210-260 Exam Questions - Online Test

210-260 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

It is impossible to pass Cisco ccna security 210 260 official cert guide pdf free download exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Cisco 210 260 pdf practice questions. You will get a surprising result by our Update Implementing Cisco Network Security practice guides.

Q11. How does a zone-based firewall implementation handle traffic between interfaces in the same zone? 

A. Traffic between two interfaces in the same zone is allowed by default. 

B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command. 

C. Traffic between interfaces in the same zone is always blocked. 

D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair. 

Answer: A 

Q12. Which EAP method uses Protected Access Credentials? 

A. EAP-FAST 

B. EAP-TLS 

C. EAP-PEAP 

D. EAP-GTC 

Answer: A 

Q13. In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity? 

A. gratuitous ARP 

B. ARP poisoning 

C. IP spoofing 

D. MAC spoofing 

Answer: D 

Q14. Which two statements about stateless firewalls are true? (Choose two.) 

A. They compare the 5-tuple of each incoming packet against configurable rules. 

B. They cannot track connections. 

C. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS. 

D. Cisco IOS cannot implement them because the platform is stateful by nature. 

E. The Cisco ASA is implicitly stateless because it blocks all traffic by default. 

Answer: A,B 

Q15. Which statement about communication over failover interfaces is true? 

A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. 

B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default. 

C. All information that is sent over the failover and stateful failover interfaces is encrypted by default. 

D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text. 

Answer: A 

Q16. Which statement about Cisco ACS authentication and authorization is true? 

A. ACS servers can be clustered to provide scalability. 

B. ACS can query multiple Active Directory domains. 

C. ACS uses TACACS to proxy other authentication servers. 

D. ACS can use only one authorization profile to allow or deny requests. 

Answer: A 

Q17. Which three ESP fields can be encrypted during transmission? (Choose three.) 

A. Security Parameter Index 

B. Sequence Number 

C. MAC Address 

D. Padding 

E. Pad Length 

F. Next Header 

Answer: D,E,F 

Q18. Which three statements about host-based IPS are true? (Choose three.) 

A. It can view encrypted files. 

B. It can have more restrictive policies than network-based IPS. 

C. It can generate alerts based on behavior at the desktop level. 

D. It can be deployed at the perimeter. 

E. It uses signature-based policies. 

F. It works with deployed firewalls. 

Answer: A,B,C 

Q19. If a packet matches more than one class map in an individual feature type's policy map, how does the ASA handle the packet? 

A. The ASA will apply the actions from only the first matching class map it finds for the feature type. 

B. The ASA will apply the actions from only the most specific matching class map it finds for the feature type. 

C. The ASA will apply the actions from all matching class maps it finds for the feature type. 

D. The ASA will apply the actions from only the last matching class map it finds for the feature type. 

Answer: A 

Q20. You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two). 

A. Configure a proxy server to hide users' local IP addresses. 

B. Assign unique IP addresses to all users. 

C. Assign the same IP address to all users. 

D. Install a Web content filter to hide users' local IP addresses. 

E. Configure a firewall to use Port Address Translation. 

Answer: A,E