Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. Approved 210-260 discount pack are available on Google Drive, GET MORE: https://drive.google.com/open?id=1Kl4PFWi2xwwT55i2I8OXlDu8m47EY9P5
Q8. Which type of social-engineering attacks uses normal telephone service as the attack vector?
A. vishing
B. phising
C. smishing
D. war dialing
Answer: B
Q9. In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity?
A. gratuitous ARP
B. ARP poisoning
C. IP spoofing
D. MAC spoofing
Answer: D
Q10. Refer to the exhibit.
While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.
D. IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.
Answer: A
Q11. Which IOS command do you enter to test authentication against a AAA server?
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. aaa authentication enable default test group tacacs+
D. test aaa-server authentication dialergroup username <user> password.
Answer: D
Q12. Which Cisco Security Manager application collects information about device status and uses it to generate notifications and alerts?
A. FlexConfig
B. Device Manager
C. Report Manager
D. Health and Performance Monitor
Answer: D
Q13. Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.)
A. The password
B. The hash
C. The key
D. The transform set
Answer: B,C
Q14. When AAA login authentication is configured on Cisco routers, which two authentication methods should be used as the final method to ensure that the administrator can still log in to the router in case the external AAA server fails? (Choose two.)
A. group RADIUS
B. group TACACS+
C. local
D. krb5
E. enable
F. if-authenticated
Answer: C,E
Explanation:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.htmlTACACS+ Authentication Examples
The following example shows how to configure TACACS+ as the security protocol for PPP authentication:
aaa new-model
aaa authentication ppp test group tacacs+ local tacacs-server host 10.1.2.3
tacacs-server key goaway interface serial 0
ppp authentication chap pap test
The lines in the preceding sample configuration are defined as follows:
u2022The aaa new-model command enables the AAA security services.
u2022The aaa authentication command defines a method list, "test," to be used on serial interfaces running PPP.
The keyword group tacacs+ means that authentication will be done through TACACS+. If TACACS+ returns an ERROR of some sort during authentication, the keyword local indicates that authentication will be attempted using the local database on the network access server. http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml Authentication Start to configure TAC+ on the router.
Enter enable mode and type configure terminal before the command set. This command syntax ensures that you are not locked out of the router initially, providing the tac_plus_executable is not running:
!--- Turn on TAC+. aaa new-model
enable password whatever
!--- These are lists of authentication methods.
!--- "linmethod", "vtymethod", "conmethod", and
!--- so on are names of lists, and the methods
!--- listed on the same lines are the methods
!--- in the order to be tried. As used here, if
!--- authentication fails due to the
!--- tac_plus_executable not being started, the
!--- enable password is accepted because
!--- it is in each list.
!
aaa authentication login linmethod tacacs+ enable aaa authentication login vtymethod tacacs+ enable aaa authentication login conmethod tacacs+ enable
Q15. Which command verifies phase 1 of an IPsec VPN on a Cisco router?
A. show crypto map
B. show crypto ipsec sa
C. show crypto isakmp sa
D. show crypto engine connection active
Answer: C
Q16. Which statement about extended access lists is true?
A. Extended access lists perform filtering that is based on source and destination and are
most effective when applied to the destination
B. Extended access lists perform filtering that is based on source and destination and are most effective when applied to the source
C. Extended access lists perform filtering that is based on destination and are most effective when applied to the source
D. Extended access lists perform filtering that is based on source and are most effective when applied to the destination
Answer: B
Q17. You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address?
A. Create a whitelist and add the appropriate IP address to allow the traffic.
B. Create a custom blacklist to allow the traffic.
C. Create a user based access control rule to allow the traffic.
D. Create a network based access control rule to allow the traffic.
E. Create a rule to bypass inspection to allow the traffic.
Answer: A
P.S. Easily pass 210-260 Exam with Certleader Approved Dumps & pdf vce, Try Free: https://www.certleader.com/210-260-dumps.html (310 New Questions)