Cisco 210-260 Dumps For Preparation

The 210-260 exam is the only required exam for CCNA Security certification. You need updated preparation material to pass it. DumpsSchool provide you real CCNA Security exam questions which possess complete detail of 210-260 exam topics. You will pass this exam with flying colors by using these CCNA Security exam questions.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

Which term refer to the electromagnetic interference that can radiate from cables?

Answer: A

Question No. 2

What do you use when you have a network object or group and want to use an IP address?

Answer: B

Adding Network Objects for Mapped Addresses

For dynamic NAT, you must use an object or group for the mapped addresses. Other NAT types have the option of using inline addresses, or you can create an object or group according to this section.

* Dynamic NAT:

+ You cannot use an inline address; you must configure a network object or group. + The object or group cannot contain a subnet; the object must define a range; the group can include hosts and ranges.

+ If a mapped network object contains both ranges and host IP addresses, then the ranges are used for dynamic NAT, and then the host IP addresses are used as a PAT fallback.

* Dynamic PAT (Hide):

+ Instead of using an object, you can optionally configure an inline host address or specify the interface address.

+ If you use an object, the object or group cannot contain a subnet; the object must define a host, or for a PAT pool, a range; the group (for a PAT pool) can include hosts and ranges.

* Static NAT or Static NAT with port translation:

+ Instead of using an object, you can configure an inline address or specify the interface address (for static NAT-with-port-translation).

+ If you use an object, the object or group can contain a host, range, or subnet.

* Identity NAT

+ Instead of using an object, you can configure an inline address. + If you use an object, the object must match the real addresses you want to translate.

Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ nat_objects.html#61711

Question No. 3

Which two are considered basic security principles? (Choose two.)

Answer: A, B

Question No. 4

Refer to the below.

Which statement about this debug output is true?

Answer: B

http://www.cisco.com/en/US/docs/ios/12_2/debug/command/reference/dbfser.html

debug tacacs

To display information associated with the TACACS, use the debug tacacs privileged EXEC command. The no form of this command disables debugging output.

debug tacacs

no debug tacacs

The following is sample output from the debug tacacs command for a TACACS login attempt that was successful, as indicated by the status PASS:

Router# debug tacacs

14:00:09: TAC+: Opening TCP/IP connection to 192.168.60.15 using source 10.116.0.79

14:00:09: TAC+: Sending TCP/IP packet number 383258052-1 to 192.168.60.15 (AUTHEN/START)

14:00:09: TAC+: Receiving TCP/IP packet number 383258052-2 from 192.168.60.15

14:00:09: TAC+ (383258052): received authen response status = GETUSER

14:00:10: TAC+: send AUTHEN/CONT packet

14:00:10: TAC+: Sending TCP/IP packet number 383258052-3 to 192.168.60.15 (AUTHEN/CONT)

14:00:10: TAC+: Receiving TCP/IP packet number 383258052-4 from 192.168.60.15

14:00:10: TAC+ (383258052): received authen response status = GETPASS

14:00:14: TAC+: send AUTHEN/CONT packet

14:00:14: TAC+: Sending TCP/IP packet number 383258052-5 to 192.168.60.15 (AUTHEN/CONT)

14:00:14: TAC+: Receiving TCP/IP packet number 383258052-6 from 192.168.60.15

14:00:14: TAC+ (383258052): received authen response status = PASS

14:00:14: TAC+: Closing TCP/IP connection to 192.168.60.15

Question No. 5

Which attacks can be prevented by OSPF authentication?

Answer: C

Question No. 6

Which two statements about an IPS in tap mode are true? (Choose two.)

Answer: B, C

Question No. 7

What is a reason for an organization to deploy a personal firewall?

Answer: A

The term personal firewall typically applies to basic software that can control Layer 3 and Layer 4 access to client machines. HIPS provides several features that offer more robust security than a traditional personal firewall, such as host intrusion prevention and protection against spyware, viruses, worms, Trojans, and other types of malware.

Source: Cisco Official Certification Guide, Personal Firewalls and Host Intrusion Prevention Systems , p.499

Question No. 8

How can you mitigate DCE/RPC evasion techniques while allowing access to the DCE/RPC service?

Answer: B

Question No. 9

Which tool can an attacker use to attempt a DDoS attack?

Answer: A

Denial-of-service (DoS) attack and distributed denial-of-service (DDoS) attack. An example is using a botnet to attack a target system.

Source: Cisco Official Certification Guide, Table 1-6 Additional Attack Methods, p.16

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html

Cisco 210-260 Dumps For Preparation

CCNA Security exam questions by DumpsSchool guarantee your success in the 210-260 exam by providing valid knowledge related to Implementing Cisco network security. These exam questions are easy to prepare and provide updated information about managing secure access, VPN encryption, firewalls and intrusion prevention.

Try it Latest DumpsSchool 210-260 Exam dumps. Buy Full File here: https://www.dumpsschool.com/210-260-exam-dumps.html (502 As Dumps)

Download the DumpsSchool 210-260 braindumps from Google Drive: https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view (FREE VERSION!!!)

Question No. 1

What is true about the Cisco IOS Resilient Configuration feature?

Answer: C

The following factors were considered in the design of Cisco IOS Resilient Configuration:

+ The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature was first enabled.

+ The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file.

+ The feature automatically detects image or configuration version mismatch .

+ Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images and configurations on TFTP servers.

+ The feature can be disabled only through a console session Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt- book/sec-resil-config.html

Question No. 2

What is example of social engineering

Answer: C

Question No. 3

In which two modes can the Cisco Web Security Applicance be deployed?

Answer: C, D

Question No. 4

Which address block is reserved for locally assigned unique local addresses?

Answer: B

The address block fc00::/7 is divided into two /8 groups:

+ The block fc00::/8 has not been defined yet. It has been proposed to be managed by an allocation authority, but this has not gained acceptance in the IETF

+ The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string

Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges:

+ They are not allocated by an address registry and may be used in networks by anyone without outside involvement.

+ They are not guaranteed to be globally unique.

+ Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.

Source: https://en.wikipedia.org/wiki/Unique_local_address

Question No. 5

Which type of Cisco ASA access list entry can be configured to match multiple entries in a single statement?

Answer: D

Information About Object Groups

By grouping like objects together, you can use the object group in an ACE instead of having to enter an ACE for each object separately. You can create the following types of object groups:

*Protocol

*Network

*Service

*ICMP type

For example, consider the following three object groups:

*MyServices — Includes the TCP and UDP port numbers of the service requests that are allowed access to the internal network.

*TrustedHosts — Includes the host and network addresses allowed access to the greatest range of services and servers.

*PublicServers — Includes the host addresses of servers to which the greatest access is provided.

After creating these groups, you could use a single ACE to allow trusted hosts to make specific service requests to a group of public servers.

You can also nest object groups in other object groups.

Question No. 6

In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).

Answer: A, B, D

Question No. 7

What hash type does Cisco use to validate the integrity of downloaded images?

Answer: C

The MD5 File Validation feature, added in Cisco IOS Software Releases 12.2(4)T and 12.0(22)S, allows network administrators to calculate the MD5 hash of a Cisco IOS software image file that is loaded on a device.

It also allows administrators to verify the calculated MD5 hash against that provided by the user. Once the MD5 hash value of the installed Cisco IOS image is determined, it can also be compared with the MD5 hash provided by Cisco to verify the integrity of the image file.

verify /md5 filesystem:filename [md5-hash]

Source: http://www.cisco.com/c/en/us/about/security-center/ios-image-verification.html#11

Question No. 8

Refer to the exhibit.

With which NTP server has the router synchronized?

Answer: A

The output presented is generated by the show ntp association detail command. Attributes:

+ configured: This NTP clock source has been configured to be a server. This value can also be dynamic, where the peer/server was dynamically discovered.

+ our_master: The local client is synchronized to this peer

+ valid: The peer/server time is valid. The local client accepts this time if this peer becomes the master.

Source: http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html

Question No. 9

Which statement about extended access lists is true?

Answer: B

Source: http://www.ciscopress.com/articles/article.asp?p=1697887

Standard ACL

1) Able Restrict, deny & filter packets by Host Ip or subnet only.

2) Best Practice is put Std. ACL restriction near from Source Host/Subnet (Interface-In-bound).

3) No Protocol based restriction. (Only HOST IP).

Extended ACL

1) More flexible then Standard ACL.

2) You can filter packets by Host/Subnet as well as Protocol/TCPPort/UDPPort.

3) Best Practice is put restriction near form Destination Host/Subnet. (Interface-Outbound)

210-260 Dumps Google Drive: (Limited Version!!!)
https://drive.google.com/file/d/1OLgDbCqeAs1x3q7eiGn25-G5lDunbsJv/view

Related Certification: https://www.dumpsschool.com/ccna-security-questions.html