Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. 100% Correct 210-260 Q&A are available on Google Drive, GET MORE: https://drive.google.com/open?id=18pZ7Xebg0YZOwsiIMF0baJMeHvQ2WdFK
Question No: 6
Refer to the exhibit.
What are two effects of the given command? (Choose two.)
A. It configures authentication to use AES 256.
B. It configures authentication to use MD5 HMAC.
C. It configures authorization use AES 256.
D. It configures encryption to use MD5 HMAC.
E. It configures encryption to use AES 256.
Answer: B,E
Question No: 7
Which three ESP fields can be encrypted during transmission? (Choose three.)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header
Answer: D,E,F
Question No: 8
How many crypto map sets can you apply to a router interface?
A. 3
B. 2
C. 4
D. 1
Answer: D
Question No: 9
Which statement is a benefit of using Cisco IOS IPS?
A. It uses the underlying routing infrastructure to provide an additional layer of security.
B. It works in passive mode so as not to impact traffic flow.
C. It supports the complete signature database as a Cisco IPS sensor appliance.
D. The signature database is tied closely with the Cisco IOS image.
Answer: A
Explanation:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd803137cf.html
Product Overview
In today's business environment, network intruders and attackers can come from outside or inside the network.
They can launch distributed denial-of-service attacks, they can attack Internet connections, and they can exploit network and host vulnerabilities. At the same time, Internet worms and viruses can spread across the world in a matter of minutes. There is often no time to wait for human intervention-the network itself must possess the intelligence to recognize and mitigate these attacks, threats, exploits, worms and viruses.
Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection-based solution that enables Cisco IOS Software to effectively mitigate a wide range of network attacks. While it is common practice to defend against attacks by inspecting traffic at data centers and corporate headquarters, distributing the network level defense to stop malicious traffic close to its entry point at branch or telecommuter offices is also critical.
Cisco IOS IPS: Major Use Cases and Key Benefits IOS IPS helps to protect your network in 5 ways:
Key Benefits:
u2022 Provides network-wide, distributed protection from many attacks, exploits, worms and viruses exploiting vulnerabilities in operating systems and applications.
u2022 Eliminates the need for a standalone IPS device at branch and telecommuter offices as well as small and medium-sized business networks.
u2022 Unique, risk rating based signature event action processor dramatically improves the ease of management of IPS policies.
u2022 Offers field-customizable worm and attack signature set and event actions.
u2022 Offers inline inspection of traffic passing through any combination of router LAN and WAN interfaces in both directions.
u2022 Works with Cisco IOSu00ae Firewall, control-plane policing, and other Cisco IOS Software security features to protect the router and networks behind the router.
u2022 Supports more than 3700 signatures from the same signature database available for Cisco Intrusion Prevention System (IPS) appliances.
Question No: 10
Which option is a key security component of an MDM deployment?
A. using MS-CHAPv2 as the primary EAP method.
B. using self-signed certificates to validate the server.
C. using network-specific installer packages
D. using an application tunnel by default.
Answer: B
Question No: 11
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
Answer: A
Question No: 12
Which statement about a PVLAN isolated port configured on a switch is true?
A. The isolated port can communicate only with the promiscuous port.
B. The isolated port can communicate with other isolated ports and the promiscuous port.
C. The isolated port can communicate only with community ports.
D. The isolated port can communicate only with other isolated ports.
Answer: A
Question No: 13
Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)
A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
B. authenticating administrator access to the router console port, auxiliary port, and vty ports
C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
D. tracking Cisco NetFlow accounting statistics
E. securing the router by locking down all unused services
F. performing router commands authorization using TACACS+
Answer: A,B,F
Explanation:
http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.htm l
Need for AAA Services
Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating back to asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server.
Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes.
AAA information is typically stored in an external database or remote server such as RADIUS or TACACS+.
The information can also be stored locally on the access server or router. Remote security servers, such as RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which define the access rights with the appropriate user. All authorization methods must be defined through AAA.
Question No: 14
If a switch port goes into a blocked state only when a superior BPDU is received, what mechanism must be in use?
A. STP root guard
B. EtherChannel guard
C. loop guard
D. STP BPDU guard
Answer: A
Explanation: Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.
Source: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree- protocol/10588-74.html
Question No: 15
Which two devices are components of the BYOD architectural framework?
A. Prime Infrastructure
B. Nexus 7010 Switch
C. Cisco 3945 Router
D. Wireless Access Points
E. Identity Services Engine
Answer: A,E
100% Latest Cisco 210-260 Questions & Answers shared by Surepassexam, Get HERE: https://www.surepassexam.com/210-260-exam-dumps.html (New 310 Q&As)