210-260 Premium Bundle

210-260 Premium Bundle

Implementing Cisco Network Security Certification Exam

4.5 
(7740 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 21, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 210-260 Exam

Cisco 210-260 Free Practice Questions

Q1. Which three statements about host-based IPS are true? (Choose three.) 

A. It can view encrypted files. 

B. It can have more restrictive policies than network-based IPS. 

C. It can generate alerts based on behavior at the desktop level. 

D. It can be deployed at the perimeter. 

E. It uses signature-based policies. 

F. It works with deployed firewalls. 

Answer: A,B,C 

Q2. Scenario 

In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the five multiple choice questions about the ASA SSLVPN configurations. 

To access ASDM, click the ASA icon in the topology diagram. 

Note: Not all ASDM functionalities are enabled in this simulation. 

To see all the menu options available on the left navigation pane, you may also need to un-expand the expanded menu first. 

When users login to the Clientless SSLVPN using https://209.165.201.2/test, which group policy will be applied? 

A. test 

B. clientless 

C. Sales 

D. DfltGrpPolicy 

E. DefaultRAGroup 

F. DefaultWEBVPNGroup 

Answer:

Explanation: First navigate to the Connection Profiles tab as shown below, highlight the one with the test alias: 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.45.23 AM.png 

Then hit the “edit” button and you can clearly see the Sales Group Policy being applied. 

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-09-25 at 9.44.53 AM.png 

Q3. What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection? 

A. split tunneling 

B. hairpinning 

C. tunnel mode 

D. transparent mode 

Answer:

Q4. An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity? 

A. The switch could offer fake DHCP addresses. 

B. The switch could become the root bridge. 

C. The switch could be allowed to join the VTP domain. 

D. The switch could become a transparent bridge. 

Answer:

Q5. You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two). 

A. Configure a proxy server to hide users' local IP addresses. 

B. Assign unique IP addresses to all users. 

C. Assign the same IP address to all users. 

D. Install a Web content filter to hide users' local IP addresses. 

E. Configure a firewall to use Port Address Translation. 

Answer: A,E 

Q6. What is a reason for an organization to deploy a personal firewall? 

A. To protect endpoints such as desktops from malicious activity. 

B. To protect one virtual network segment from another. 

C. To determine whether a host meets minimum security posture requirements. 

D. To create a separate, non-persistent virtual environment that can be destroyed after a session. 

E. To protect the network from DoS and syn-flood attacks. 

Answer:

Q7. If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? 

A. root guard 

B. EtherChannel guard 

C. loop guard 

D. BPDU guard 

Answer:

Q8. Which tool can an attacker use to attempt a DDoS attack? 

A. botnet 

B. Trojan horse 

C. virus 

D. adware 

Answer:

Q9. What is the FirePOWER impact flag used for? Cisco 210-260 : Practice Test 

A. A value that indicates the potential severity of an attack. 

B. A value that the administrator assigns to each signature. 

C. A value that sets the priority of a signature. 

D. A value that measures the application awareness. 

Answer:

Q10. A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware. 

A. Enable URL filtering on the perimeter router and add the URLs you want to block to the router's local URL list. 

B. Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router's local URL list. 

C. Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall's local URL list. 

D. Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router. 

E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router. 

Answer:

Q11. Refer to the exhibit. 

How many times was a read-only string used to attempt a write operation? 

A. 9 

B. 6 

C. 4 

D. 3 

E. 2 

Answer:

Q12. Refer to the exhibit. 

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show? 

A. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5. 

B. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5. 

C. IPSec Phase 1 is down due to a QM_IDLE state. 

D. IPSec Phase 2 is down due to a QM_IDLE state. 

Answer:

Q13. Refer to the exhibit. 

While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show? 

A. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5. 

B. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1. 

C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5. 

D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets. 

Answer:

Q14. Which statement about communication over failover interfaces is true? 

A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. 

B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default. 

C. All information that is sent over the failover and stateful failover interfaces is encrypted by default. 

D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text. 

Answer:

Q15. Which FirePOWER preprocessor engine is used to prevent SYN attacks? 

A. Rate-Based Prevention 

B. Portscan Detection 

C. IP Defragmentation 

D. Inline Normalization 

Answer:

Q16. Which type of secure connectivity does an extranet provide? 

A. other company networks to your company network 

B. remote branch offices to your company network 

C. your company network to the Internet 

D. new networks to your company network 

Answer:

Q17. Which two features do CoPP and CPPr use to protect the control plane? (Choose two.) 

A. QoS 

B. traffic classification 

C. access lists 

D. policy maps 

E. class maps 

F. Cisco Express Forwarding 

Answer: A,B 

Q18. Which Sourcefire logging action should you choose to record the most detail about a connection? 

A. Enable logging at the end of the session. 

B. Enable logging at the beginning of the session. 

C. Enable alerts via SNMP to log events off-box. 

D. Enable eStreamer to log events off-box. 

Answer:

Q19. Which two services define cloud networks? (Choose two.) 

A. Infrastructure as a Service 

B. Platform as a Service 

C. Security as a Service 

D. Compute as a Service 

E. Tenancy as a Service 

Answer: A,B 

Q20. Refer to the exhibit. 

What type of firewall would use the given configuration line? 

A. a stateful firewall 

B. a personal firewall 

C. a proxy firewall 

D. an application firewall 

E. a stateless firewall 

Answer:

START 210-260 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com