW QUESTION 3
What is a reason for an organization to deploy a personal firewall?

  • A. To protect endpoints such as desktops from malicious activity.
  • B. To protect one virtual network segment from another.
  • C. To determine whether a host meets minimum security posture requirements.
  • D. To create a separate, non-persistent virtual environment that can be destroyed after a session.
  • E. To protect the network from DoS and syn-flood attacks.

Answer: A

Explanation: The term personal firewall typically applies to basic software that can control Layer 3 and Layer 4 access to client machines. HIPS provides several features that offer more robust security than a traditional personal firewall, such as host intrusion prevention and protection against spyware, viruses, worms, Trojans, and other types of malware.
Source: Cisco Official Certification Guide, Personal Firewalls and Host Intrusion Prevention Systems , p.499

NEW QUESTION 4
Which two features are supported in a VRF-aware software infrastructure before VRF-lite? (Choose two)

  • A. priority queuing
  • B. EIGRP
  • C. multicast
  • D. WCCP
  • E. fair queuing

Answer: BC

NEW QUESTION 5
What is example of social engineering

  • A. Gaining access to a building through an unlocked door.
  • B. something about inserting a random flash drive.
  • C. gaining access to server room by posing as IT
  • D. Watching other user put in username and password (something around there)

Answer: C

NEW QUESTION 6
What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?

  • A. 5 seconds
  • B. 10 seconds
  • C. 15 seconds
  • D. 20 seconds

Answer: A

Explanation: To set the interval for which the server waits for a server host to reply, use the tacacs-server timeout command in global configuration mode. To restore the default, use the no form of this command.
If the command is not configured, the timeout interval is 5. Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command

NEW QUESTION 7
What type of Diffie-Hellman group would you expect to be utiliazed on a wireless device?

  • A. Group4
  • B. Group7
  • C. Group5
  • D. Group3

Answer: B

NEW QUESTION 8
How does the Cisco ASA use Active Directory to authorize VPN users?

  • A. It queries the Active Directory server for a specific attribute for the specified user.
  • B. It sends the username and password to retrieve an ACCEPT or REJECT message from the Active Directory server.
  • C. It downloads and stores the Active Directory database to query for future authorization requests.
  • D. It redirects requests to the Active Directory server defined for the VPN group.

Answer: A

Explanation: When ASA needs to authenticate a user to the configured LDAP server, it first tries to login using the login DN provided. After successful login to the LDAP server, ASA sends a search query for the username provided by the VPN user. This search query is created based on the naming attribute provided in the configuration. LDAP replies to the query with the complete DN of the user. At this stage ASA sends a second login attempt to the LDAP server. In this attempt, ASA tries to login to the LDAP server using the VPN user's full DN and password provided by the user. A successful login to the LDAP server will indicate that the credentials provided by the VPN user are correct and the tunnel negotiation will move to the Phase 2.
Source:
http://www.networkworld.com/article/2228531/cisco-subnet/using-your-active-directory-for-vpn- authentication-on-asa.html

NEW QUESTION 9
which term best describes the concept of preventing the modification of data in transit and in storage?

  • A. Confidentiality
  • B. Integrity
  • C. Availability
  • D. fidelity

Answer: B

Explanation: Integrity for data means that changes made to data are done only by authorized individuals/systems. Corruption of data is a failure to maintain data integrity.
Source: Cisco Official Certification Guide, Confidentiality, Integrity, and Availability, p.6

NEW QUESTION 10
What show command can see vpn tunnel establish with traffic passing through.

  • A. show crypto ipsec sa
  • B. show crypto session
  • C. show crypto isakmp sa
  • D. show crypto ipsec transform-set

Answer: A

Explanation: #show crypto ipsec sa - This command shows IPsec SAs built between peers In the output you see
#pkts encaps: 345, #pkts encrypt: 345, #pkts digest 0
#pkts decaps: 366, #pkts decrypt: 366, #pkts verify 0
which means packets are encrypted and decrypted by the IPsec peer.
Source:
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec- debug-00.html#ipsec_sa

NEW QUESTION 11
What does the command crypto isakmp nat-traversal do?

  • A. Enables udp port 4500 on all IPsec enabled interfaces
  • B. rebooting the ASA the global command

Answer: A

NEW QUESTION 12
Refer to the exhibit.
210-260 dumps exhibit
What are two effects of the given command? (Choose two.)

  • A. It configures authentication to use AES 256.
  • B. It configures authentication to use MD5 HMAC.
  • C. It configures authorization use AES 256.
  • D. It configures encryption to use MD5 HMAC.
  • E. It configures encryption to use AES 256.

Answer: BE

Explanation: To define a transform set -- an acceptable combination of security protocols and algorithms -- use the crypto ipsec transform-set global configuration command.
ESP Encryption Transform
+ esp-aes 256: ESP with the 256-bit AES encryption algorithm. ESP Authentication Transform
+esp-md5-hmac: ESP with the MD5 (HMAC variant) authentication algorithm. (No longer recommended) Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr- c3.html#wp2590984165

NEW QUESTION 13
Which statement provides the best definition of malware?

  • A. Malware is unwanted software that is harmful or destructive.
  • B. Malware is software used by nation states to commit cyber crimes.
  • C. Malware is a collection of worms, viruses, and Trojan horses that is distributed as a single package.
  • D. Malware is tools and applications that remove unwanted programs.

Answer: A

Explanation: Malware, short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.[1] Before the term malware was coined by Yisrael Radai in 1990, malicious software was referred to as computer viruses.
Source: https://en.wikipedia.org/wiki/Malware

NEW QUESTION 14
Which type of security control is defense in depth?

  • A. Threat mitigation
  • B. Risk analysis
  • C. Botnet mitigation
  • D. Overt and covert channels

Answer: A

Explanation: Defense in-depth is the key to stopping most, but not all, network and computer related attacks. It's a concept of deploying several layers of defense that mitigate security threats.
Source:
http://security2b.blogspot.ro/2006/12/what-is-defense-in-depth-and-why-is-it.html

NEW QUESTION 15
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?

  • A. It requests the administrator to choose between erasing all device data or only managed corporate data.
  • B. It requests the administrator to enter the device PIN or password before proceeding with the operation.
  • C. It notifies the device user and proceeds with the erase operation.
  • D. It immediately erases all data on the device.

Answer: A

Explanation: Cisco ISE allows you to wipe or turn on pin lock for a device that is lost. From the MDM Access drop-down list, choose any one of the following options:
+ Full Wipe -- Depending on the MDM vendor, this option either removes the corporate apps or resets the device to the factory settings.
+ Corporate Wipe -- Removes applications that you have configured in the MDM server policies + PIN Lock
-- Locks the device
Source:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/ b_ise_admin_guide_14_chapter_01001.html#task_820C9C2A1A6647E995CA5AAB01E1CDEF

NEW QUESTION 16
Which cisco IOS device support firewall, antispyware, anti-phishing, protection, etc.

  • A. Cisco IOS router
  • B. Cisco 4100 IOS IPS appliance
  • C. Cicso 5500 series ASA
  • D. Cisco 5500x next generation ASA

Answer: D

P.S. Exambible now are offering 100% pass ensure 210-260 dumps! All 210-260 exam questions have been updated with correct answers: https://www.exambible.com/210-260-exam/ (416 New Questions)