Guaranteed 210-260 Free Practice Questions 2021
We provide ccna 210 260 in two formats. Download PDF & Practice Tests. Pass Cisco 210-260 Exam quickly & easily. The 210-260 PDF type is available for reading and printing. You can print more and practice many times. With the help of our ccna security 210 260 book product and material, you can easily pass the 210-260 exam.
Online Cisco 210-260 free dumps demo Below:
NEW QUESTION 1
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map? (Choose two.)
- A. nat
- B. transform-set
- C. reverse-route
- D. peer
- E. pfs
NEW QUESTION 2
Which quantifiable item should you consider when your organization adopts new technologies?
- A. threats
- B. vulnerability
- C. risk
- D. exploits
NEW QUESTION 3
Which statement about traffic inspection using the Cisco Modular Policy Framework on the ASA is true?
- A. HTTP inspection is supported with Cloud Web Security inspection
- B. QoS policing and QoS pnonty queuing can be configured for the same traffic
- C. ASA with FirePOWER supports HTTP inspection
- D. Traffic can be sent to multiple modules for inspection
NEW QUESTION 4
Which command is used to verify a VPN connection is operational?
- A. sh crypto ipsec sa
- B. sh crypto isakmp sa
- C. debug crypto isakmp
- D. sh crypto session
Explanation: #show crypto ipsec sa - This command shows IPsec SAs built between peers In the output you see
#pkts encaps: 345, #pkts encrypt: 345, #pkts digest 0
#pkts decaps: 366, #pkts decrypt: 366, #pkts verify 0
which means packets are encrypted and decrypted by the IPsec peer.
NEW QUESTION 5
Which IPS mode is less secure than other options but allows optimal network throughput?
- A. Promiscuous mode
- B. inline mode
- C. transparent mode
- D. inline-bypass mode
Explanation: The recommended IPS deployment mode depends on the goals and policies of the enterprise. IPS inline mode is more secure because of its ability to stop malicious traffic in real-time, however it may impact traffic throughput if not properly designed or sized. Conversely, IPS promiscuous mode has less impact on traffic
throughput but is less secure because there may be a delay in reacting to the malicious traffic. https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/SAFE_RG/safesmallentnetworks.html
NEW QUESTION 6
In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations.
To access ASDM, click the ASA icon in the topology diagram. Note: Not all ASDM functionalities are enabled in this simulation.
To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first.
When users login to the Clientless SSLVPN using https://220.127.116.11/test, which group policy will be applied?
- A. test
- B. clientless
- C. Sales
- D. DfltGrpPolicy
- E. DefaultRAGroup
- F. DefaultWEBVPNGroup
Explanation: First navigate to the Connection Profiles tab as shown below, highlight the one with the test alias:
Then hit the “edit” button and you can clearly see the Sales Group Policy being applied.
NEW QUESTION 7
Which three ESP fields can be encrypted during transmission? (Choose three.)
- A. Security Parameter Index
- B. Sequence Number
- C. MAC Address
- D. Padding
- E. Pad Length
- F. Next Header
Explanation: The packet begins with two 4-byte fields (Security Parameters Index (SPI) and Sequence Number). Following these fields is the Payload Data, which has substructure that depends on the choice of encryption algorithm and mode, and on the use of TFC padding, which is examined in more detail later. Following the Payload Data are Padding and Pad Length fields, and the Next Header field. The optional Integrity Check Value (ICV) field completes the packet.
NEW QUESTION 8
Which security principle has been violated if data is altered in an unauthorized manner?
- A. accountability
- B. availability
- C. confidentiality
- D. integrity
NEW QUESTION 9
What encryption technology has broadest platform support
- A. hardware
- B. middleware
- C. Software
- D. File level
NEW QUESTION 10
You are configuring a NAT rule on a Cisco ASA. Which description of a mapped interface is true?
- A. It is mandatory for all fire wall modes.
- B. It is mandatory for identity NAT only.
- C. It is optional in transparent mode.
- D. It is optional in routed mode.
NEW QUESTION 11
Which two functions can SIEM provide? (Choose Two)
- A. Correlation between logs and events from multiple systems.
- B. event aggregation that allows for reduced log storage requirements.
- C. proactive malware analysis to block malicious traffic.
- D. dual-factor authentication.
- E. centralized firewall management.
Explanation: + Log collection of event records from sources throughout the organization provides important forensic tools and helps to address compliance reporting requirements.
+ Normalization maps log messages from different systems into a common data model, enabling the organization to connect and analyze related events, even if they are initially logged in different source formats.
+ Correlation links logs and events from disparate systems or applications, speeding detection of and reaction to security threats.
+ Aggregation reduces the volume of event data by consolidating duplicate event records.
+ Reporting presents the correlated, aggregated event data in real-time monitoring and long-term summaries.
NEW QUESTION 12
Which statement about a PVLAN isolated port configured on a switch is true?
- A. The isolated port can communicate only with the promiscuous port.
- B. The isolated port can communicate with other isolated ports and the promiscuous port.
- C. The isolated port can communicate only with community ports.
- D. The isolated port can communicate only with other isolated ports.
Explanation: Isolated -- An isolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation from other ports within the same private VLAN domain, except that it can communicate with associated promiscuous ports. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.
NEW QUESTION 13
Which statement about zone-based firewall configuration is true?
- A. Traffic is implicitly denied by default between interfaces the same zone.
- B. Traffic that is desired to or sourced from the self-zone is denied by default.
- C. The zone must be configured before a can be assigned.
- D. You can assign an interface to more than one interface.
NEW QUESTION 14
When is the default deny all policy an exception in zone-based firewalls?
- A. When traffic traverses two interfaces in in the same zone
- B. When traffic terminates on the router via the self zone
- C. When traffic sources from the router via the self zone
- D. When traffic traverses two interfaces in different zones
NEW QUESTION 15
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?
- A. BPDU filtering
- B. root guard
- C. BPDU guard
- D. portFast
NEW QUESTION 16
What are two default Cisco IOS privilege levels? (Choose two.)
- A. 1
- B. 5
- C. 7
- D. 10
- E. 15
Explanation: By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15).
P.S. 2passeasy now are offering 100% pass ensure 210-260 dumps! All 210-260 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/210-260/ (416 New Questions)