This page was exported from Lead2pass Exams [ https://www.passbraindumps.com ] Export date:Wed Nov 25 14:38:59 2020 / +0000 GMT ___________________________________________________ Title: [Lead2pass Official] Exam 210-260 PDF Free Instant Download From Lead2pass (241-260) --------------------------------------------------- 2017 September Cisco Official New Released 210-260 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Whether you are a student attempting to pass 210-260 exam to be eligible for a post-graduate job, or a working professional hoping to improve your work credentials and earn that dream promotion Lead2pass is here to help. We have 210-260 exam dumps and brain dumps, so passing 210-260 exam is not an easy feat. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/210-260.html QUESTION 241Which privileged level is ... by default? for user exec mode A.    0B.    1C.    2D.    5E.    15Answer: BExplanation:User EXEC mode commands are privilege level 1Privileged EXEC mode and configuration mode commands are privilege level 15.http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfpass.html QUESTION 242When is "Deny all" policy an exception in Zone Based Firewall A.    traffic traverses 2 interfaces in same zoneB.    traffic sources from router via self zoneC.    traffic terminates on router via self zoneD.    traffic traverses 2 interfaces in different zonesE.    traffic terminates on router via self zone Answer: AExplanation:+ There is a default zone, called the self zone, which is a logical zone. For any packets directed to the router directly (the destination IP represents the packet is for the router), the router automatically considers that traffic to be entering the self zone. In addition, any traffic initiated by the router is considered as leaving the self zone.By default, any traffic to or from the self zone is allowed, but you can change this policy.+ For the rest of the administrator-created zones, no traffic is allowed between interfaces in different zones.+ For interfaces that are members of the same zone, all traffic is permitted by default. QUESTION 243Cisco Resilient Configuration Feature: A.    Required additional space to store IOS image fileB.    Remote storage required to save IOS imageC.    Can be disabled ...remote sessionD.    Automatically detects image or config.version missmatch Answer: DExplanation:The following factors were considered in the design of Cisco IOS Resilient Configuration:+ The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature was first enabled.+ The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file.+ The feature automatically detects image or configuration version mismatch .+ Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images and configurations on TFTP servers.+ The feature can be disabled only through a console session http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-resil-config.html QUESTION 244What are the two characteristics of IPS? A.    Can drop trafficB.    Does not add delay to trafficC.    It is cabled directly inlineD.    Can`t drop packets on its own Answer: ACExplanation:+ Position in the network flow: Directly inline with the flow of network traffic and every packet goes through the sensor on its way through the network.+ Mode: Inline mode+ The IPS can drop the packet on its own because it is inline. The IPS can also request assistance from another device to block future packets just as the IDS does. QUESTION 245What can cause the state table of a stateful firewall to update? (choose two) A.    when connection is createdB.    connection timer expired within state tableC.    when packet is evaluated against the inbound access list and is ...D.    outbound packets forwarded to inbound interfaceE.    when rate limiting is applied Answer: ABExplanation:Stateful inspection monitors incoming and outgoing packets over time, as well as the state of the connection, and stores the data in dynamic state tables. This cumulative data is evaluated, so that filtering decisions would not only be based on administrator-defined rules, but also on context that has been built by previous connections as well as previous packets belonging to the same connection.Entries are created only for TCP connections or UDP streams that satisfy a defined security policy.In order to prevent the state table from filling up, sessions will time out if no traffic has passed for a certain period. These stale connections are removed from the state table.https://en.wikipedia.org/wiki/Stateful_firewall QUESTION 246What IPSec mode is used to encrypt traffic between client and server vpn endpoints? A.    tunnelB.    TrunkC.    AggregatedD.    QuickE.    Transport Answer: EExplanation:+ IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.+ IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode encrypts only the data portion (payload) of each packet and leaves the packet header untouched. Transport mode is applicable to either gateway or host implementations, and provides protection for upper layer protocols as well as selected IP header fields.http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/ IPsecPG1.htmlGeneric Routing Encapsulation (GRE) is often deployed with IPsec for several reasons, including the following:+ IPsec Direct Encapsulation supports unicast IP only. If network layer protocols other than IP are to be supported, an IP encapsulation method must be chosen so that those protocols can be transported in IP packets.+ IPmc is not supported with IPsec Direct Encapsulation. IPsec was created to be a security protocol between two and only two devices, so a service such as multicast is problematic. An IPsec peer encrypts a packet so that only one other IPsec peer can successfully perform the de-encryption. IPmc is not compatible with this mode of operation.https://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008074f26a.pdf QUESTION 247Which command is used to verify VPN connection is operational (or something like that) ? A.    crypto ipsec sa Answer: AExplanation:#show crypto ipsec sa - This command shows IPsec SAs built between peers In the output you see#pkts encaps: 345, #pkts encrypt: 345, #pkts digest 0#pkts decaps: 366, #pkts decrypt: 366, #pkts verify 0which means packets are encrypted and decrypted by the IPsec peer.http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ipsec_sa QUESTION 248What is the command to authenticate an NTP time source? (something in those lines) A.    #ntp authentication-key 1 md5 141411050D 7B.    #ntp authenticateC.    #ntp trusted-key 1D.    #ntp trusted-key 1 Answer: BExplanation:The command "ntp authenticate" authenticates the time source. The command "ntp authentication-key" is the authentication key for trusted time sources.See the following from a live router: R1(config)# ntp ?  access-group            Control NTP access  allow                      Allow processing of packets  authenticate             Authenticate time sources  authentication-key      Authentication key for trusted time sources QUESTION 249How can you allow bidirational traffic? (something in those lines) A.    static NATB.    dynamic NATC.    dynamic PATD.    multi-NAT Answer: AExplanation:Bidirectional initiation--Static NAT allows connections to be initiated bidirectionally, meaning both to the host and from the host.http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/nat_overview.html QUESTION 250Which option is the default value for the Diffie–Hellman group when configuring a site-to-site VPN on an ASA device? A.    Group 1B.    Group 2C.    Group 7D.    Group 5 Answer: B QUESTION 251What two devices are components of the BYOD architecture framework? (Choose two) A.    Identity Service EngineB.    Cisco 3845 RouterC.    Wireless Access PointsD.    Nexus 7010 SwitchE.    Prime Infrastructure Answer: AE QUESTION 252Where does the Datacenter operate?   A.    DistributionB.    AccessC.    Core Answer: A QUESTION 253Which option is the cloud based security service from Cisco that provides URL filtering web browsing content security, and roaming user protection? A.    Cloud web securityB.    Cloud web ProtectionC.    Cloud web ServiceD.    Cloud advanced malware protection Answer: A QUESTION 254Which product can be used to provide application layer protection for TCP port 25 traffic? A.    ESAB.    CWSC.    WSAD.    ASA Answer: A QUESTION 255What is the actual IOS privilege level of User Exec mode? A.    1B.    0C.    5D.    15 Answer: AExplanation:By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15). However, you can configure additional levels of access to commands, called privilege levels, to meet the needs of your users while protecting the system from unauthorized access. Up to 16 privilege levels can be configured, from level 0, which is the most restricted level, to level 15, which is the least restricted level.http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfpass.html QUESTION 256What two actions would the zone base firewall when looking at the traffic? A.    dropB.    inspectC.    forward Answer: AB QUESTION 257What you called a person who hacks the system with script but instead of writing own script, the person uses existing script? A.    script kiddyB.    white hat hackerC.    phreakerD.    hacktivist Answer: A QUESTION 258Regarding PVLAN diagram question: Switch was in VLAN 300Isolated Host 1 on VLAN 301Host 2 and Host 4 on VLAN 303 or something (Community PVLAN) Server is connected to Switch.All host connects to switch. A.    Host 2 (Host is part of community PVLAN).B.    Other devices on VLAN XXX (VLAN were isolated host is connected, in my case it was Host 1).C.    ServerD.    Host 4 (Host is part of community PVLAN) Answer: CExplanation:Host 3 is not part of anyh PVLAN. It is also connected to switch.So, Host 3 was not an option otherwise it could also be an answer. QUESTION 259Nat (inside,outside) dynamic interface A.    static PATB.    static NATC.    dynamic PATD.    dynamic NAT Answer: CExplanation:Configuring Dynamic NATnat (inside,outside) dynamic my-range-objConfiguring Dynamic PAT (Hide)nat (inside,outside) dynamic interfacehttp://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/nat_objects.html QUESTION 260Which two characteristics of an application layer firewall are true? (Choose two) A.    provides reverse proxy servicesB.    is immune to URL manupulationC.    provides protection for multiple applicationsD.    provide statefull firewall securityE.    has low processor usage Answer: AC Your focus should be getting the best dumps to prepare for 210-260 exam. That is where Lead2pass comes in. We have collected an extensive library of exam dumps from Cisco certification. 210-260 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDYUk3WWFWOEhsSU0 2017 Cisco 210-260 exam dumps (All 362 Q&As) from Lead2pass: https://www.lead2pass.com/210-260.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-09-28 04:17:59 Post date GMT: 2017-09-28 04:17:59 Post modified date: 2017-09-28 04:17:59 Post modified date GMT: 2017-09-28 04:17:59 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com