Cisco 210-260 Free Practice Questions

Q1. Which statement about Cisco ACS authentication and authorization is true? 

A. ACS servers can be clustered to provide scalability. 

B. ACS can query multiple Active Directory domains. 

C. ACS uses TACACS to proxy other authentication servers. 

D. ACS can use only one authorization profile to allow or deny requests. 

View Answer

Q2. What three actions are limitations when running IPS in promiscuous mode? (Choose three.) 

A. deny attacker 

B. deny packet 

C. modify packet 

D. request block connection 

E. request block host 

F. reset TCP connection 

Cisco 210-260 : Practice Test 

View Answer

Q3. Refer to the exhibit. 

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show? 

A. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5. 

B. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1. 

C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5. 

D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets. 

View Answer

Q4. What is the only permitted operation for processing multicast traffic on zone-based firewalls? 

A. Only control plane policing can protect the control plane against multicast traffic. 

B. Stateful inspection of multicast traffic is supported only for the self-zone. 

C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone. 

D. Stateful inspection of multicast traffic is supported only for the internal zone. 

View Answer

Q5. Which statement about communication over failover interfaces is true? 

A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. 

B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default. 

C. All information that is sent over the failover and stateful failover interfaces is encrypted by default. 

D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text. 

View Answer

Q6. You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two). 

A. Configure a proxy server to hide users' local IP addresses. 

B. Assign unique IP addresses to all users. 

C. Assign the same IP address to all users. 

D. Install a Web content filter to hide users' local IP addresses. 

E. Configure a firewall to use Port Address Translation. 

View Answer

Q7. Refer to the exhibit. 

How many times was a read-only string used to attempt a write operation? 

A. 9 

B. 6 

C. 4 

D. 3 

E. 2 

View Answer

Q8. When is the best time to perform an anti-virus signature update? 

A. Every time a new update is available. 

B. When the local scanner has detected a new virus. 

C. When a new virus is discovered in the wild. 

D. When the system detects a browser hook. 

View Answer

Q9. Which three ESP fields can be encrypted during transmission? (Choose three.) 

A. Security Parameter Index 

B. Sequence Number 

C. MAC Address 

D. Padding 

E. Pad Length 

F. Next Header 

View Answer

Q10. In which two situations should you use out-of-band management? (Choose two.) 

A. when a network device fails to forward packets 

B. when you require ROMMON access 

C. when management applications need concurrent access to the device 

D. when you require administrator access from multiple locations 

Cisco 210-260 : Practice Test 

E. when the control plane fails to respond 

View Answer

Q11. What can the SMTP preprocessor in FirePOWER normalize? 

A. It can extract and decode email attachments in client to server traffic. 

B. It can look up the email sender. 

C. It compares known threats to the email sender. 

D. It can forward the SMTP traffic to an email filter server. 

E. It uses the Traffic Anomaly Detector. 

View Answer

Q12. Which statement about application blocking is true? 

A. It blocks access to specific programs. 

B. It blocks access to files with specific extensions. 

C. It blocks access to specific network addresses. 

D. It blocks access to specific network services. 

View Answer

Q13. Scenario 

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. 

To access ASDM, click the ASA icon in the topology diagram. 

Note: Not all ASDM functionalities are enabled in this simulation. 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. 

Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test? 

A. AAA with LOCAL database 

B. AAA with RADIUS server 

C. Certificate 

D. Both Certificate and AAA with LOCAL database 

E. Both Certificate and AAA with RADIUS server 

Cisco 210-260 : Practice Test 

View Answer

Q14. Refer to the exhibit. 

What is the effect of the given command sequence? 

A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. 

B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. 

C. It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. 

D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. 

View Answer

Q15. Scenario 

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. 

To access ASDM, click the ASA icon in the topology diagram. 

Note: Not all ASDM functionalities are enabled in this simulation. 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. 

When users login to the Clientless SSLVPN using https://209.165.201.2/test, which group policy will be applied? 

A. test 

B. clientless 

C. Sales 

D. DfltGrpPolicy 

E. DefaultRAGroup 

F. DefaultWEBVPNGroup 

View Answer

Q16. When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading? 

A. Deny the connection inline. 

B. Perform a Layer 6 reset. 

C. Deploy an antimalware system. 

D. Enable bypass mode. 

View Answer

Q17. Which three statements about host-based IPS are true? (Choose three.) 

A. It can view encrypted files. 

B. It can have more restrictive policies than network-based IPS. 

C. It can generate alerts based on behavior at the desktop level. 

D. It can be deployed at the perimeter. 

E. It uses signature-based policies. 

F. It works with deployed firewalls. 

View Answer

Q18. Which two next-generation encryption algorithms does Cisco recommend? (Choose two.) 

A. AES 

B. 3DES 

C. DES 

D. MD5 

E. DH-1024 

F. SHA-384 

View Answer

Q19. Refer to the exhibit. 

If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond? 

A. The supplicant will fail to advance beyond the webauth method. 

B. The switch will cycle through the configured authentication methods indefinitely. 

C. The authentication attempt will time out and the switch will place the port into the unauthorized state. 

D. The authentication attempt will time out and the switch will place the port into VLAN 101. 

View Answer

Q20. Which tool can an attacker use to attempt a DDoS attack? 

A. botnet 

B. Trojan horse 

C. virus 

D. adware 

View Answer