This page was exported from Lead2pass Exams [ ] Export date:Sun Nov 29 19:11:16 2020 / +0000 GMT ___________________________________________________ Title: [2017 New] 2017 Updated Lead2pass Cisco 210-260 Exam Questions (41-60) --------------------------------------------------- 2017 July Cisco Official New Released 210-260 Dumps in! 100% Free Download! 100% Pass Guaranteed! Pass 210-260 exam with the latest Lead2pass 210-260 dumps: Lead2pass 210-260 exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the 210-260 exam objectives. Following questions and answers are all new published by Cisco Official Exam Center: QUESTION 41Which command verifies phase 1 of an IPsec VPN on a Cisco router? A.    show crypto mapB.    show crypto ipsec saC.    show crypto isakmp saD.    show crypto engine connection activeAnswer: CExplanation:show crypto ipsec sa verifies Phase 2 of the tunnel. QUESTION 42What is the purpose of a honeypot IPS? A.    To create customized policiesB.    To detect unknown attacksC.    To normalize streamsD.    To collect information about attacks Answer: D QUESTION 43Which type of firewall can act on the behalf of the end device? A.    Stateful packetB.    ApplicationC.    PacketD.    Proxy Answer: D QUESTION 44Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp as command. What does the given output show?   A.    IPSec Phase 1 is established between and    IPSec Phase 2 is established between and    IPSec Phase 1 is down due to a QM_IDLE stateD.    IPSEc Phase 2 is down due to a QM_IDLE state Answer: A QUESTION 45What type of attack was the Stuxnet virus? A.    cyber warfareB.    hactivismC.    botnetD.    social engineering Answer: A QUESTION 46Which type of secure connectivity does an extranet provide? A.    remote branch offices to your company networkB.    your company network to the InternetC.    new networks to your company networkD.    other company networks to your company network Answer: D QUESTION 47After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output? A.    The secure boot-image command is configuredB.    The secure boot-comfit command is configuredC.    The confreg 0x24 command is configured.D.    The reload command was issued from ROMMON. Answer: A QUESTION 48What is a reason for an organization to deploy a personal firewall? A.    To protect endpoints such as desktops from malicious activityB.    To protect one virtual network segment from anotherC.    To determine whether a host meets minimum security posture requirementsD.    To create a separate, non-persistent virtual environment that can be destroyed after a sessionE.    To protect the network from DoS and syn-flood attacks Answer: A QUESTION 49Which FirePOWER preprocessor engine is used to prevent SYN attacks? A.    Rate-Based PreventionB.    Portscan DetectionC.    IP DefragmentationD.    Inline Normalization Answer: A QUESTION 50What VPN feature allows traffic to exit the security appliance through the same interface it entered? A.    HairpinningB.    NATC.    NAT traversalD.    split tunneling Answer: A QUESTION 51When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading? A.    Perform a Layer 6 resetB.    Deploy an antimalware systemC.    Enable bypass modeD.    Deny the connection inline Answer: D QUESTION 52Which statement about Cisco ACS authentication and authorization is true? A.    ACS servers can be clustered to provide scalabilityB.    ACS can query multiple Active Directory domainsC.    ACS uses TACACS to proxy other authentication serversD.    ACS can use only one authorization profile to allo or deny requests Answer: A QUESTION 53What is the only permitted operation for processing multicast traffic on zone-based firewalls? A.    Stateful inspection of multicast traffic is supported only for the self zoneB.    Stateful inspection for multicast traffic is supported only between the self-zone and the internal zoneC.    Only control plane policing can protect the control plane against multicast traffic.D.    Stateful inspection of multicast traffic is supported only for the internal zone. Answer: C QUESTION 54What is one requirement for locking a wired or wireless device from ISE? A.    The ISE agent must be installed on the deviceB.    The device must be connnected to the network when the lock command is executedC.    The user must approve the locking actionD.    The organization must implement an acceptable use policy allowing device locking Answer: A QUESTION 55Refer to the exhibit. What type of firewall would use the given cofiguration line?   A.    a stateful firewallB.    a personal firewallC.    a proxy firewallD.    an application firewallE.    a stateless firewall Answer: A QUESTION 56What are two default Cisco IOS privilege levels? (Choose two) A.    0B.    5C.    1D.    7E.    10F.    15 Answer: CF QUESTION 57What is the effect of the given command sequence? A.    It defines IPSec policy for traffic sourced from with a desstination of    It defines IPSec policy for traffic sourced from with a destination of    it defines IKE policy for traffic sourced from with a destination of    It defines IKE policy for traffic sourced from with a destination of Answer: A QUESTION 58Which tool can an attacker use to attempt a DDos attack? A.    botnetB.    Trojan horseC.    virusD.    adware Answer: A QUESTION 59how does the Cisco ASA use Active Directory to authorize VPN users? A.    It queries the Active Directory server for a specfic attribute for the specific userB.    It sends the username and password to retire an ACCEPT or Reject message from the Active Directory serverC.    It downloads and stores the Active Directory databas to query for future authorizationD.    It redirects requests to the Active Directory server defined for the VPN group Answer: A QUESTION 60Which statement about application blocking is true? A.    It blocks access to files with specific extensionsB.    It blocks access to specific network addressesC.    It blocks access to specific programsD.    It blocks access to specific network services. Answer: C Comparing with others', you will find our 210-260 exam questions are more helpful and precise since all the 210-260 exam content is regularly updated and has been checked for accuracy by our team of Cisco expert professionals. 210-260 new questions on Google Drive: 2017 Cisco 210-260 exam dumps (All 265 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-04 03:29:02 Post date GMT: 2017-07-04 03:29:02 Post modified date: 2017-07-04 03:29:02 Post modified date GMT: 2017-07-04 03:29:02 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from