Where can you find latest Cisco CCNA Security 210-260 dumps exam? Latest Cisco CCNA Security 210-260 dumps exam practice questions and answers free download from lead4pass. The best useful Cisco CCNA Security 210-260 dumps pdf materials and vce youtube demo update free shared. “Implementing Cisco Network Security” is the name of Cisco CCNA Security https://www.leads4pass.com/210-260.html exam dumps which covers all the knowledge points of the real Cisco CCNA Security. Newest helpful Cisco CCNA Security 210-260 dumps pdf training resources and study guides free download from lead4pass, pass Cisco 210-260 exam test easily at first try.
Latest Cisco 210-260 dumps pdf training resource: https://drive.google.com/open?id=0B_7qiYkH83VRcnI0SE83bHBvQ1k
Latest Cisco 210-060 dumps pdf training resource: https://drive.google.com/open?id=0B_7qiYkH83VRSHJTTV9NMjQ0dmc
CCNA Security 210-260 Dumps Exam Real Questions And Answers (11-40)
QUESTION 11
Which two functions can SIEM provide? (Choose Two)
A. Correlation between logs and events from multiple systems.
B. event aggregation that allows for reduced log storage requirements.
C. proactive malware analysis to block malicious traffic.
D. dual-factor authentication.
E. centralized firewall management.
Correct Answer: AC
QUESTION 12
What are two uses of SIEM software? (Choose two.)
A. collecting and archiving syslog data
B. alerting administrators to security events in real time
C. performing automatic network audits
D. configuring firewall and IDS devices
E. scanning email for suspicious attachments
Correct Answer: AB
QUESTION 13
What mechanism does asymmetric cryptography use to secure data?
A. a public/private key pair
B. shared secret keys
C. an RSA nonce
D. an MD5 hash
Correct Answer: A
QUESTION 14
Which sensor mode can deny attackers inline?
A. IPS
B. fail-close
C. IDS
D. fail-open
Correct Answer: A
QUESTION 15
What is the effect of the ASA command crypto isakmp nat-traversal?
A. It opens port 4500 only on the outside interface.
B. It opens port 500 only on the inside interface.
C. It opens port 500 only on the outside interface.
D. It opens port 4500 on all interfaces that are IPSec enabled.
Correct Answer: D
QUESTION 16
What is true about the Cisco IOS Resilient Configuration feature?
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary Cisco IOS Image file
C. The feature automatically detects image and configuration version mismatch
D. Remote storage is used for securing files
Correct Answer: C
QUESTION 17
Which prevent the company data from modification even when the data is in transit? 210-260 dumps
A. Confidentiality
B. Integrity
C. Vailability
Correct Answer: B
QUESTION 18
Which IPS detection method can you use to detect attacks that based on the attackers IP addresses?
A. Policy-based
B. Anomaly-based
C. Reputation-based
D. Signature-based
Correct Answer: C
QUESTION 19
Which three ESP fields can be encrypted during transmission? (Choose three.)
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad Length
F. Next Header
Correct Answer: DEF
QUESTION 20
Which filter uses in Web reputation to prevent from Web Based Attacks? (Choose two)
A. outbreak filter
B. buffer overflow filter
C. bayesian overflow filter
D. web reputation
E. exploit filtering
Correct Answer: AD
QUESTION 21
How does a zone-based firewall implementation handle traffic between interfaces in the same zone?
A. Traffic between two interfaces in the same zone is allowed by default.
B. Traffic between interfaces in the same zone is blocked unless you configure the same- security permit command.
C. Traffic between interfaces in the same zone is always blocked.
D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.
Correct Answer: A
QUESTION 22
What is a potential drawback to leaving VLAN 1 as the native VLAN?
A. It may be susceptible to a VLAN hoping attack.
B. Gratuitous ARPs might be able to conduct a man-in-the-middle attack.
C. The CAM might be overloaded, effectively turning the switch into a hub.
D. VLAN 1 might be vulnerable to IP address spoofing.
Correct Answer: A
QUESTION 23
What VPN feature allows traffic to exit the security appliance through the same interface it entered?
A. hairpinning
B. NAT
C. NAT traversal
D. split tunneling
Correct Answer: A
QUESTION 24
Refer to the exhibit.
What is the effect of the given command sequence?
A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24.
B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24.
C. It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24.
D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24.
Correct Answer: A
QUESTION 25
Which three statements about Cisco host-based IPS solutions are true? (Choose three.)
A. It can view encrypted files.
B. It can have more restrictive policies than network-based IPS.
C. It can generate alerts based on behavior at the desktop level.
D. It can be deployed at the perimeter.
E. It uses signature-based policies.
F. It works with deployed firewalls.
Correct Answer: ABC
QUESTION 26
# nat (inside,outside) dynamic interface
Refer to the above. 210-260 dumps Which translation technique does this configuration result in?
A. Static NAT
B. Dynamic NAT
C. Dynamic PAT
D. Twice NAT
Correct Answer: C
QUESTION 27
Which statement about a PVLAN isolated port configured on a switch is true?
A. The isolated port can communicate only with the promiscuous port.
B. The isolated port can communicate with other isolated ports and the promiscuous port.
C. The isolated port can communicate only with community ports.
D. The isolated port can communicate only with other isolated ports.
Correct Answer: A
QUESTION 28
What type of algorithm uses the same key to encrypt and decrypt data?
A. a symmetric algorithm
B. an asymmetric algorithm
C. a Public Key Infrastructure algorithm
D. an IP security algorithm
Correct Answer: A
QUESTION 29
Where OAKLEY and SKEME come to play?
A. IKE
B. ISAKMP
C. DES
Correct Answer: A
QUESTION 30
In which configuration mode do you configure the ip ospf authentication-key 1 command?
A. Interface
B. routing process
C. global
D. privileged
Correct Answer: A
QUESTION 31
Which of the following commands result in a secure bootset? (Choose all that apply.)
A. secure boot-set
B. secure boot-config
C. secure boot-files
D. secure boot-image
Correct Answer: BD
QUESTION 32
In a security context, which action can you take to address compliance?
A. Implement rules to prevent a vulnerability.
B. Correct or counteract a vulnerability.
C. Reduce the severity of a vulnerability.
D. Follow directions from the security appliance manufacturer to remediate a vulnerability.
Correct Answer: A
QUESTION 33
Which type of layer 2 attack enables the attacker to intercept traffic that is intended for one specific recipient?
A. BPDU attack
B. DHCP Starvation
C. CAM table overflow
D. MAC address spoofing
Correct Answer: D
QUESTION 34
Which command verifies phase 1 of an IPsec VPN on a Cisco router?
A. show crypto map
B. show crypto ipsec sa
C. show crypto isakmp sa
D. show crypto engine connection active
Correct Answer: C
QUESTION 35
What type of security support is provided by the Open Web Application Security Project?
A. Education about common Web site vulnerabilities.
B. A Web site security framework.
C. A security discussion forum for Web site developers.
D. Scoring of common vulnerabilities and exposures.
Correct Answer: A
QUESTION 36
What can cause the the state table of a stateful firewall to update? 210-260 dumps (choose two)
A. when a connection is created
B. when a connection\’s timer has expired within state table
C. when packet is evaluated against the outbound access list and is denied
D. when outbound packets forwarded to outbound interface
E. when rate-limiting is applied
Correct Answer: AB
QUESTION 37
What is the FirePOWER impact flag used for?
A. A value that indicates the potential severity of an attack.
B. A value that the administrator assigns to each signature.
C. A value that sets the priority of a signature.
D. A value that measures the application awareness.
Correct Answer: A
QUESTION 38
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware.
A. Enable URL filtering on the perimeter router and add the URLs you want to block to the router\’s local URL list.
B. Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router\’s local URL list.
C. Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall\’s local URL list.
D. Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router.
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
Correct Answer: A
QUESTION 39
If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)
A. The user will be prompted to authenticate using the enable password
B. Authentication attempts to the router will be denied
C. Authentication will use the router`s local database
D. Authentication attempts will be sent to the TACACS+ server
Correct Answer: AB
QUESTION 40
What is a reason for an organization to deploy a personal firewall?
A. To protect endpoints such as desktops from malicious activity.
B. To protect one virtual network segment from another.
C. To determine whether a host meets minimum security posture requirements.
D. To create a separate, non-persistent virtual environment that can be destroyed after a session.
E. To protect the network from DoS and syn-flood attacks.
Correct Answer: A
What Our Customers Are Saying:
The best and most updated latest Cisco CCNA Security 210-260 dumps exam practice files in PDF format free download from lead4pass. High quality useful Cisco CCNA Security https://www.leads4pass.com/210-260.html dumps pdf training resources which are the best for clearing 210-260 exam test, and to get certified by Cisco CCNA Security, download one of the many PDF readers that are available for free.
Useful Cisco CCNA Security 210-260 dumps vce youtube: https://youtu.be/seDmEyXcd3w
Why Lead 4 Pass?
Lead4pass is the best provider of IT learning materials and the right choice for you to prepare for the exam. Other brands started earlier, but the price is relatively expensive and the questions are not the newest. Lead4pass provide the latest real questions and answers with lowest prices, help you pass the exam easily at first try.