Cisco 210-260 Exam Practice Question

Experienced professionals have prepared CCNA Security exam questions of DumpsSchool. These 210-260 exam questions are according to the industry standards and provide rich knowledge of Implementing Cisco network security topics. Like multiple candidates, you can succeed in the 210-260 exam by using DumpsSchool CCNA Security exam questions.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two.)

Answer: A, C

aaa accounting { auth-proxy | system | network | exec | connection | commands level | dot1x } { default | list- name | guarantee-first } [ vrf vrf-name ] { start-stop | stop-only | none } [broadcast] { radius | group group-name } + stop-only: Sends a stop accounting record for all cases including authentication failures regardless of whether the aaa accounting send stop-record authentication failure command is configured. + stop-record: Generates stop records for a specified event.

For minimal accounting, include the stop-only keyword to send a “stop” accounting record for all cases including authentication failures. For more accounting, you can include the start-stop keyword, so that RADIUS or TACACS+ sends a “start” accounting notice at the beginning of the requested process and a “stop” accounting notice at the end of the process.

Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a1.html

Question No. 2

When is the best time to perform an anti-virus signature update?

Answer: A

Question No. 3

What does the policy map do in CoPP?

Answer: A

Question No. 4

Which two SNMPv3 services support its capabilities as a secure network management protocol?

Answer: A, B

Question No. 5

Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

Answer: A

This is the output of the #show crypto isakmp sa command. This command shows the Internet Security Association Management Protocol (ISAKMP) security associations (SAs) built between peers – IPsec Phase1.

MM_NO_STATE means that main mode has failed. QM_IDLE – this is what we want to see.

More on this

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug- 00.html

Question No. 6

Which technology can block a non-malicious program that is run from a local computer that has been disconnected from the network?

Answer: C

Question No. 7

Which two types of firewalls work at Layer 4 and above? (Choose two.)

Answer: B, C

Dynamic or Stateful Packet-Filtering Firewalls

Stateful inspection is a firewall architecture classified at the network layer; although, for some applications it can analyze traffic at Layers 4 and 5, too.

Unlike static packet filtering, stateful inspection tracks each connection traversing all interfaces of the firewall and confirms that they are valid. Stateful packet filtering maintains a state table and allows modification to the security rules dynamically. The state table is part of the internal structure of the firewall. It tracks all sessions and inspects all packets passing through the firewall.

Although this is the primary Cisco Firewall technology, it has some limitations:

Cannot prevent application layer attacks.

Not all protocols are stateful.

Some applications open multiple connections.

Does not support user authentication.

http://www.ciscopress.com/articles/article.asp?p=1888110

Question No. 8

Which two statements about the self zone on Cisco zone based policy firewall are true ? (Choose two)

Answer: A, D

Question No. 9

Which two characteristics apply to an Intrusion Prevention System (IPS) ? Choose two

Answer: B, D

+ Position in the network flow: Directly inline with the flow of network traffic and every packet goes through the sensor on its way through the network.

+ Mode: Inline mode

+ The IPS can drop the packet on its own because it is inline. The IPS can also request assistance from another device to block future packets just as the IDS does.

Source: Cisco Official Certification Guide, Table 17-2 IDS Versus IPS, p.461

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html

Cisco 210-260 Exam Practice Question

Experienced professionals have prepared CCNA Security exam questions of DumpsSchool. These 210-260 exam questions are according to the industry standards and provide rich knowledge of Implementing Cisco network security topics. Like multiple candidates, you can succeed in the 210-260 exam by using DumpsSchool CCNA Security exam questions.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

What is the most common Cisco Discovery Protocol version 1 attack?

Answer: A

CDP contains information about the network device, such as the software version, IP address, platform, capabilities, and the native VLAN. When this information is available to an attacker computer, the attacker from that computer can use it to find exploits to attack your network, usually in the form of a Denial of Service (DoS) attack.

Source: https://howdoesinternetwork.com/2011/cdp-attack

Question No. 2

What type of Diffie-Hellman group would you expect to be utiliazed on a wireless device?

Answer: B

Question No. 3

Which three statements about Cisco host-based IPS solutions are true? (Choose three.)

Answer: A, B, C

Question No. 4

Which type of mechanism does Cisco FirePOWER deploy 10 protect against email threats that are detected moving across other networks?

Answer: D

Question No. 5

What are two challenges of using a network-based IPS? (Choose two )

Answer: C, E

Question No. 6

Which three statements are characteristics of DHCP Spoofing? (choose three)

Answer: A, B, C

Topic 3, Exam Pool C

Question No. 7

What is the range of levels provided by the Privilege command?

Answer: D

Question No. 8

Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X

certificates?

Answer: D

Question No. 9

Which description of the nonsecret numbers that are used to start a Diffie-Hellman exchange is true?

Answer: D

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html